urlscan.io logo urlscan.io
SecurityTrails logo

returnsandrefund.com Open in urlscan Pro
15.188.66.177  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cdn-7.returnsandrefund.com/
Effective URL: https://returnsandrefund.com/
Submission: On June 09 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 31 IPs in 7 countries across 25 domains to perform 190 HTTP transactions. The main IP is 15.188.66.177, located in Paris, France and belongs to AMAZON-02, US. The main domain is returnsandrefund.com.
TLS certificate: Issued by R3 on April 29th 2021. Valid for: 3 months.
This is the only time returnsandrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
50 15.188.66.177 16509 (AMAZON-02)
18 142.250.185.130 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:218... 16509 (AMAZON-02)
6 3.126.196.163 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
2 2620:116:800d... 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:218... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
11 2a00:1450:400... 15169 (GOOGLE)
13 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
14 2a00:1450:400... 15169 (GOOGLE)
12 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 10 142.250.186.66 15169 (GOOGLE)
2 4 104.108.145.8 16625 (AKAMAI-AS)
4 142.250.186.98 15169 (GOOGLE)
1 2a03:2880:f01... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2 52.48.16.72 16509 (AMAZON-02)
1 1 185.29.135.190 30419 (MEDIAMATH...)
2 2 37.157.6.242 198622 (ADFORM)
2 2 216.52.2.30 29791 (VOXEL-DOT...)
1 1 34.252.219.156 16509 (AMAZON-02)
1 1 104.108.144.24 16625 (AKAMAI-AS)
1 54.178.184.38 16509 (AMAZON-02)
190 31
1    2606:4700:3037::6815:4d7e (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-7.returnsandrefund.com
50    15.188.66.177 (Paris, France)

ASN16509 (AMAZON-02, US)
returnsandrefund.com
18    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2606:4700:3035::6815:4c02 (United States)

ASN13335 (CLOUDFLARENET, US)
go.ezodn.com
3    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2600:9000:218c:b600:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)
go.ezoic.net
6    3.126.196.163 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
g.ezoic.net
4    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
3    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.ch
9    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
www.googletagservices.com
1    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
1    2600:9000:218d:d200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
2    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
6    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
11    2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
13    2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
14    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
www.googletagservices.com
12    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
5    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.ch
4    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
10    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
cm.g.doubleclick.net
4    104.108.145.8 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-145-8.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
4    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
googleads4.g.doubleclick.net
1    2a03:2880:f01c:8004:face:b00c:0:8c (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
ad.atdmt.com
2    2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s2.2mdn.net
s0.2mdn.net
2    2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    52.48.16.72 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pm.w55c.net
1    185.29.135.190 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    37.157.6.242 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
2    216.52.2.30 (United States)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
1    34.252.219.156 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
ads.yieldmo.com
1    104.108.144.24 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-24.deploy.static.akamaitechnologies.com
cs.media.net
1    54.178.184.38 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
cc.adingo.jp
Domain Requested by
50 returnsandrefund.com returnsandrefund.com
24 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
returnsandrefund.com
cdn.ampproject.org
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
googleads.g.doubleclick.net
18 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
googleads.g.doubleclick.net
returnsandrefund.com
www.googletagservices.com
18 securepubads.g.doubleclick.net returnsandrefund.com
securepubads.g.doubleclick.net
12 cdn.ampproject.org securepubads.g.doubleclick.net
10 cm.g.doubleclick.net 2 redirects googleads.g.doubleclick.net
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
8 adservice.google.com securepubads.g.doubleclick.net
8 adservice.google.ch securepubads.g.doubleclick.net
6 g.ezoic.net returnsandrefund.com
4 googleads4.g.doubleclick.net googleads.g.doubleclick.net
returnsandrefund.com
4 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
4 googleads.g.doubleclick.net 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
returnsandrefund.com
4 fonts.gstatic.com fonts.googleapis.com
3 www.googletagservices.com securepubads.g.doubleclick.net
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
3 www.google.com 1 redirects tpc.googlesyndication.com
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
3 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 fonts.googleapis.com returnsandrefund.com
securepubads.g.doubleclick.net
2 ap.lijit.com 2 redirects
2 c1.adform.net 2 redirects
2 pm.w55c.net 2 redirects
1 cc.adingo.jp 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
1 cs.media.net 1 redirects
1 ads.yieldmo.com 1 redirects
1 sync.mathtag.com 1 redirects
1 s0.2mdn.net returnsandrefund.com
1 s2.2mdn.net 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
1 ad.atdmt.com googleads.g.doubleclick.net
1 pixel.quantserve.com returnsandrefund.com
1 rules.quantcount.com secure.quantserve.com
1 secure.quantserve.com returnsandrefund.com
1 go.ezoic.net returnsandrefund.com
1 www.googletagmanager.com returnsandrefund.com
1 go.ezodn.com returnsandrefund.com
1 cdn-7.returnsandrefund.com 1 redirects
190 35

This site contains links to these domains. Also see Links.

Domain
silktide.com
us.homesense.com
www.ezoic.com
Subject Issuer Validity Valid
returnsandrefund.com
R3		 2021-04-29 -
2021-07-28		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-05-10 -
2021-08-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-05 -
2021-08-05		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-05-10 -
2021-08-02		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-05-10 -
2021-08-02		 3 months crt.sh
*.ezoic.net
Amazon		 2021-02-15 -
2022-03-16		 a year crt.sh
ezoic.net
R3		 2021-05-23 -
2021-08-21		 3 months crt.sh
*.google.com
GTS CA 1O1		 2021-05-10 -
2021-08-02		 3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2020-10-02 -
2021-10-07		 a year crt.sh
*.google.ch
GTS CA 1C3		 2021-05-10 -
2021-08-02		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-05-10 -
2021-08-02		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
*.atlassolutions.com
DigiCert SHA2 High Assurance Server CA		 2021-05-15 -
2021-08-13		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
*.adingo.jp
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-26 -
2022-04-14		 a year crt.sh

This page contains 12 frames:

Primary Page: https://returnsandrefund.com/
Frame ID: 18C489E56BBF8A48F38E975E5ABD55BA
Requests: 104 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Frame ID: 0CDC3AE732146AD3B739A9BF12FCD5E0
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2F78E6E85E86684AC9CA20EC3DE8DAAF
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Frame ID: 438D21E714B31AD9C5125ABC055CCAA7
Requests: 23 HTTP requests in this frame

Frame: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D7148E6A273724B962F8741280172AB9
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM-nKBD9yigY0KL3kQEwAQ&v=APEucNXJFw2iSSJ7dlbJ5EqtOFiRMjNjmHME0xO1ng1ttQXNLHklt16N9AoFNCRGkKVqw9HUYoJITPcRemYhmsRHBb9j4OghUQ
Frame ID: 10CB3CE00DD2C91F55A3EEB15B34D5AE
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 37630B9EF7ACB6753BF623C45D77758B
Requests: 3 HTTP requests in this frame

Frame: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 610859FDAAC1C2C99129D737C93FEE1A
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLvO5QIQj7KT9gEYlNPEnQEwAQ&v=APEucNWOXFuQNxhmbnDWNSSR3NrStzryL9e0fryzJ0kW3SmRX6dHOH50QDUmQHJxX4QWY5vIVCO0N322FMtYcNSvI20xwwqtoQ
Frame ID: BA625E0056DE5B612086EE1B1CA907C3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B17B2832FD844D21B9785DA45A3244A6
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7E6570F7AFA1309D8BF762078C2A8AA6
Requests: 3 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Frame ID: 41C249FA6020A5CC1E6040DB9E3EE74A
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://cdn-7.returnsandrefund.com/ HTTP 301
    https://returnsandrefund.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /\.quantserve\.com\/quant\.js/i

Page Statistics

190
Requests

100 %
HTTPS

65 %
IPv6

25
Domains

35
Subdomains

31
IPs

7
Countries

1546 kB
Transfer

3625 kB
Size

22
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cdn-7.returnsandrefund.com/ HTTP 301
    https://returnsandrefund.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 113
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM2NyTfQu8_AeeOWpK_j_qI&google_cver=1
Request Chain 114
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMC-IvaWgKSfyjh.SoI4bQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM2NyTfQu8_AeeOWpK_j_qI&google_cver=1&google_hm=2
Request Chain 154
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL3CXkLTLFENsWxSiBq-LEI&google_cver=1&google_push=AYg5qPJ5S-leCXXkOu3bFfGVyL_cPsimijecs9d9c_gN9mVxwTB98ZUO_PnVzcSCSs927ORb5i9LqWS0sJUJNMr0r13cvzQfBCrmJw HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL3CXkLTLFENsWxSiBq-LEI&google_cver=1&google_push=AYg5qPJ5S-leCXXkOu3bFfGVyL_cPsimijecs9d9c_gN9mVxwTB98ZUO_PnVzcSCSs927ORb5i9LqWS0sJUJNMr0r13cvzQfBCrmJw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=bG9rWWhQYWIxTFFZNGI1&google_gid=CAESEL3CXkLTLFENsWxSiBq-LEI&google_cver=1&google_push=AYg5qPJ5S-leCXXkOu3bFfGVyL_cPsimijecs9d9c_gN9mVxwTB98ZUO_PnVzcSCSs927ORb5i9LqWS0sJUJNMr0r13cvzQfBCrmJw
Request Chain 155
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMhWrwPhsdkQ0bekZNcSTuI&google_cver=1&google_push=AYg5qPKF9x5g12f1HJ_PYWzc52nUUf58wRQwd0fBi4r_easzmr27FxiilIsokiOD-5r05mTG8pgMrUNEkC0wMsS2bTNrPAT9Fm5n5Q HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKF9x5g12f1HJ_PYWzc52nUUf58wRQwd0fBi4r_easzmr27FxiilIsokiOD-5r05mTG8pgMrUNEkC0wMsS2bTNrPAT9Fm5n5Q
Request Chain 156
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEA15TEb_xNfBPO5inNGSoUg&google_cver=1&google_push=AYg5qPI0SzX9doriWF8VvPVioWK3r2gJE9BuJgOuRovJuFj-WfteeyRNBLr24U_Vh6Mmx0I0Nxxrwt2VU3w56E-IzVPPPRRK7hy29A HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEA15TEb_xNfBPO5inNGSoUg&google_cver=1&google_push=AYg5qPI0SzX9doriWF8VvPVioWK3r2gJE9BuJgOuRovJuFj-WfteeyRNBLr24U_Vh6Mmx0I0Nxxrwt2VU3w56E-IzVPPPRRK7hy29A HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI3OTIwMDk1MzI5NTY1NTMzMA&google_push=AYg5qPI0SzX9doriWF8VvPVioWK3r2gJE9BuJgOuRovJuFj-WfteeyRNBLr24U_Vh6Mmx0I0Nxxrwt2VU3w56E-IzVPPPRRK7hy29A
Request Chain 157
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMndHU3qTP27u4XxKp9lsfU&google_cver=1&google_push=AYg5qPIGhSK1ZORsSZjggC-LGuyGqtcKR-KxlDAdYZ-vqmsQC8AbmfGq3Nm2CZ_iJOd8dWCEC4LR9GICPYZVxw7T5GqFJY8Aa9oHpQ HTTP 307
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMndHU3qTP27u4XxKp9lsfU&google_cver=1&google_push=AYg5qPIGhSK1ZORsSZjggC-LGuyGqtcKR-KxlDAdYZ-vqmsQC8AbmfGq3Nm2CZ_iJOd8dWCEC4LR9GICPYZVxw7T5GqFJY8Aa9oHpQ&sovrn_retry=true HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIGhSK1ZORsSZjggC-LGuyGqtcKR-KxlDAdYZ-vqmsQC8AbmfGq3Nm2CZ_iJOd8dWCEC4LR9GICPYZVxw7T5GqFJY8Aa9oHpQ&google_hm=05d666bdebf8add147f06f12
Request Chain 158
  • https://ads.yieldmo.com/exptsync?google_gid=CAESECoXlVF86Y-J5wPcmvoEo38&google_cver=1&google_push=AYg5qPK-MMZlrkD3BiRab8AbTAo-OU_iIuM9v5MYWIU814XiZ9-TP41LXbwGEFa8Mgo-2HDGRUbewFouIQihpkuG_75AtsIEUdXbtQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPK-MMZlrkD3BiRab8AbTAo-OU_iIuM9v5MYWIU814XiZ9-TP41LXbwGEFa8Mgo-2HDGRUbewFouIQihpkuG_75AtsIEUdXbtQ&google_hm=Z2FjNzc2MjM2YzcwNzM2MjU0Njk=
Request Chain 159
  • https://cs.media.net/cksync?type=g&google_gid=CAESEHbnpJUiRL0epJ7ml7HOJZ0&google_cver=1&google_push=AYg5qPI-K1XiahON-2xAlt9BWV6rSSDxrG6muu2zsz81NbomUEUQSY5zZCBxenq_AlSblCBHBWnb2T4k_eL6WlqUnqc-haZZH08iqg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjY2MjQ2MTc5MTIzNTYxMjAwMFYxMA%3d%3d&mn_hm=MjY2MjQ2MTc5MTIzNTYxMjAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPI-K1XiahON-2xAlt9BWV6rSSDxrG6muu2zsz81NbomUEUQSY5zZCBxenq_AlSblCBHBWnb2T4k_eL6WlqUnqc-haZZH08iqg&gdpr=&gdpr_consent=
Request Chain 189
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si

190 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
returnsandrefund.com/
Redirect Chain
  • https://cdn-7.returnsandrefund.com/
  • https://returnsandrefund.com/
114 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
5e8b469fc37d4e3085e90ca60ca3d13451ae5a505af81346ddd302275a159e04

Request headers

:method
GET
:authority
returnsandrefund.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

age
78480
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 09 Jun 2021 13:16:11 GMT
display
pub_site_sol
expires
Tue, 08 Jun 2021 13:16:11 GMT
last-modified
Tue, 08 Jun 2021 13:10:19 GMT
pagespeed
off
response
200
server
nginx/1.16.0
set-cookie
ezoadgid_200400=-1; Path=/; Domain=returnsandrefund.com; Expires=Wed, 09 Jun 2021 13:46:10 UTC ezoref_200400=; Path=/; Domain=returnsandrefund.com; Expires=Wed, 09 Jun 2021 15:16:10 UTC ezoab_200400=mod1; Path=/; Domain=returnsandrefund.com; Expires=Wed, 09 Jun 2021 15:16:10 UTC active_template::200400=pub_site.1623244570; Path=/; Domain=returnsandrefund.com; Expires=Fri, 11 Jun 2021 13:16:10 UTC ezopvc_200400=1; Path=/; Domain=returnsandrefund.com; Expires=Wed, 09 Jun 2021 13:46:11 UTC ezepvv=0; Path=/; Domain=returnsandrefund.com; Expires=Thu, 10 Jun 2021 13:16:11 UTC ezovid_200400=860382888; Path=/; Domain=returnsandrefund.com; Expires=Wed, 09 Jun 2021 13:46:11 UTC lp_200400=https://returnsandrefund.com/; Path=/; Domain=returnsandrefund.com; Expires=Wed, 09 Jun 2021 13:46:11 UTC ezovuuidtime_200400=1623244571; Path=/; Domain=returnsandrefund.com; Expires=Fri, 11 Jun 2021 13:16:11 UTC ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; Path=/; Domain=returnsandrefund.com; Expires=Wed, 09 Jun 2021 13:46:11 UTC ezCMPCCS=true; Path=/; Domain=returnsandrefund.com; Expires=Thu, 09 Jun 2022 13:16:11 GMT
vary
Accept-Encoding Accept-Encoding,User-Agent
x-cache
HIT
x-cache-hits
658
x-ezoic-cdn
Miss
x-middleton-display
pub_site_sol
x-middleton-response
200
x-sol
pub_site

Redirect headers

date
Wed, 09 Jun 2021 13:16:10 GMT
content-type
text/plain; charset=utf-8
content-length
0
cache-control
max-age=300, private
location
https://returnsandrefund.com/
vary
Accept-Encoding Accept-Encoding
x-middleton-display
redirect
cf-cache-status
DYNAMIC
cf-request-id
0a928394c000004e3d5a237000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XrqpSSza4v5mK30ekR0aiRDvdtrrbduj5pPWyRSZA2J6cg3M6D3fBOW4EbPqwZx5MSv4iOk3JyL%2FE7LBysuZNG2T4dzeSXqQ9MjtdbyI%2BKQsvkT6N1OYqD52cZu%2Fmctqlqk0Ozuekns%2FtoyeRwL8hBP1THc%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
65caa2013efd4e3d-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		61 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
6cdfc74a34e7e2442122f5a7e88fbd793aaeb4d2901dd0bfb62cfe4df8c33e5b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"897 / 414 of 1000 / last-modified: 1623236949"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21286
x-xss-protection
0
expires
Wed, 09 Jun 2021 13:16:11 GMT
dall.js
go.ezodn.com/hb/ 		205 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.ezodn.com/hb/dall.js?b=amx,medianet,rhythmone,sharethrough,sovrn,undertone,unruly&cb=194-2-22
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:4c02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e84f5482195061eace360f0921613831305f4f52596a6f148c38e44a2e44497d

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
3143
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=cyKSSHfWfUrmg3GPYYbz7KPgNmcXh3YSSzcmz9vUygTp7%2FoLATdT1PQ8TinLr6IgLwj6nHqgZWYz%2BJmILPA4yFetOuo3xrE04wL7NQXxwn6pOmrx66zQT9brH56p59SNHGf%2B%2BX8Q"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
65caa20c08944a5b-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0a92839b8600004a5b09089000000001
banger.js
returnsandrefund.com/porpoiseant/ 		43 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
f4ecce62a254717c7a9b2107c356c7c874eb36725c9cbc4280f7ffc8dfb06509

Request headers

:path
/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
841ee1dfdec3fbc473772577a8b3240b.css
returnsandrefund.com/wp-content/cache/min/1/ 		147 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
a965454ed27194420a23bd494e396653825da3850d9d9258d6464dd5e4f26bfc

Request headers

:path
/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
x-sol
orig
age
16921
x-ezoic-cdn
Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;6c91b00a-f955-473f-4bb5-5e426a90f8cc
x-cache
HIT
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-cache-hits
7
css
fonts.googleapis.com/ 		5 KB
640 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b04c10e9ef56b9200c56cc5141fe6d712ec85a8d90c0fe5b98fbf9ebe2873cc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 13:16:11 GMT
server
ESF
date
Wed, 09 Jun 2021 13:16:11 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Jun 2021 13:16:11 GMT
jquery-1.12.4-wp.js
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/ 		95 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
age
79932
x-ezoic-cdn
Bypass
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1009
x-middleton-response
200
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
expires
Wed, 08 Jun 2022 15:03:59 GMT
responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/ 		765 B
451 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
8e424541604f9439f054eb9e4e78925da8c4d2a77985f642f9f4b5f025424d48

Request headers

:path
/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
age
16921
x-ezoic-cdn
Hit ds;mm;c5ae736beb74dda836b2ae3f904f7066;2-200400-0;af0efb0c-369c-4b38-7826-9e69e8fb3c00
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
315
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
6
js
www.googletagmanager.com/gtag/ 		89 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-150748452-1
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c276812a8333541256c991bff9d1435f704ec14978e48b617bcbd154f8d8253d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35966
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 09 Jun 2021 13:16:11 GMT
cookieconsent.min.js
returnsandrefund.com/ezoic/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/ezoic/cookieconsent.min.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

:path
/ezoic/cookieconsent.min.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
etag
"11a4-5c3cf8fc12640-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
content-length
1707
expires
Thu, 09 Jun 2022 13:16:11 GMT
ezoic.png
go.ezoic.net/utilcave_com/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:218c:b600:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 02:36:23 GMT
via
1.1 21879fd9ec7fd789ca6f874ab2556230.cloudfront.net (CloudFront)
x-sol
middleton
age
297589
x-cache
Hit from cloudfront
x-middleton-display
staticcontent_sol
content-length
1181
x-amz-cf-id
XSgKX4qlQ4YiJehrPDNzorZTO05_m5vkvKINq5rUrUBYXsIKB3tlLQ==
last-modified
Fri, 28 May 2021 00:46:16 GMT
server
nginx/1.16.0
etag
"49d-5bd497273b080-gzip-gzip"
vary
Accept-Encoding,Accept-Encoding
content-type
image/png
cache-control
max-age=604800
x-amz-cf-pop
CDG50-P1
display
staticcontent_sol
expires
Sun, 13 Jun 2021 02:36:22 GMT
wp-polyfill.min-7.4.4.js
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/ 		97 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
br
age
79933
x-ezoic-cdn
Bypass
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1000
x-middleton-response
200
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
expires
Wed, 08 Jun 2022 15:03:59 GMT
index-4e981829b016000918dd61f7ac7dab7e.js
returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-4e981829b016000918dd61f7ac7dab7e.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
457f55ea0c6f05fbf9093f1535e1da2c627530ddbeb46c27a0fb8aef5b7e2805

Request headers

:path
/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-4e981829b016000918dd61f7ac7dab7e.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
age
16921
x-ezoic-cdn
Hit ds;mm;eb5c2d7020fda4533e4f2c14e95b4e90;2-200400-0;3c61f7a5-825a-483f-7158-6e33c94c20ac
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
3778
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
6
hoverIntent.min-1.8.1.js
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/ 		1 KB
516 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
br
age
79933
x-ezoic-cdn
Bypass
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1008
x-middleton-response
200
content-length
447
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
expires
Wed, 08 Jun 2022 15:03:59 GMT
superfish.min-1.7.10.js
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327

Request headers

:path
/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
age
22582
x-ezoic-cdn
Hit ds;mm;74aa522f6903ecede49f6fe26e67f571;2-200400-0;d8386871-628e-4eb1-660a-a20a665a605b
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
1743
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
6
superfish.args.min-3.3.3.js
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/ 		132 B
236 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5

Request headers

:path
/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
age
22582
x-ezoic-cdn
Hit ds;mm;741c3197cbcdb4fa3069ff8bd82b4d2a;2-200400-0;3b188a74-63b7-4305-694a-2554704d9e1a
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
102
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
5
skip-links.min-3.3.3.js
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/ 		386 B
295 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb

Request headers

:path
/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
age
22582
x-ezoic-cdn
Hit ds;mm;9dd6d85aaaabfbd9a62c43b4c9b53dea;2-200400-0;2edb95ca-e80d-4048-5483-1c8b8e225453
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
188
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
6
wp-embed.min.js
returnsandrefund.com/wp-includes/js/ 		1 KB
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-includes/js/wp-embed.min.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path
/wp-includes/js/wp-embed.min.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
br
age
79933
x-ezoic-cdn
Bypass
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1004
x-middleton-response
200
content-length
663
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
expires
Wed, 08 Jun 2022 15:03:59 GMT
pubads_impl_2021060301.js
securepubads.g.doubleclick.net/gpt/ 		312 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
d0b3850a417ef733c6acaff02a3311c7ce9a5b7ee55d2cd76d8c7f1f661bcb20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 03 Jun 2021 08:37:25 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112073
x-xss-protection
0
expires
Wed, 09 Jun 2021 13:16:11 GMT
nmash.js
returnsandrefund.com/porpoiseant/ 		33 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/nmash.js?v=19
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd

Request headers

:path
/porpoiseant/nmash.js?v=19
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
same-origin
accept
*/*
cache-control
no-cache
sec-fetch-dest
worker
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
etag
"854d-5c3cf8fc12640;5c3cf8fc12640-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
ezosuigeneris.js
g.ezoic.net/ 		555 B
561 B 		Script
General
Check archive.org
Download Go to
Full URL
https://g.ezoic.net/ezosuigeneris.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
ca3b1bbec198dc22c5e704790195a1682eade3038f8b1152be9b1be2f5144a68

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
etag
c0ad71a5401a51e58002602d9580a3ea
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cache-control
max-age=999999, private
content-length
276
expires
Mon, 29 Apr 2020 21:44:55 GMT
cmbv2.js
returnsandrefund.com/detroitchicago/ 		112 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
39219c1a55e9d5295167a8ffeb2c51e1c09efb2d8e8a76303d3073e3f5b3fc2a

Request headers

:path
/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
return-logo-2.png
returnsandrefund.com/wp-content/uploads/2019/03/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/uploads/2019/03/return-logo-2.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8

Request headers

:path
/wp-content/uploads/2019/03/return-logo-2.png
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
age
303
x-ezoic-cdn
Hit ds;mm;dfcf52210967f019fd4ce3feb2e0509c;2-200400-0;33266581-fa91-49ef-793c-3844c8a8c9c0
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
1075
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
image/png
cache-control
public, max-age=31536000
display
staticcontent_sol, staticcontent_sol
x-cache-hits
4
TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v36/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 19:19:38 GMT
x-content-type-options
nosniff
age
64593
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16016
x-xss-protection
0
last-modified
Thu, 28 Jan 2021 20:31:14 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 19:19:38 GMT
0QIvMX1D_JOuMwr7Iw.woff2
fonts.gstatic.com/s/lora/v17/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lora/v17/0QIvMX1D_JOuMwr7Iw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9f762334ff28e79eb7547f6ddb109583d35e0ea3600b71406ca233fb57c12458
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 21:42:30 GMT
x-content-type-options
nosniff
age
56021
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35284
x-xss-protection
0
last-modified
Thu, 28 Jan 2021 22:52:25 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 21:42:30 GMT
download-1.png
returnsandrefund.com/wp-content/uploads/2020/02/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/uploads/2020/02/download-1.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
c63c08ec376a1c99ee774ecbd488d3c33396ea42f8ad0e984179916a2e252849

Request headers

:path
/wp-content/uploads/2020/02/download-1.png
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
age
44288
x-ezoic-cdn
Hit ds;mm;502accaecac65cd023d490ab18d798a5;2-200400-0;23c875e3-6ea6-4538-72e7-6cdcc06919a0
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
2981
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
image/png
cache-control
public, max-age=31536000
display
staticcontent_sol, staticcontent_sol
x-cache-hits
1
download-4.jpg
returnsandrefund.com/wp-content/uploads/2020/02/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/uploads/2020/02/download-4.jpg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
efca4b1d7c19af67aa04f4a6ef3f9db4c8d3bea417a00240009db7ed26280080

Request headers

:path
/wp-content/uploads/2020/02/download-4.jpg
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:11 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
age
44288
x-ezoic-cdn
Hit ds;mm;42dbe1ec3ee9c20d6caedbd1281216e7;2-200400-0;8da644c1-2e14-4900-5ed7-db6acb4d37ab
x-cache
HIT
content-type
image/jpeg
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
display
staticcontent_sol, staticcontent_sol
x-cache-hits
1
images-2.jpg
returnsandrefund.com/wp-content/uploads/2020/02/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/uploads/2020/02/images-2.jpg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
8c63493b034323da08e44455885820239e72b10f9fb8b857e8313008f4d6fac5

Request headers

:path
/wp-content/uploads/2020/02/images-2.jpg
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
age
44287
x-ezoic-cdn
Hit ds;mm;7b4b808955c5813402eef6c10ded310c;2-200400-0;3d5b82d5-a887-4c68-77b8-8dade9baded4
x-cache
HIT
content-type
image/jpeg
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
display
staticcontent_sol, staticcontent_sol
x-cache-hits
2
imp.gif
returnsandrefund.com/detroitchicago/ 		43 B
128 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A1%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C1%2C0%2C3%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Zurich%22%2C%22country%22%3A%22CH%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221100%2C1101%2C1103%2C1108%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2290feb9df-fe18-4bd2-5b07-ed108967c376%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%228010%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A48878%2C%22response_time_orig%22%3A309%2C%22serverid%22%3A%2235.181.151.229%3A3539%22%2C%22state%22%3A%22ZH%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1103%2C1108%2C1112%22%2C%22t_epoch%22%3A1623244570%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

:path
/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A1%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C1%2C0%2C3%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Zurich%22%2C%22country%22%3A%22CH%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221100%2C1101%2C1103%2C1108%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2290feb9df-fe18-4bd2-5b07-ed108967c376%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%228010%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A48878%2C%22response_time_orig%22%3A309%2C%22serverid%22%3A%2235.181.151.229%3A3539%22%2C%22state%22%3A%22ZH%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1103%2C1108%2C1112%22%2C%22t_epoch%22%3A1623244570%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
image/gif
x-middleton-display
imp_sol
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
47
quant.js
secure.quantserve.com/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
gzip
etag
"WhyxmPkT7L77qVDcrjxwGw=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Wed, 16 Jun 2021 13:16:12 GMT
ezosuigenerisc.js
g.ezoic.net/ 		0
77 B 		Script
General
Check archive.org
Download Go to
Full URL
https://g.ezoic.net/ezosuigenerisc.js?nogen=1
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
cache-control
max-age=300, private
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding, Accept-Encoding
content-type
text/plain; charset=utf-8
houston.js
returnsandrefund.com/detroitchicago/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/houston.js?gcb=2&cb=36
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa

Request headers

:path
/detroitchicago/houston.js?gcb=2&cb=36
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
content-length
1163
integrator.js
adservice.google.ch/adsid/ 		107 B
799 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
841ee1dfdec3fbc473772577a8b3240b.css
returnsandrefund.com/wp-content/cache/min/1/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
br
x-sol
orig
age
16921
x-ezoic-cdn
Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;6c91b00a-f955-473f-4bb5-5e426a90f8cc
x-cache
HIT
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-cache-hits
7
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150748452-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
5840
date
Wed, 09 Jun 2021 11:38:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Wed, 09 Jun 2021 13:38:52 GMT
greenoaks.gif
returnsandrefund.com/detroitchicago/ 		0
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDkifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIzIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImRhdGEiOlt7Im5hbWUiOiJ1bml2ZXJzYWxfdXNlcl9pZCIsInZhbCI6ImMwYWQ3MWE1NDAxYTUxZTU4MDAyNjAyZDk1ODBhM2VhIn1dfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDkifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIzIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImRhdGEiOlt7Im5hbWUiOiJ1bml2ZXJzYWxfdXNlcl9pZCIsInZhbCI6ImMwYWQ3MWE1NDAxYTUxZTU4MDAyNjAyZDk1ODBhM2VhIn1dfV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:11 UTC
ads
securepubads.g.doubleclick.net/gampad/ 		1 KB
313 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=1446659931698099&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-box-2%2Creturnsandrefund_com-medrectangle-3%2Creturnsandrefund_com-box-1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=300x250%2C580x400%2C300x250&prev_scp=a%3D%257C3%257C%26iid7%3D680165%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-680165%26eb_br%3D5297de5240aa45da173a0792747e0d26%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D0%26bvm%3D1%26bvr%3D1%26shp%3D1%26acptad%3D1%26br1%3D850%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D23%2C24%2C25%2C26%2C919%7Ca%3D%257C3%257C%26iid7%3D671765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-671765%26eb_br%3D5297de5240aa45da173a0792747e0d26%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D2%26bvm%3D0%26bvr%3D6%26shp%3D1%26br1%3D850%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%7Ca%3D%257C254%257C%26iid7%3D696965%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1108%26sap%3D1108%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dreturnsandrefund_com-box-1-696965%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D12%26bvm%3D0%26bvr%3D2%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C816%2C817%2C899%2C919&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623157819&dt=1623244572330&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=650%2C345%2C1120&adys=80%2C920%2C471&adks=3330214951%2C3214824028%2C3856334401&ucis=1%7C2%7C3&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250%7C809x400%7C300x264&msz=300x250%7C580x400%7C300x250&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=0%2C0%2C0&ohw=0%2C0%2C0&btvi=0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
9a7d14f05ab22b41bfefb5957fc91559e1628acf9b160ddd4b26d82eec6e531a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
283
x-xss-protection
0
google-lineitem-id
-2,-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,-2,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
ads
securepubads.g.doubleclick.net/gampad/ 		476 B
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=68370957801082&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=a%3D%257C251%257C%26iid8%3D716165%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-716165%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D22%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D1300%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D82%2C25%2C176%2C67%2C51%2C122%2C89%2C20%2C26%2C188%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623157819&dt=1623244572436&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
cad7bf0c200c75adaecb91d241a2461ccb21f1d2ee0ba242e5f5c3cdcc0c9449
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:13 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
250
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
rules-p-31iz6hfFutd16.js
rules.quantcount.com/ 		3 B
429 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:218d:d200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 15:10:30 GMT
via
1.1 9f5dc8aa3b00e084cc2e91009dfdc836.cloudfront.net (CloudFront)
age
79542
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 19:50:24 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
CDG50-P2
accept-ranges
bytes
x-amz-cf-id
UMl_IqTHzp0QM1UgNk9vhHXNgCC8uM8zEzl-XDdKp6zf-L9b5tw4Wg==
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1362958342&t=pageview&_s=1&dl=https%3A%2F%2Freturnsandrefund.com%2F&ul=en-us&de=UTF-8&dt=All%20About%20Returns%20%26%20Refunds%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=1679465213&gjid=716825927&cid=1604365714.1623244572&tid=UA-150748452-1&_gid=1868471919.1623244573&_r=1&gtm=2ou621&z=1249607269
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel;r=1488764118;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-1302297312-1623244572600;pbcn=u;pbc=;ns=...
pixel.quantserve.com/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1488764118;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-1302297312-1623244572600;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=returnsandrefund.com;je=0;sr=1600x1200x24;dst=1;et=1623244572600;tzo=-120;ogl=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:12 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
dark-bottom.css
returnsandrefund.com/ezoic/styles/ 		3 KB
795 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/ezoic/styles/dark-bottom.css
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/ezoic/cookieconsent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

:path
/ezoic/styles/dark-bottom.css
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=c0ad71a5401a51e58002602d9580a3ea; _ga=GA1.2.1604365714.1623244572; _gid=GA1.2.1868471919.1623244573; _gat_gtag_UA_150748452_1=1; __qca=P0-1302297312-1623244572600
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
br
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
etag
"bd7-5c3cf8fc12640-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
text/css
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
content-length
725
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j90&a=1362958342&t=timing&_s=2&dl=https%3A%2F%2Freturnsandrefund.com%2F&ul=en-us&de=UTF-8&dt=All%20About%20Returns%20%26%20Refunds%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=2993&pdt=56&dns=9&rrt=656&srt=570&tcp=261&dit=2574&clt=2763&_gst=2596&_gbt=2818&_cst=2060&_cbt=2424&_u=YAhAAUABAAAAAC~&jid=&gjid=&cid=1604365714.1623244572&tid=UA-150748452-1&_gid=1868471919.1623244573&gtm=2ou621&z=1738238060
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 08 Jun 2021 21:44:28 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
55904
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
greenoaks.gif
returnsandrefund.com/detroitchicago/ 		0
52 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjkzNSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTUwNSJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiNTYifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTAxMyJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjEyMTkifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiMTQzMSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjIyNjcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjIyNjcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjkzNSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTUwNSJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiNTYifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTAxMyJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjEyMTkifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiMTQzMSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjIyNjcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjIyNjcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=c0ad71a5401a51e58002602d9580a3ea; _ga=GA1.2.1604365714.1623244572; _gid=GA1.2.1868471919.1623244573; _gat_gtag_UA_150748452_1=1; __qca=P0-1302297312-1623244572600; ezux_lpl_200400=1623244572645|90feb9df-fe18-4bd2-5b07-ed108967c376|false; __gads=ID=214a8a026088f31a-222e30145dc80066:T=1623244572:S=ALNI_Ma1nX2DOGy1Qvn9gNDE6qgDusSimg
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:12 UTC
greenoaks.gif
returnsandrefund.com/detroitchicago/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjkuNCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX3J0dCIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjE2ODAifV19XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjkuNCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX3J0dCIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjE2ODAifV19XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1623244570; ezopvc_200400=1; ezepvv=0; ezovid_200400=860382888; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1623244571; ezovuuid_200400=11626a3c-7a0b-4d64-4be7-08306cfc27e0; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=c0ad71a5401a51e58002602d9580a3ea; _ga=GA1.2.1604365714.1623244572; _gid=GA1.2.1868471919.1623244573; _gat_gtag_UA_150748452_1=1; __qca=P0-1302297312-1623244572600; ezux_lpl_200400=1623244572645|90feb9df-fe18-4bd2-5b07-ed108967c376|false; __gads=ID=214a8a026088f31a-222e30145dc80066:T=1623244572:S=ALNI_Ma1nX2DOGy1Qvn9gNDE6qgDusSimg
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:12 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:12 UTC
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dc38604b8c9a84eb1f9ea3e884463518c5444f5f08a6655f88f3000d44b86a8f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8373
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 09 Jun 2021 13:16:13 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 0CDC 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/223/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://returnsandrefund.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5022
date
Wed, 09 Jun 2021 13:14:57 GMT
expires
Thu, 09 Jun 2022 13:14:57 GMT
last-modified
Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
76
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 2F78 		783 B
530 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
df0caf2177a07d06e60540f6770b7b095446a80dfcdf735e88a147d19863c709
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-oyAnCxyufNCUfqU2cfHQDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://returnsandrefund.com/

Response headers

expires
Wed, 09 Jun 2021 13:16:13 GMT
date
Wed, 09 Jun 2021 13:16:13 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-oyAnCxyufNCUfqU2cfHQDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
511
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js
pagead2.googlesyndication.com/bg/ Frame 0CDC 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 07:52:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
19450
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5768
x-xss-protection
0
last-modified
Mon, 31 May 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Jun 2022 07:52:03 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=223&t=2&li=gpt_2021060301&jk=4071789645104571&bg=!FhWlFVHNAAY6sG-_OrA7ACkAdvg8WtoNODb9qm5ES_expgUyajd7K6kmbl_coKZr2pM8Swck9PAhPQIAAADEUgAAABFoAQeZAn5qgYSp3mKE5yNZEAckpJS9YaDurQnSxlyK90hkgj4gJclzVq8DnDinpx7T0lkRXgqETz-wRw5HUQuqi1RhGOHC4QrnnjFO6j3i7O675MjUvJoYHi-I8nGpNdjv1pb7tIkKPTPKxbFtRIEyJfL2ft5CARBQGquVCOVk2yJLHMM__TSitFbL7PfBCmfgueR1nAy5mtnuwxenN-RtGRUYtUujh3dtM86drKYi2tdorgtYYmOj7XGB8mI77Jbg9e3SJcMwDmLFQ4gn2Wcgvcfz71O1nq8b1vvPLIIALL4PLfccvS2KgBYxPiunA6hmD0GvszOZlRrC9ZvsGBhJurHjPu9aZPlYzQA5kTf9Lx7cqwLqyvb2BI3OX7lhFS3nZoME5zXMSp2klFRczit3zCaiWizueWmN7v1a3FDW1xBpXo2cYtVbQAfdKRKB2k8ZhiwT2hVKNvi233-ttg_AAMqHQHe8QRysh3YcFQ2DTCh7eLgA3T5ufTccFkMC0GH_X9itnUW1dGEWgpNH3Ngt6WVMPveIcd-JLf4WpS30JZabM7ISWL_hHwHhnB-6hVunT6eXBFIz916KfEvERtBOTuLNfdAFVlv_caBt7h_lDJoON9NxQnjideffPuoSpzfKULoVI9blv9hT_RoJMNVEini2wuKINP9tSOpKFfYWRo4aZ9qwsS4fm-4HzRyiyFcMenIglMe_2rsT8AzFPf5yYQa6YAPtmHiOrVqh1xTy7Rb-xeRkuFXMZwQQwGBZA5EyLcl-1LfZZF5KLvjmngMxQvJP-aOPuVRDsX_L0kKCjK8rFW1DR5iuoO9JB0_RUiaB71Y4Dzmi376P6RR1wTDNk-YOqg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.ch/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		482 B
804 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=2183410073821670&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=3&rcs=1&prev_scp=a%3D%257C251%257C%26iid8%3D716165%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-716165%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D22%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D650%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D82%2C25%2C176%2C67%2C51%2C122%2C89%2C20%2C26%2C188%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26lb%3D1300%26reqt%3D1623244575255&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623157819&dt=1623244575329&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
0cb9789933bfdd096c06061dc1cb0d0cddbc4e281c6536079df3b87c9f05ab96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
261
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		83 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=3763343144264907&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=a%3D%257C254%257C%26iid7%3D696965%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1108%26sap%3D1108%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dreturnsandrefund_com-box-1-696965%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D12%26bvm%3D0%26bvr%3D2%26shp%3D3%26acptad%3D1%26br1%3D70%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C816%2C817%2C899%2C919%2C17%2C19%2C20%26lb%3D140%26reqt%3D1623244575270&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623157819&dt=1623244575352&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=1120&adys=471&adks=3856334401&ucis=6&ifi=6&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
f85c946c4dd3a85febcac712e6619ff113e306577fc53b51e029fa6e732848e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13413
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		477 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=347420428920431&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=3&rcs=1&prev_scp=a%3D%257C3%257C%26iid7%3D671765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-671765%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D2%26bvm%3D0%26bvr%3D6%26shp%3D1%26br1%3D450%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C22%26lb%3D850%26reqt%3D1623244575285&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623157819&dt=1623244575377&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=7&ifi=7&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
942cd748d7eb684720b78d2684bc41555adb5df88b22a1037082047b7bdc3678
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
257
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		468 B
419 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=581097885264159&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=a%3D%257C3%257C%26iid7%3D680165%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-680165%26eb_br%3D8b07bae800b215e481d05a271b3e723b%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D0%26bvm%3D1%26bvr%3D1%26shp%3D1%26acptad%3D1%26br1%3D700%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D23%2C24%2C25%2C26%2C919%2C21%2C22%26lb%3D850%26reqt%3D1623244575288&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623157819&dt=1623244575382&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=80&adks=3330214951&ucis=8&ifi=8&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
2481d3235807a8e4928dd232eed9476b2399fa50414e620522d17f5e568ede3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
242
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012105242203000/ Frame 438D 		191 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
48638
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55246
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 23:45:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"e9907e100ee706e0"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 23:45:38 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 438D 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
86271
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4568
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 13:18:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"b435c2fa80137a0e"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 13:18:25 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 438D 		87 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
111582
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27371
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 06:16:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"6687a81702b10306"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 06:16:34 GMT
amp-carousel-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 438D 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-carousel-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05f4128ec53c7f741949fab76e87979a9ff495e42b41793cb8647bf364f4c7f4
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
76527
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8932
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 16:00:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d6e7e7ab27a26801"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 16:00:49 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 438D 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
86271
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1521
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 13:18:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5a9e085610d63d0a"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 13:18:25 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 438D 		41 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
65883
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13132
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 18:58:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"1bd5431ac5ac76b7"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 18:58:13 GMT
amp-gwd-animation-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 438D 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-gwd-animation-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
03cc4fbc6f25876c1a5de9475081af50464b0140e2c304444ab261cb77f86b2e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
87044
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2356
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 13:05:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"a805f4f6dff9cabd"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 13:05:32 GMT
truncated
/ Frame 438D 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f8e8b4c464d2eae3d5189e814cd8dd58da4948f01c026141c93a5cecfcb9ed62

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 438D 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 08 Jun 2021 13:34:38 GMT
x-content-type-options
nosniff
server
cafe
age
85298
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Wed, 09 Jun 2021 13:34:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 438D 		295 B
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 08 Jun 2021 22:25:59 GMT
x-content-type-options
nosniff
server
cafe
age
53417
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Wed, 09 Jun 2021 22:25:59 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 438D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CQ8ZSH7_AYKziG4Xf7gOm7JzwCo_x1dNi2u-Zm58Nv-EeEAEg9PnGJWD1lc6B4ASgAZ6u79sByAEJqQKL7e1ZnreyPuACAKgDAcgDCKoE4QFP0AwlypsVynih1rmxe6xE9yO6pGRtBX3KXpciNG1xuoJZ1euxmQr66102LmUQk0eKok5AzyiCkh2GIa08xzECmUMSxdtsqv8m_bndCgr6wYJ-5ehZGTJoDGcviZag0xy2FZIxwWMxtod1NpcXx61SlIpOOfW3F4dkqLAE0hqk4G3RYD7RfVJuopOmzLTVmAgrDAIpSw4u991jRh_2auSZ_obMp5ayav-Bj6oPW4umKkgo-aONUWy_yLE3SI_dpMixk8As-PjsOQJu31bNpZIMEXWYMeT5CwmtAVeJy0Xms_XABPCFpPC1A-AEAaAGLoAHytGQpAKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQxbk70ggHCIhhEAEYHfIIG2FkeC1zdWJzeW4tNTg5MzI5NDQ2MjA2MTE0MIAKA8gLAdgTA9AVAYAXAbIXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=LCWoKTv0W5E&template_id=419
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
Raster_V1.svg
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		15 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/Raster_V1.svg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3418b2afb577414ad8d76879f8e63594c8f621e32d4f625182c8f7c771ffae7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 14:41:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81287
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1995
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 14:41:29 GMT
HR_300x250px_V1.png
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		77 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/HR_300x250px_V1.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6bc648650a69b14296d752f8aa8607e530f5bcaf9e4423041384f888586e7596
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 23:10:56 GMT
x-content-type-options
nosniff
age
50720
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
78411
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 23:10:56 GMT
Abacus_Logo_19_RGB.svg
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		4 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/Abacus_Logo_19_RGB.svg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
df26e589f4d9f498929e2b5241cee7f02aab73af7498f0a058c14ede25e3555a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 23:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50720
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1345
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 23:10:56 GMT
HR_Text_1_4-zeilig_V1.svg
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		22 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/HR_Text_1_4-zeilig_V1.svg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8624c005bdb7cbd25eeeb84d66699578f7d827667cd7bd0cd13d27b9c6c0aef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 23:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50720
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6044
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 23:10:56 GMT
Button_Mehr-Info.svg
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		2 KB
763 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/Button_Mehr-Info.svg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
80cebe8a3c58125a079ac27f180b6cda1bf062d518933ebe73360378a3eb8024
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 13:34:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
85321
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
736
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 13:34:15 GMT
greenoaks.gif
returnsandrefund.com/detroitchicago/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjQ4NjIifV19XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjQ4NjIifV19XQ==
pragma
no-cache
cookie
__gads=ID=6a3089e229f1bc81-227b27145dc8005e:T=1623244575:S=ALNI_Man3yGJ_Pto_fxgcRyZIcGUt3hBgw; ezouspvv=70; ezouspva=1; ezouspvh=70
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:16 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:15 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI1MjdlNTJjMTA2MzVhYzgxMzZhNGM4NDA5NGVlNDlhOCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDcsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA3LCJiaWRfZmxvb3JfcHJldiI6MC4wMDE0LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDUwNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI1MjdlNTJjMTA2MzVhYzgxMzZhNGM4NDA5NGVlNDlhOCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDcsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA3LCJiaWRfZmxvb3JfcHJldiI6MC4wMDE0LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDUwNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
__gads=ID=6a3089e229f1bc81-227b27145dc8005e:T=1623244575:S=ALNI_Man3yGJ_Pto_fxgcRyZIcGUt3hBgw; ezouspvv=70; ezouspva=1; ezouspvh=70
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:16 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:15 UTC
28687274
g.ezoic.net/dac/ 		0
93 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g.ezoic.net/dac/28687274
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 09 Jun 2021 13:16:16 GMT
cache-control
max-age=3600, public
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain
army.gif
returnsandrefund.com/porpoiseant/ 		0
42 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMyJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMyJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
__gads=ID=6a3089e229f1bc81-227b27145dc8005e:T=1623244575:S=ALNI_Man3yGJ_Pto_fxgcRyZIcGUt3hBgw; ezouspvv=70; ezouspva=1; ezouspvh=70
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:16 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:16 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImF1Y3Rpb25fZXBvY2giOjE2MjMyNDQ1NzYsImFkX3Bvc2l0aW9uIjoxMTA4LCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjE0MCwiYmlkX2Zsb29yX3ByZXYiOjE0MCwiYmlkX2Zsb29yX2ZpbGxlZCI6NzAsImF1Y3Rpb25fY291bnQiOjIsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjU5NiwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImF1Y3Rpb25fZXBvY2giOjE2MjMyNDQ1NzYsImFkX3Bvc2l0aW9uIjoxMTA4LCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjE0MCwiYmlkX2Zsb29yX3ByZXYiOjE0MCwiYmlkX2Zsb29yX2ZpbGxlZCI6NzAsImF1Y3Rpb25fY291bnQiOjIsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjU5NiwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
pragma
no-cache
cookie
__gads=ID=6a3089e229f1bc81-227b27145dc8005e:T=1623244575:S=ALNI_Man3yGJ_Pto_fxgcRyZIcGUt3hBgw; ezouspvv=70; ezouspva=1; ezouspvh=70
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:16 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:15 UTC
Raster_V1.svg
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		15 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/Raster_V1.svg
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3418b2afb577414ad8d76879f8e63594c8f621e32d4f625182c8f7c771ffae7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 14:41:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81287
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1995
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 14:41:29 GMT
HR_300x250px_V1.png
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		77 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/HR_300x250px_V1.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6bc648650a69b14296d752f8aa8607e530f5bcaf9e4423041384f888586e7596
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 23:10:56 GMT
x-content-type-options
nosniff
age
50720
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
78411
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 23:10:56 GMT
Abacus_Logo_19_RGB.svg
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		4 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/Abacus_Logo_19_RGB.svg
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
df26e589f4d9f498929e2b5241cee7f02aab73af7498f0a058c14ede25e3555a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 23:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50720
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1345
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 23:10:56 GMT
HR_Text_1_4-zeilig_V1.svg
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		22 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/HR_Text_1_4-zeilig_V1.svg
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8624c005bdb7cbd25eeeb84d66699578f7d827667cd7bd0cd13d27b9c6c0aef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 23:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50720
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6044
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 23:10:56 GMT
Button_Mehr-Info.svg
tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/ Frame 438D 		2 KB
763 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/9059185604967314368/ABAC_HR_300x250px_V2_AMPHTML/Button_Mehr-Info.svg
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
80cebe8a3c58125a079ac27f180b6cda1bf062d518933ebe73360378a3eb8024
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 13:34:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
85321
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
736
x-xss-protection
0
last-modified
Thu, 04 Feb 2021 16:22:35 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 13:34:15 GMT
integrator.js
adservice.google.ch/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.ch/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		477 B
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=3577580808003188&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=2&prev_scp=a%3D%257C3%257C%26iid7%3D671765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-671765%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D2%26bvm%3D0%26bvr%3D6%26shp%3D1%26br1%3D280%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C22%2C20%2C21%2C22%26lb%3D450%26reqt%3D1623244575908&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623157819&dt=1623244576976&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=9&ifi=9&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
4eaa6b7218b8c3be74092d5d10d27a28bd19c0a51b1c044f37ffe25ad92e78ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
253
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		476 B
434 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=1470840879244279&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=2&prev_scp=a%3D%257C251%257C%26iid8%3D716165%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-716165%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D22%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D400%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D82%2C25%2C176%2C67%2C51%2C122%2C89%2C20%2C26%2C188%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26lb%3D650%26reqt%3D1623244575909&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623157819&dt=1623244576980&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=a&ifi=10&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
1b3ae74af92f75120cd1c833b07fce7b35a023e03d3fdfb0a2b50967265c7f5b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:18 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
256
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		12 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=2572016593679527&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=2&prev_scp=a%3D%257C3%257C%26iid7%3D680165%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-680165%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D0%26bvm%3D1%26bvr%3D1%26shp%3D1%26acptad%3D1%26br1%3D0%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D23%2C24%2C25%2C26%2C919%2C21%2C22%2C17%2C18%2C19%2C20%2C21%2C22%26lb%3D700%26reqt%3D1623244575952%26ss38%3D1%26ss9%3D1&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623157819&dt=1623244576999&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=80&adks=3330214951&ucis=b&ifi=11&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
c889e9f09795bd6877dfc6c7aad995732f29960db06c3a4f046870c8132bf470
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7263
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
__gads=ID=b4839e31c1298265-22028e155dc800e3:T=1623244577:S=ALNI_MY3kosNCIJb0m2mSUJrdqyfWfdqyw
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:17 UTC
integrator.js
adservice.google.ch/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=1574004490735076&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=1&rcs=3&prev_scp=a%3D%257C3%257C%26iid7%3D671765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-671765%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D2%26bvm%3D0%26bvr%3D6%26shp%3D1%26br1%3D140%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C22%2C20%2C21%2C22%2C17%2C20%2C21%2C22%26lb%3D280%26reqt%3D1623244577525&eri=1&cookie=ID%3Db4839e31c1298265-22028e155dc800e3%3AT%3D1623244577%3AS%3DALNI_MY3kosNCIJb0m2mSUJrdqyfWfdqyw&bc=31&abxe=1&lmt=1623157819&dt=1623244577533&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=c&ifi=12&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
66ff90c92915ac010e1bb27d29cfecc4b2c433af5616bc33164e36ae2db712aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1109
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxOSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyNTIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5Njk2NSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzkifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxNjE2NSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMjc2In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxOSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyNTIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5Njk2NSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzkifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxNjE2NSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMjc2In1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
__gads=ID=b4839e31c1298265-22028e155dc800e3:T=1623244577:S=ALNI_MY3kosNCIJb0m2mSUJrdqyfWfdqyw
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:17 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjY1MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiODAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzE3NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzQ1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI5MjAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTY5NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTEyMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiNDcxIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjExMDAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6InRydWUifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjY1MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiODAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzE3NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzQ1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI5MjAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTY5NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTEyMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiNDcxIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjExMDAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6InRydWUifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
__gads=ID=b4839e31c1298265-22028e155dc800e3:T=1623244577:S=ALNI_MY3kosNCIJb0m2mSUJrdqyfWfdqyw
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:17 UTC
adview
securepubads.g.doubleclick.net/pagead/ Frame 438D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CUfQyH7_AYKziG4Xf7gOm7JzwCo_x1dNi2u-Zm58Nv-EeEAEg9PnGJWD1lc6B4ASgAZ6u79sByAEJqQKL7e1ZnreyPuACAKgDAaoE4QFP0AwlypsVynih1rmxe6xE9yO6pGRtBX3KXpciNG1xuoJZ1euxmQr66102LmUQk0eKok5AzyiCkh2GIa08xzECmUMSxdtsqv8m_bndCgr6wYJ-5ehZGTJoDGcviZag0xy2FZIxwWMxtod1NpcXx61SlIpOOfW3F4dkqLAE0hqk4G3RYD7RfVJuopOmzLTVmAgrDAIpSw4u991jRh_2auSZ_obMp5ayav-Bj6oPW4umKkgo-aONUWy_yLE3SI_dpMixk8As-PjsOQJu31bNpZIMEXWYMeT5CwmtAVeJy0Xms_XABPCFpPC1A-AEAaAGLoAHytGQpAKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQxbk70ggHCIhhEAEYHfIIG2FkeC1zdWJzeW4tNTg5MzI5NDQ2MjA2MTE0MIAKA8gLAdgTA9AVAYAXAbIXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=PDVAPArsxI4&vt=1&template_id=419
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame 438D 		42 B
176 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss7tSg5OA2W6VQy3yIFc_Vot9g5WD4x4lClXDfHBAIjzrbhZoVRJrBmFXp8XxjS4UVTTZunHLxELgHHGvTWzspFTOemMmyFJXTLT0Gtx48rcZbwL8lKB-fOyKY531rVuY17aLQyYezBjLcVle8d2Q&sai=AMfl-YRfM6y7ZrYIzTQvMNo7dZOKXX6En43d5AVuwByL9Jz4eO577qIEkMnbqP6ajunz8nUA0eB89aSQsQoH_2RwOm4hPBZQwCU8c8BaMjxEGrvNJC8iRbQYehd2-MG56XI&sig=Cg0ArKJSzG0cht87K_qiEAE&id=ampim&o=1120,471&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=454&tls=1454&g=100&h=100&tt=1454&r=v&avms=ampa&adk=3856334401
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D714 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://returnsandrefund.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Wed, 09 Jun 2021 13:16:12 GMT
expires
Thu, 09 Jun 2022 13:16:12 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
6
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d8c7ce12428be733a9213b2fecae66db6950a933c276d68bf7c8271829a627d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623066164336645"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28149
x-xss-protection
0
expires
Wed, 09 Jun 2021 13:16:17 GMT
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk2OTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
__gads=ID=18c96779fcc61067-22b0c51a5dc8007d:T=1623244577:S=ALNI_MZUAl_MvkOxDzIVwV_S8Cc_c-k-WQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:16 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODAxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAuMDAwMDAyLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDAyLCJiaWRfZmxvb3JfcHJldiI6MC4wMDcsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODAxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgxNCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzODE0In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODAxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgxNCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNzE2MTQzOTQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODAxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAuMDAwMDAyLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDAyLCJiaWRfZmxvb3JfcHJldiI6MC4wMDcsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODAxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgxNCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzODE0In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODAxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgxNCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNzE2MTQzOTQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
__gads=ID=18c96779fcc61067-22b0c51a5dc8007d:T=1623244577:S=ALNI_MZUAl_MvkOxDzIVwV_S8Cc_c-k-WQ; ezouspvv=0; ezouspva=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:17 UTC
71614394
g.ezoic.net/dac/ 		0
40 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g.ezoic.net/dac/71614394
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 09 Jun 2021 13:16:17 GMT
cache-control
max-age=3600, public
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMyJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMyJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
__gads=ID=18c96779fcc61067-22b0c51a5dc8007d:T=1623244577:S=ALNI_MZUAl_MvkOxDzIVwV_S8Cc_c-k-WQ; ezouspvv=0; ezouspva=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:17 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImF1Y3Rpb25fZXBvY2giOjE2MjMyNDQ1NzgsImFkX3Bvc2l0aW9uIjoxMTEyLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjg1MCwiYmlkX2Zsb29yX3ByZXYiOjcwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6MywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NzUzLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0fV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImF1Y3Rpb25fZXBvY2giOjE2MjMyNDQ1NzgsImFkX3Bvc2l0aW9uIjoxMTEyLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjg1MCwiYmlkX2Zsb29yX3ByZXYiOjcwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6MywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NzUzLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0fV0=
pragma
no-cache
cookie
__gads=ID=18c96779fcc61067-22b0c51a5dc8007d:T=1623244577:S=ALNI_MZUAl_MvkOxDzIVwV_S8Cc_c-k-WQ; ezouspvv=0; ezouspva=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:17 UTC
pixel
googleads.g.doubleclick.net/xbbe/ Frame 10CB 		478 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CM-nKBD9yigY0KL3kQEwAQ&v=APEucNXJFw2iSSJ7dlbJ5EqtOFiRMjNjmHME0xO1ng1ttQXNLHklt16N9AoFNCRGkKVqw9HUYoJITPcRemYhmsRHBb9j4OghUQ
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/xbbe/pixel?d=CM-nKBD9yigY0KL3kQEwAQ&v=APEucNXJFw2iSSJ7dlbJ5EqtOFiRMjNjmHME0xO1ng1ttQXNLHklt16N9AoFNCRGkKVqw9HUYoJITPcRemYhmsRHBb9j4OghUQ
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlEj_EUlfVdpV-1gZVtChnMeH1jWOQoOgdYJI7IGKfqdJnvPlnD6GodNwoynBk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 09 Jun 2021 13:16:18 GMT
server
cafe
cache-control
private
content-length
230
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame D714 		48 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsSb67vPNSe60fsS8fsMKzbjRZVvAXVVsKkX0n-ulxKGgM6x_PROaify_B7HSulVzTog_Fv90teVWXG_fpjnDKYgIowYKjWxNxjCAJvUVNfiWRYhT3qBTgqVkCv-La_1uLyWm1DuHF9yl62oJkq5Oj0uphhg&dbm_d=AKAmf-ALrGJK6LhpH3hjFucug1J-n_VVJmP2_a4h4-sOtHmJxA3PjXyaAS02spyZdlkH2cSryRwzJ_VAjnistA-IozIJqqS3TBoA46u8-4_yow5y21Evo-J5gKL-SiyEAOdNAGmoiszHBBS5q4sFtlga0pP8K9uYL-I5n3MaoyZ8nEOvR9ACnoxDNNrzjsBLIERrOKeXCHqPhWjejXzOtydJQ_2TALd5yO9STWQbxfHsDTEj2Q7Dmrp3NQKgOA0Go66l6pGy0-9gyq4cbd5F15vE0dqIgGuoM7SkWfLSZn-guG3B5ySbqqLUrpclTCElmFjXgVDbybJSaShsx_I8rtMCCNFxEXrrkXwUzm4bij_rKU1B3twCsK7aRhl7KFLpgJvUbgMblt5QexzlGPTUM67JVcJ7-RjHWgGGNkZnpmEUZc17r2UW8v7XgnRrLnLFmGPTpCy7PRhPmy2jCH7OyTy2HQkbYLgTQR6Pki752TawxOPGjvaE7YS98NZJ-USdHLWBbhM62xFpgU-BAygQqfDYgIFKDO3MUHVEDpxF9-5r63TcnsN1MVeHE5OEdjsz4I3gJazMtNitzwqz0oyCpDhaeVXhtQx6kfR8O4H7NtdaeqHOZAoqiTxFO9jPpD-JYPoCJCQbz3LI1rfpJNcr-9BrqP-7u_ens6uPbfU7RPFwA_T5bujoe5HF3K-g_HXIHXKUSG1Q_D3ZRMBamyh8zLouSiGmb2NaA4oiccSKpQ6ru844dG6cr5MNFe1vgfc-8TIPu768Kuus8vITuuuZ5ifIseanJx-c2VvctqpiPW5aBH0uMFr-OoEkzXTcaxa8IeHbvH8ujqs11qO4GhfsfZTKMYK1FPHJwz41JuPb1U_aUH9DohJQd4-V03a6ZYpCAze9qexeh-o4f4Qz96z9-5WHKnSHEgCmKNJStTpYEmDxrdQ4vvhzsPIHWXE5XPCMLEWQMKdmGgnfe5S0Iuw0zY2ja6LS6hrXgjBB3Texg52SMllzQs8NObNm4_k3wewy_fDhJHn5X04uJTqtAxCki1kS1umoWn5mI4OhRwUaawzPAx0MKzkVEWYGzfHG5lxFx3j-yPVU4taIM8LOLy48Bi6VYjMmlk_54bWK66FJteXQewlG9cr1RCgBuJVmBiSyVgExXrHhYy5iGsYt6LXh5jfY8q0T89imv7Qod82f8gswcODbrQS8pm0A9UtlGHW0CMhO0r-VVJ74YrfMANXwLGH873G6DkOovUHTnPopFQ4kpSEXSZFPi5-B01p2o5FCq3QwQ90Fy7gKdYQrLpVN4WGI_TuLjHJ_jjC74l2Zv6gE50K1NxQyKaHwZ03c3Al8nUMW3KKDYsJroY6Hzl2R4ZM1NFRr9yFHglMKSS-p1lVku5nMuW9lqy5voPZ-k3u-Y6NAHqzKKu09MMj_ih_9XTp9pA6Wew8r2jMjR2srZU6vqgzn80NYpzHZKnr8fSNLd6Vzy8GIlKQPV4mUuXp7vuAKHStMqFFNRoPvT38Gwyy4I_K0S_CLHkEaZg5DCYKL_vfxqMXKrHAz8FKpN6FNj_8WlZuFFJAuwO8iWcn-DfTqJ82IYf50l9o19Ry9jfL408IGRGv77aBhIYTAooxaVsehzOOSW_JlR4jnAK-LrMIU-wmP5jjNb0fF0I9DiIll32Re0C6BxrVvGV-cdK43CR_Gym0ZleKBCclgwUJoFSJ1h_feYAOcRB6N3uJaQVkznHCWCmHvcWznLF92_WY49MmDXAek5ffjxLrTVdeo21BdylA0vwn6xZmEe6y5ZZEQPJ75ipaqr-PPDhGIb7saPCW9cVl2HMzI5E1nRGVfti0JPU5k1ugsEIXfud6bgmVWeY7KVggyMS1xwm7jSXbYplBgfO9hCtGUkJLV5DJNPP_m0_yUIhzA531TaQVSLthH3q7j69Gg0kav8K30Omidkn0DFMJXMQDfr6wriJiVJifFEJ18ZkifFMR1JKW82MG0STMarOOVdR-ADCt7hGff7tbrGkWHRBLDYkDIKDLK2Lw8IbpgHI_I_iqxbprYYcL6xGQfYY64gsIhvm0UR1GvuN9ORMi00gP29nejac7mm8XgcIdO1WnfD67fHhZ4iu0RT8KOeT06nf9H0Y5WI7OfND1c9g33R3p8a8Kl9y604WMmwy6gTdJ4KqgGAZgcOkcHyijxcxftyLQRWicmdfg6559J32YFmSpJdqozzxWvP9qkoE97kG9NyXtn0ETL4jV8TxraLKKd2Nf04FHkrnlPMSR5gkoHuPo8jTbex2Kvd56ev2xsjz5ET3glR2GRWdW2csqvz7wVbHyoVrXsUhogY4LpMVp9NZ5fZrZqFpgvHYVqbMwbGX8SrReQGT69KHZRbV1rXlZphdYDIIRDvg0okeyDekiL2-pWtTPhOFLnT_1CTo6uU5VORDi__akG-j-DPcpo-kiTt1XbzCC-7uvh82ZTlny6esq2AL4hj6fubh5LfDrYSbrVQOxtBM4N_1tgCSITVaLl2rKdm3MEE-vm9a4AU3yvvi9DHjAM4hfEU-sh13az56oZnq_Km66gRRlZQXPAjDl7egWWPpCa2hyrK6cmso0vhAsBQ60_4Q-Vl6Wme3O5S3REaG6d5WXhjIfui1Ze6-o4hhDaO-VvRigaP42jHVMWGp8CPxIof4egUQCnAR4JpBgytZa5hgUdN3vW2TqSwRxI5FZhf2chwH6hBCl4YfZ6AFqf8_CiheAhYu35I1-CSQy0jyi6wSLGqHBe1IS0DH5B0TCr-UGwVJ7rUppNbIskrdfXUnmyMv3t7z2k9U0lJxdK5tUBBgDoPFD53Ucj1n-cBOiiyPkBxhkOjKbyjXgTnsVp_hO0xzUOMzITst0M0__SWlGsjsWWVvLanZLc57qGsQHG0AVAGkY8Po-QYSruyCOEcrxamGV6ilW8ooxjNABqo13FPL8rrXjZOOmnpGLoSIN3zaUhLYIF_7lQkRYmHVA0ioKVJvd25n15-bABtjlYTiyJdqzWRuyZvuT5I6HEbiTQ7DfrhEVTWQdHRWdlqQHCEqEIOcbe-wS__jH96tlE1nR887c4quXhZBBtLyUfCIxYkGwFRFIE2251sZjPlJZqMijxQRmjhK0DDLcOLKM5Yo4RUDmL_ar3N5qyCEjwMndCizV2DNK9F0-rq3mHhp531ZwkHeoZBnd3sMyxrM6l_nurWNjL-M4e9N_BrZ1f04m4kjcd8NHlZDrEV6ZMgmWUig&cid=CAASFeRoZ54IA88k6VIeXZUOI-NLaAaXbg&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
99ac6ec6097a4d79b5886acd0ba1b6a78451bf71804f38275f5fbbbb2eab2154
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:18 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23490
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D714 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C8ncFqCCIbabbUAncRpmO4XYHcB-vniMU5LnZ_4PnRojoEXGcpiULsuds-yMImbpSmowMqMmwclzT83VI88ytFBLR-MreB2T9KS5ODawIFHFjtgqY
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame D714 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:09:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
403
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1316
x-xss-protection
0
server
cafe
etag
797314601362473214
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Jun 2021 13:09:35 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D714 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:18 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623066169988846"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37960
x-xss-protection
0
expires
Wed, 09 Jun 2021 13:16:18 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame D714 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5644
x-xss-protection
0
server
cafe
etag
16788636151609896382
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Jun 2021 13:16:02 GMT
pixel
cm.g.doubleclick.net/ Frame 10CB 		170 B
506 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM-nKBD9yigY0KL3kQEwAQ&v=APEucNXJFw2iSSJ7dlbJ5EqtOFiRMjNjmHME0xO1ng1ttQXNLHklt16N9AoFNCRGkKVqw9HUYoJITPcRemYhmsRHBb9j4OghUQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:18 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 10CB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM2NyTfQu8_AeeOWpK_j_qI&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM2NyTfQu8_AeeOWpK_j_qI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM-nKBD9yigY0KL3kQEwAQ&v=APEucNXJFw2iSSJ7dlbJ5EqtOFiRMjNjmHME0xO1ng1ttQXNLHklt16N9AoFNCRGkKVqw9HUYoJITPcRemYhmsRHBb9j4OghUQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-145-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Jun 2021 13:16:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 09 Jun 2021 13:16:18 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM2NyTfQu8_AeeOWpK_j_qI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 10CB
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMC-IvaWgKSfyjh.SoI4bQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM2NyTfQu8_AeeOWpK_j_qI&google_cver=1&google_hm=2
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM2NyTfQu8_AeeOWpK_j_qI&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM-nKBD9yigY0KL3kQEwAQ&v=APEucNXJFw2iSSJ7dlbJ5EqtOFiRMjNjmHME0xO1ng1ttQXNLHklt16N9AoFNCRGkKVqw9HUYoJITPcRemYhmsRHBb9j4OghUQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-145-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Jun 2021 13:16:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 09 Jun 2021 13:16:18 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM2NyTfQu8_AeeOWpK_j_qI&google_cver=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame D714 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsSb67vPNSe60fsS8fsMKzbjRZVvAXVVsKkX0n-ulxKGgM6x_PROaify_B7HSulVzTog_Fv90teVWXG_fpjnDKYgIowYKjWxNxjCAJvUVNfiWRYhT3qBTgqVkCv-La_1uLyWm1DuHF9yl62oJkq5Oj0uphhg&dbm_d=AKAmf-ALrGJK6LhpH3hjFucug1J-n_VVJmP2_a4h4-sOtHmJxA3PjXyaAS02spyZdlkH2cSryRwzJ_VAjnistA-IozIJqqS3TBoA46u8-4_yow5y21Evo-J5gKL-SiyEAOdNAGmoiszHBBS5q4sFtlga0pP8K9uYL-I5n3MaoyZ8nEOvR9ACnoxDNNrzjsBLIERrOKeXCHqPhWjejXzOtydJQ_2TALd5yO9STWQbxfHsDTEj2Q7Dmrp3NQKgOA0Go66l6pGy0-9gyq4cbd5F15vE0dqIgGuoM7SkWfLSZn-guG3B5ySbqqLUrpclTCElmFjXgVDbybJSaShsx_I8rtMCCNFxEXrrkXwUzm4bij_rKU1B3twCsK7aRhl7KFLpgJvUbgMblt5QexzlGPTUM67JVcJ7-RjHWgGGNkZnpmEUZc17r2UW8v7XgnRrLnLFmGPTpCy7PRhPmy2jCH7OyTy2HQkbYLgTQR6Pki752TawxOPGjvaE7YS98NZJ-USdHLWBbhM62xFpgU-BAygQqfDYgIFKDO3MUHVEDpxF9-5r63TcnsN1MVeHE5OEdjsz4I3gJazMtNitzwqz0oyCpDhaeVXhtQx6kfR8O4H7NtdaeqHOZAoqiTxFO9jPpD-JYPoCJCQbz3LI1rfpJNcr-9BrqP-7u_ens6uPbfU7RPFwA_T5bujoe5HF3K-g_HXIHXKUSG1Q_D3ZRMBamyh8zLouSiGmb2NaA4oiccSKpQ6ru844dG6cr5MNFe1vgfc-8TIPu768Kuus8vITuuuZ5ifIseanJx-c2VvctqpiPW5aBH0uMFr-OoEkzXTcaxa8IeHbvH8ujqs11qO4GhfsfZTKMYK1FPHJwz41JuPb1U_aUH9DohJQd4-V03a6ZYpCAze9qexeh-o4f4Qz96z9-5WHKnSHEgCmKNJStTpYEmDxrdQ4vvhzsPIHWXE5XPCMLEWQMKdmGgnfe5S0Iuw0zY2ja6LS6hrXgjBB3Texg52SMllzQs8NObNm4_k3wewy_fDhJHn5X04uJTqtAxCki1kS1umoWn5mI4OhRwUaawzPAx0MKzkVEWYGzfHG5lxFx3j-yPVU4taIM8LOLy48Bi6VYjMmlk_54bWK66FJteXQewlG9cr1RCgBuJVmBiSyVgExXrHhYy5iGsYt6LXh5jfY8q0T89imv7Qod82f8gswcODbrQS8pm0A9UtlGHW0CMhO0r-VVJ74YrfMANXwLGH873G6DkOovUHTnPopFQ4kpSEXSZFPi5-B01p2o5FCq3QwQ90Fy7gKdYQrLpVN4WGI_TuLjHJ_jjC74l2Zv6gE50K1NxQyKaHwZ03c3Al8nUMW3KKDYsJroY6Hzl2R4ZM1NFRr9yFHglMKSS-p1lVku5nMuW9lqy5voPZ-k3u-Y6NAHqzKKu09MMj_ih_9XTp9pA6Wew8r2jMjR2srZU6vqgzn80NYpzHZKnr8fSNLd6Vzy8GIlKQPV4mUuXp7vuAKHStMqFFNRoPvT38Gwyy4I_K0S_CLHkEaZg5DCYKL_vfxqMXKrHAz8FKpN6FNj_8WlZuFFJAuwO8iWcn-DfTqJ82IYf50l9o19Ry9jfL408IGRGv77aBhIYTAooxaVsehzOOSW_JlR4jnAK-LrMIU-wmP5jjNb0fF0I9DiIll32Re0C6BxrVvGV-cdK43CR_Gym0ZleKBCclgwUJoFSJ1h_feYAOcRB6N3uJaQVkznHCWCmHvcWznLF92_WY49MmDXAek5ffjxLrTVdeo21BdylA0vwn6xZmEe6y5ZZEQPJ75ipaqr-PPDhGIb7saPCW9cVl2HMzI5E1nRGVfti0JPU5k1ugsEIXfud6bgmVWeY7KVggyMS1xwm7jSXbYplBgfO9hCtGUkJLV5DJNPP_m0_yUIhzA531TaQVSLthH3q7j69Gg0kav8K30Omidkn0DFMJXMQDfr6wriJiVJifFEJ18ZkifFMR1JKW82MG0STMarOOVdR-ADCt7hGff7tbrGkWHRBLDYkDIKDLK2Lw8IbpgHI_I_iqxbprYYcL6xGQfYY64gsIhvm0UR1GvuN9ORMi00gP29nejac7mm8XgcIdO1WnfD67fHhZ4iu0RT8KOeT06nf9H0Y5WI7OfND1c9g33R3p8a8Kl9y604WMmwy6gTdJ4KqgGAZgcOkcHyijxcxftyLQRWicmdfg6559J32YFmSpJdqozzxWvP9qkoE97kG9NyXtn0ETL4jV8TxraLKKd2Nf04FHkrnlPMSR5gkoHuPo8jTbex2Kvd56ev2xsjz5ET3glR2GRWdW2csqvz7wVbHyoVrXsUhogY4LpMVp9NZ5fZrZqFpgvHYVqbMwbGX8SrReQGT69KHZRbV1rXlZphdYDIIRDvg0okeyDekiL2-pWtTPhOFLnT_1CTo6uU5VORDi__akG-j-DPcpo-kiTt1XbzCC-7uvh82ZTlny6esq2AL4hj6fubh5LfDrYSbrVQOxtBM4N_1tgCSITVaLl2rKdm3MEE-vm9a4AU3yvvi9DHjAM4hfEU-sh13az56oZnq_Km66gRRlZQXPAjDl7egWWPpCa2hyrK6cmso0vhAsBQ60_4Q-Vl6Wme3O5S3REaG6d5WXhjIfui1Ze6-o4hhDaO-VvRigaP42jHVMWGp8CPxIof4egUQCnAR4JpBgytZa5hgUdN3vW2TqSwRxI5FZhf2chwH6hBCl4YfZ6AFqf8_CiheAhYu35I1-CSQy0jyi6wSLGqHBe1IS0DH5B0TCr-UGwVJ7rUppNbIskrdfXUnmyMv3t7z2k9U0lJxdK5tUBBgDoPFD53Ucj1n-cBOiiyPkBxhkOjKbyjXgTnsVp_hO0xzUOMzITst0M0__SWlGsjsWWVvLanZLc57qGsQHG0AVAGkY8Po-QYSruyCOEcrxamGV6ilW8ooxjNABqo13FPL8rrXjZOOmnpGLoSIN3zaUhLYIF_7lQkRYmHVA0ioKVJvd25n15-bABtjlYTiyJdqzWRuyZvuT5I6HEbiTQ7DfrhEVTWQdHRWdlqQHCEqEIOcbe-wS__jH96tlE1nR887c4quXhZBBtLyUfCIxYkGwFRFIE2251sZjPlJZqMijxQRmjhK0DDLcOLKM5Yo4RUDmL_ar3N5qyCEjwMndCizV2DNK9F0-rq3mHhp531ZwkHeoZBnd3sMyxrM6l_nurWNjL-M4e9N_BrZ1f04m4kjcd8NHlZDrEV6ZMgmWUig&cid=CAASFeRoZ54IA88k6VIeXZUOI-NLaAaXbg&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:07:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
517
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8601
x-xss-protection
0
server
cafe
etag
18280575870105241958
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Jun 2021 13:07:41 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame D714 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsSb67vPNSe60fsS8fsMKzbjRZVvAXVVsKkX0n-ulxKGgM6x_PROaify_B7HSulVzTog_Fv90teVWXG_fpjnDKYgIowYKjWxNxjCAJvUVNfiWRYhT3qBTgqVkCv-La_1uLyWm1DuHF9yl62oJkq5Oj0uphhg&dbm_d=AKAmf-ALrGJK6LhpH3hjFucug1J-n_VVJmP2_a4h4-sOtHmJxA3PjXyaAS02spyZdlkH2cSryRwzJ_VAjnistA-IozIJqqS3TBoA46u8-4_yow5y21Evo-J5gKL-SiyEAOdNAGmoiszHBBS5q4sFtlga0pP8K9uYL-I5n3MaoyZ8nEOvR9ACnoxDNNrzjsBLIERrOKeXCHqPhWjejXzOtydJQ_2TALd5yO9STWQbxfHsDTEj2Q7Dmrp3NQKgOA0Go66l6pGy0-9gyq4cbd5F15vE0dqIgGuoM7SkWfLSZn-guG3B5ySbqqLUrpclTCElmFjXgVDbybJSaShsx_I8rtMCCNFxEXrrkXwUzm4bij_rKU1B3twCsK7aRhl7KFLpgJvUbgMblt5QexzlGPTUM67JVcJ7-RjHWgGGNkZnpmEUZc17r2UW8v7XgnRrLnLFmGPTpCy7PRhPmy2jCH7OyTy2HQkbYLgTQR6Pki752TawxOPGjvaE7YS98NZJ-USdHLWBbhM62xFpgU-BAygQqfDYgIFKDO3MUHVEDpxF9-5r63TcnsN1MVeHE5OEdjsz4I3gJazMtNitzwqz0oyCpDhaeVXhtQx6kfR8O4H7NtdaeqHOZAoqiTxFO9jPpD-JYPoCJCQbz3LI1rfpJNcr-9BrqP-7u_ens6uPbfU7RPFwA_T5bujoe5HF3K-g_HXIHXKUSG1Q_D3ZRMBamyh8zLouSiGmb2NaA4oiccSKpQ6ru844dG6cr5MNFe1vgfc-8TIPu768Kuus8vITuuuZ5ifIseanJx-c2VvctqpiPW5aBH0uMFr-OoEkzXTcaxa8IeHbvH8ujqs11qO4GhfsfZTKMYK1FPHJwz41JuPb1U_aUH9DohJQd4-V03a6ZYpCAze9qexeh-o4f4Qz96z9-5WHKnSHEgCmKNJStTpYEmDxrdQ4vvhzsPIHWXE5XPCMLEWQMKdmGgnfe5S0Iuw0zY2ja6LS6hrXgjBB3Texg52SMllzQs8NObNm4_k3wewy_fDhJHn5X04uJTqtAxCki1kS1umoWn5mI4OhRwUaawzPAx0MKzkVEWYGzfHG5lxFx3j-yPVU4taIM8LOLy48Bi6VYjMmlk_54bWK66FJteXQewlG9cr1RCgBuJVmBiSyVgExXrHhYy5iGsYt6LXh5jfY8q0T89imv7Qod82f8gswcODbrQS8pm0A9UtlGHW0CMhO0r-VVJ74YrfMANXwLGH873G6DkOovUHTnPopFQ4kpSEXSZFPi5-B01p2o5FCq3QwQ90Fy7gKdYQrLpVN4WGI_TuLjHJ_jjC74l2Zv6gE50K1NxQyKaHwZ03c3Al8nUMW3KKDYsJroY6Hzl2R4ZM1NFRr9yFHglMKSS-p1lVku5nMuW9lqy5voPZ-k3u-Y6NAHqzKKu09MMj_ih_9XTp9pA6Wew8r2jMjR2srZU6vqgzn80NYpzHZKnr8fSNLd6Vzy8GIlKQPV4mUuXp7vuAKHStMqFFNRoPvT38Gwyy4I_K0S_CLHkEaZg5DCYKL_vfxqMXKrHAz8FKpN6FNj_8WlZuFFJAuwO8iWcn-DfTqJ82IYf50l9o19Ry9jfL408IGRGv77aBhIYTAooxaVsehzOOSW_JlR4jnAK-LrMIU-wmP5jjNb0fF0I9DiIll32Re0C6BxrVvGV-cdK43CR_Gym0ZleKBCclgwUJoFSJ1h_feYAOcRB6N3uJaQVkznHCWCmHvcWznLF92_WY49MmDXAek5ffjxLrTVdeo21BdylA0vwn6xZmEe6y5ZZEQPJ75ipaqr-PPDhGIb7saPCW9cVl2HMzI5E1nRGVfti0JPU5k1ugsEIXfud6bgmVWeY7KVggyMS1xwm7jSXbYplBgfO9hCtGUkJLV5DJNPP_m0_yUIhzA531TaQVSLthH3q7j69Gg0kav8K30Omidkn0DFMJXMQDfr6wriJiVJifFEJ18ZkifFMR1JKW82MG0STMarOOVdR-ADCt7hGff7tbrGkWHRBLDYkDIKDLK2Lw8IbpgHI_I_iqxbprYYcL6xGQfYY64gsIhvm0UR1GvuN9ORMi00gP29nejac7mm8XgcIdO1WnfD67fHhZ4iu0RT8KOeT06nf9H0Y5WI7OfND1c9g33R3p8a8Kl9y604WMmwy6gTdJ4KqgGAZgcOkcHyijxcxftyLQRWicmdfg6559J32YFmSpJdqozzxWvP9qkoE97kG9NyXtn0ETL4jV8TxraLKKd2Nf04FHkrnlPMSR5gkoHuPo8jTbex2Kvd56ev2xsjz5ET3glR2GRWdW2csqvz7wVbHyoVrXsUhogY4LpMVp9NZ5fZrZqFpgvHYVqbMwbGX8SrReQGT69KHZRbV1rXlZphdYDIIRDvg0okeyDekiL2-pWtTPhOFLnT_1CTo6uU5VORDi__akG-j-DPcpo-kiTt1XbzCC-7uvh82ZTlny6esq2AL4hj6fubh5LfDrYSbrVQOxtBM4N_1tgCSITVaLl2rKdm3MEE-vm9a4AU3yvvi9DHjAM4hfEU-sh13az56oZnq_Km66gRRlZQXPAjDl7egWWPpCa2hyrK6cmso0vhAsBQ60_4Q-Vl6Wme3O5S3REaG6d5WXhjIfui1Ze6-o4hhDaO-VvRigaP42jHVMWGp8CPxIof4egUQCnAR4JpBgytZa5hgUdN3vW2TqSwRxI5FZhf2chwH6hBCl4YfZ6AFqf8_CiheAhYu35I1-CSQy0jyi6wSLGqHBe1IS0DH5B0TCr-UGwVJ7rUppNbIskrdfXUnmyMv3t7z2k9U0lJxdK5tUBBgDoPFD53Ucj1n-cBOiiyPkBxhkOjKbyjXgTnsVp_hO0xzUOMzITst0M0__SWlGsjsWWVvLanZLc57qGsQHG0AVAGkY8Po-QYSruyCOEcrxamGV6ilW8ooxjNABqo13FPL8rrXjZOOmnpGLoSIN3zaUhLYIF_7lQkRYmHVA0ioKVJvd25n15-bABtjlYTiyJdqzWRuyZvuT5I6HEbiTQ7DfrhEVTWQdHRWdlqQHCEqEIOcbe-wS__jH96tlE1nR887c4quXhZBBtLyUfCIxYkGwFRFIE2251sZjPlJZqMijxQRmjhK0DDLcOLKM5Yo4RUDmL_ar3N5qyCEjwMndCizV2DNK9F0-rq3mHhp531ZwkHeoZBnd3sMyxrM6l_nurWNjL-M4e9N_BrZ1f04m4kjcd8NHlZDrEV6ZMgmWUig&cid=CAASFeRoZ54IA88k6VIeXZUOI-NLaAaXbg&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:15:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
45
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Jun 2021 13:15:33 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame D714 		0
575 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstcvd5TIFrUBKQKnplNnQXPNu9KfQOtisrMO19nvVGTMzSd1Ui4Xau5QnQ189UAXEaugKIe-RrdB5BQpCQJrMqW-Y-UPwsfyH-rfbAmsbruD5inKuZblldcW2aYPMZtUp30El4FtpZk1l26etwgdEpSGNYfvPYRZYkqY3dURcmZEmEImHTbQvcU3GwIVd1YwwHZutlBGDiibVo0Eu0WmtjwLspA1tlG4HzEK9QX_yhJk5lyVS4EbBxM9QiDxAc1Ecq8AjwSNoj8cKQb6AmC42uoFs7JGhRz2LSNSBSZVe9xRa9zYFvI5llEuMs9zSi3_7t56N1GPcd440kurTHJUUWLP8m5cE80qSDGOoSRreXJ1uJTdwE73qwcnp4nwnr0n1iMe2SxgUzqJJlphIgFMNGxpl0TTcafKTWvo6EeQ_9MverFkOEoVR8AymA2T1UnRT-mb8RvPL1MNoBhRVzPuFQczdrifPN_2vPRVGRfFzcpvfINJf6xXaPTJs2zhME87SWETv-e6Gzk8ZkiYLWDE5kFfcmPR0JEWxrtxNKvOvnii69nHwAqrnadidwexhZ3-70Cv3iDC4mpCxIDO1-C8YX8UryCXRJwjanOzzXkHKitD49k82kdmOklRwN5PQNNtjbrHiy349pd5PEUl5PbnoW_gmA-Jn5Z6Nhtefbkn7E0gX2r6gmvIv0KgaZeGYPQzFt2Nm4rsjEh6g89Ze6Ydm1ZwsoIJp8HwiqsdkU9l_1bf4n3K6urbbTa6UCFfV7TLJzTqcLQnbbdxE1QqwhmvGLKDIekh6g2bKwbFx6MWmo_oY2A8bH3YNEzzcRis8sHFbcQrp8yNbLIBH6q2OHzSiqwvlJFvb8pBOU0tDujUTQWxAGqtBKPeU1CTxkYyNdHM692HnDacHpQgeEJVoz34mLpi8mcaVVdaYDkbHgJBE1PoJ86LfNGleS2H4juQDUHFZKBB-smGSmgIvvIrqx2MpjBU2G0daxDw0WzVdGJKj2WjL9Bl8YyXS_Ozv2t_kMp0CQ4YGiF74b5Y77Pc-PND7yeGSvvXD1pK2UZxrbtlbW_PBzGxcvPeRp1DISNZxQ03jgcZBu1snXmCkcLx0rp0y3p2djzHLOlempkj2rpsS0kJ76PYlsoI4gWjKiJfvo8o7edpTkWBan7E0s7AiHS2jAvjaAiYzlcgSa6gcwqY2-tLv0XaagvFcK5YYVptd6U_olidh4Qyj6kcLIMuWuPh1Jy3OPcIaAv7WRPhudh-IYbi7dr5bL7kig&sai=AMfl-YS05w-5KPaa4sAXlAP_SDXf_nyK7O7hnsHdTDkdkJVktLwcU0E0nxlItXfrF8rsPLK8-wLOQ3V-P_II9B1rv55IAo59VRElGJjaeAWv4THudvr_9VSJCPK9v0ycu1IKz5btR9bCSBuQLHFIcwRd84282msMFH2ub7ymRNo&sig=Cg0ArKJSzDEocjO0mbrqEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210607.33429&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsSb67vPNSe60fsS8fsMKzbjRZVvAXVVsKkX0n-ulxKGgM6x_PROaify_B7HSulVzTog_Fv90teVWXG_fpjnDKYgIowYKjWxNxjCAJvUVNfiWRYhT3qBTgqVkCv-La_1uLyWm1DuHF9yl62oJkq5Oj0uphhg&dbm_d=AKAmf-ALrGJK6LhpH3hjFucug1J-n_VVJmP2_a4h4-sOtHmJxA3PjXyaAS02spyZdlkH2cSryRwzJ_VAjnistA-IozIJqqS3TBoA46u8-4_yow5y21Evo-J5gKL-SiyEAOdNAGmoiszHBBS5q4sFtlga0pP8K9uYL-I5n3MaoyZ8nEOvR9ACnoxDNNrzjsBLIERrOKeXCHqPhWjejXzOtydJQ_2TALd5yO9STWQbxfHsDTEj2Q7Dmrp3NQKgOA0Go66l6pGy0-9gyq4cbd5F15vE0dqIgGuoM7SkWfLSZn-guG3B5ySbqqLUrpclTCElmFjXgVDbybJSaShsx_I8rtMCCNFxEXrrkXwUzm4bij_rKU1B3twCsK7aRhl7KFLpgJvUbgMblt5QexzlGPTUM67JVcJ7-RjHWgGGNkZnpmEUZc17r2UW8v7XgnRrLnLFmGPTpCy7PRhPmy2jCH7OyTy2HQkbYLgTQR6Pki752TawxOPGjvaE7YS98NZJ-USdHLWBbhM62xFpgU-BAygQqfDYgIFKDO3MUHVEDpxF9-5r63TcnsN1MVeHE5OEdjsz4I3gJazMtNitzwqz0oyCpDhaeVXhtQx6kfR8O4H7NtdaeqHOZAoqiTxFO9jPpD-JYPoCJCQbz3LI1rfpJNcr-9BrqP-7u_ens6uPbfU7RPFwA_T5bujoe5HF3K-g_HXIHXKUSG1Q_D3ZRMBamyh8zLouSiGmb2NaA4oiccSKpQ6ru844dG6cr5MNFe1vgfc-8TIPu768Kuus8vITuuuZ5ifIseanJx-c2VvctqpiPW5aBH0uMFr-OoEkzXTcaxa8IeHbvH8ujqs11qO4GhfsfZTKMYK1FPHJwz41JuPb1U_aUH9DohJQd4-V03a6ZYpCAze9qexeh-o4f4Qz96z9-5WHKnSHEgCmKNJStTpYEmDxrdQ4vvhzsPIHWXE5XPCMLEWQMKdmGgnfe5S0Iuw0zY2ja6LS6hrXgjBB3Texg52SMllzQs8NObNm4_k3wewy_fDhJHn5X04uJTqtAxCki1kS1umoWn5mI4OhRwUaawzPAx0MKzkVEWYGzfHG5lxFx3j-yPVU4taIM8LOLy48Bi6VYjMmlk_54bWK66FJteXQewlG9cr1RCgBuJVmBiSyVgExXrHhYy5iGsYt6LXh5jfY8q0T89imv7Qod82f8gswcODbrQS8pm0A9UtlGHW0CMhO0r-VVJ74YrfMANXwLGH873G6DkOovUHTnPopFQ4kpSEXSZFPi5-B01p2o5FCq3QwQ90Fy7gKdYQrLpVN4WGI_TuLjHJ_jjC74l2Zv6gE50K1NxQyKaHwZ03c3Al8nUMW3KKDYsJroY6Hzl2R4ZM1NFRr9yFHglMKSS-p1lVku5nMuW9lqy5voPZ-k3u-Y6NAHqzKKu09MMj_ih_9XTp9pA6Wew8r2jMjR2srZU6vqgzn80NYpzHZKnr8fSNLd6Vzy8GIlKQPV4mUuXp7vuAKHStMqFFNRoPvT38Gwyy4I_K0S_CLHkEaZg5DCYKL_vfxqMXKrHAz8FKpN6FNj_8WlZuFFJAuwO8iWcn-DfTqJ82IYf50l9o19Ry9jfL408IGRGv77aBhIYTAooxaVsehzOOSW_JlR4jnAK-LrMIU-wmP5jjNb0fF0I9DiIll32Re0C6BxrVvGV-cdK43CR_Gym0ZleKBCclgwUJoFSJ1h_feYAOcRB6N3uJaQVkznHCWCmHvcWznLF92_WY49MmDXAek5ffjxLrTVdeo21BdylA0vwn6xZmEe6y5ZZEQPJ75ipaqr-PPDhGIb7saPCW9cVl2HMzI5E1nRGVfti0JPU5k1ugsEIXfud6bgmVWeY7KVggyMS1xwm7jSXbYplBgfO9hCtGUkJLV5DJNPP_m0_yUIhzA531TaQVSLthH3q7j69Gg0kav8K30Omidkn0DFMJXMQDfr6wriJiVJifFEJ18ZkifFMR1JKW82MG0STMarOOVdR-ADCt7hGff7tbrGkWHRBLDYkDIKDLK2Lw8IbpgHI_I_iqxbprYYcL6xGQfYY64gsIhvm0UR1GvuN9ORMi00gP29nejac7mm8XgcIdO1WnfD67fHhZ4iu0RT8KOeT06nf9H0Y5WI7OfND1c9g33R3p8a8Kl9y604WMmwy6gTdJ4KqgGAZgcOkcHyijxcxftyLQRWicmdfg6559J32YFmSpJdqozzxWvP9qkoE97kG9NyXtn0ETL4jV8TxraLKKd2Nf04FHkrnlPMSR5gkoHuPo8jTbex2Kvd56ev2xsjz5ET3glR2GRWdW2csqvz7wVbHyoVrXsUhogY4LpMVp9NZ5fZrZqFpgvHYVqbMwbGX8SrReQGT69KHZRbV1rXlZphdYDIIRDvg0okeyDekiL2-pWtTPhOFLnT_1CTo6uU5VORDi__akG-j-DPcpo-kiTt1XbzCC-7uvh82ZTlny6esq2AL4hj6fubh5LfDrYSbrVQOxtBM4N_1tgCSITVaLl2rKdm3MEE-vm9a4AU3yvvi9DHjAM4hfEU-sh13az56oZnq_Km66gRRlZQXPAjDl7egWWPpCa2hyrK6cmso0vhAsBQ60_4Q-Vl6Wme3O5S3REaG6d5WXhjIfui1Ze6-o4hhDaO-VvRigaP42jHVMWGp8CPxIof4egUQCnAR4JpBgytZa5hgUdN3vW2TqSwRxI5FZhf2chwH6hBCl4YfZ6AFqf8_CiheAhYu35I1-CSQy0jyi6wSLGqHBe1IS0DH5B0TCr-UGwVJ7rUppNbIskrdfXUnmyMv3t7z2k9U0lJxdK5tUBBgDoPFD53Ucj1n-cBOiiyPkBxhkOjKbyjXgTnsVp_hO0xzUOMzITst0M0__SWlGsjsWWVvLanZLc57qGsQHG0AVAGkY8Po-QYSruyCOEcrxamGV6ilW8ooxjNABqo13FPL8rrXjZOOmnpGLoSIN3zaUhLYIF_7lQkRYmHVA0ioKVJvd25n15-bABtjlYTiyJdqzWRuyZvuT5I6HEbiTQ7DfrhEVTWQdHRWdlqQHCEqEIOcbe-wS__jH96tlE1nR887c4quXhZBBtLyUfCIxYkGwFRFIE2251sZjPlJZqMijxQRmjhK0DDLcOLKM5Yo4RUDmL_ar3N5qyCEjwMndCizV2DNK9F0-rq3mHhp531ZwkHeoZBnd3sMyxrM6l_nurWNjL-M4e9N_BrZ1f04m4kjcd8NHlZDrEV6ZMgmWUig&cid=CAASFeRoZ54IA88k6VIeXZUOI-NLaAaXbg&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Wed, 09 Jun 2021 13:16:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
t.js;adv=11297208284209;ec=11297212736296;adv.a=9080429;c.a=23712927;s.a=2103608;p.a=283606246;a.a=478222789;cache=2655313404;%22async
ad.atdmt.com/i/ Frame D714 		43 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.atdmt.com/i/t.js;adv=11297208284209;ec=11297212736296;adv.a=9080429;c.a=23712927;s.a=2103608;p.a=283606246;a.a=478222789;cache=2655313404;%22async
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsSb67vPNSe60fsS8fsMKzbjRZVvAXVVsKkX0n-ulxKGgM6x_PROaify_B7HSulVzTog_Fv90teVWXG_fpjnDKYgIowYKjWxNxjCAJvUVNfiWRYhT3qBTgqVkCv-La_1uLyWm1DuHF9yl62oJkq5Oj0uphhg&dbm_d=AKAmf-ALrGJK6LhpH3hjFucug1J-n_VVJmP2_a4h4-sOtHmJxA3PjXyaAS02spyZdlkH2cSryRwzJ_VAjnistA-IozIJqqS3TBoA46u8-4_yow5y21Evo-J5gKL-SiyEAOdNAGmoiszHBBS5q4sFtlga0pP8K9uYL-I5n3MaoyZ8nEOvR9ACnoxDNNrzjsBLIERrOKeXCHqPhWjejXzOtydJQ_2TALd5yO9STWQbxfHsDTEj2Q7Dmrp3NQKgOA0Go66l6pGy0-9gyq4cbd5F15vE0dqIgGuoM7SkWfLSZn-guG3B5ySbqqLUrpclTCElmFjXgVDbybJSaShsx_I8rtMCCNFxEXrrkXwUzm4bij_rKU1B3twCsK7aRhl7KFLpgJvUbgMblt5QexzlGPTUM67JVcJ7-RjHWgGGNkZnpmEUZc17r2UW8v7XgnRrLnLFmGPTpCy7PRhPmy2jCH7OyTy2HQkbYLgTQR6Pki752TawxOPGjvaE7YS98NZJ-USdHLWBbhM62xFpgU-BAygQqfDYgIFKDO3MUHVEDpxF9-5r63TcnsN1MVeHE5OEdjsz4I3gJazMtNitzwqz0oyCpDhaeVXhtQx6kfR8O4H7NtdaeqHOZAoqiTxFO9jPpD-JYPoCJCQbz3LI1rfpJNcr-9BrqP-7u_ens6uPbfU7RPFwA_T5bujoe5HF3K-g_HXIHXKUSG1Q_D3ZRMBamyh8zLouSiGmb2NaA4oiccSKpQ6ru844dG6cr5MNFe1vgfc-8TIPu768Kuus8vITuuuZ5ifIseanJx-c2VvctqpiPW5aBH0uMFr-OoEkzXTcaxa8IeHbvH8ujqs11qO4GhfsfZTKMYK1FPHJwz41JuPb1U_aUH9DohJQd4-V03a6ZYpCAze9qexeh-o4f4Qz96z9-5WHKnSHEgCmKNJStTpYEmDxrdQ4vvhzsPIHWXE5XPCMLEWQMKdmGgnfe5S0Iuw0zY2ja6LS6hrXgjBB3Texg52SMllzQs8NObNm4_k3wewy_fDhJHn5X04uJTqtAxCki1kS1umoWn5mI4OhRwUaawzPAx0MKzkVEWYGzfHG5lxFx3j-yPVU4taIM8LOLy48Bi6VYjMmlk_54bWK66FJteXQewlG9cr1RCgBuJVmBiSyVgExXrHhYy5iGsYt6LXh5jfY8q0T89imv7Qod82f8gswcODbrQS8pm0A9UtlGHW0CMhO0r-VVJ74YrfMANXwLGH873G6DkOovUHTnPopFQ4kpSEXSZFPi5-B01p2o5FCq3QwQ90Fy7gKdYQrLpVN4WGI_TuLjHJ_jjC74l2Zv6gE50K1NxQyKaHwZ03c3Al8nUMW3KKDYsJroY6Hzl2R4ZM1NFRr9yFHglMKSS-p1lVku5nMuW9lqy5voPZ-k3u-Y6NAHqzKKu09MMj_ih_9XTp9pA6Wew8r2jMjR2srZU6vqgzn80NYpzHZKnr8fSNLd6Vzy8GIlKQPV4mUuXp7vuAKHStMqFFNRoPvT38Gwyy4I_K0S_CLHkEaZg5DCYKL_vfxqMXKrHAz8FKpN6FNj_8WlZuFFJAuwO8iWcn-DfTqJ82IYf50l9o19Ry9jfL408IGRGv77aBhIYTAooxaVsehzOOSW_JlR4jnAK-LrMIU-wmP5jjNb0fF0I9DiIll32Re0C6BxrVvGV-cdK43CR_Gym0ZleKBCclgwUJoFSJ1h_feYAOcRB6N3uJaQVkznHCWCmHvcWznLF92_WY49MmDXAek5ffjxLrTVdeo21BdylA0vwn6xZmEe6y5ZZEQPJ75ipaqr-PPDhGIb7saPCW9cVl2HMzI5E1nRGVfti0JPU5k1ugsEIXfud6bgmVWeY7KVggyMS1xwm7jSXbYplBgfO9hCtGUkJLV5DJNPP_m0_yUIhzA531TaQVSLthH3q7j69Gg0kav8K30Omidkn0DFMJXMQDfr6wriJiVJifFEJ18ZkifFMR1JKW82MG0STMarOOVdR-ADCt7hGff7tbrGkWHRBLDYkDIKDLK2Lw8IbpgHI_I_iqxbprYYcL6xGQfYY64gsIhvm0UR1GvuN9ORMi00gP29nejac7mm8XgcIdO1WnfD67fHhZ4iu0RT8KOeT06nf9H0Y5WI7OfND1c9g33R3p8a8Kl9y604WMmwy6gTdJ4KqgGAZgcOkcHyijxcxftyLQRWicmdfg6559J32YFmSpJdqozzxWvP9qkoE97kG9NyXtn0ETL4jV8TxraLKKd2Nf04FHkrnlPMSR5gkoHuPo8jTbex2Kvd56ev2xsjz5ET3glR2GRWdW2csqvz7wVbHyoVrXsUhogY4LpMVp9NZ5fZrZqFpgvHYVqbMwbGX8SrReQGT69KHZRbV1rXlZphdYDIIRDvg0okeyDekiL2-pWtTPhOFLnT_1CTo6uU5VORDi__akG-j-DPcpo-kiTt1XbzCC-7uvh82ZTlny6esq2AL4hj6fubh5LfDrYSbrVQOxtBM4N_1tgCSITVaLl2rKdm3MEE-vm9a4AU3yvvi9DHjAM4hfEU-sh13az56oZnq_Km66gRRlZQXPAjDl7egWWPpCa2hyrK6cmso0vhAsBQ60_4Q-Vl6Wme3O5S3REaG6d5WXhjIfui1Ze6-o4hhDaO-VvRigaP42jHVMWGp8CPxIof4egUQCnAR4JpBgytZa5hgUdN3vW2TqSwRxI5FZhf2chwH6hBCl4YfZ6AFqf8_CiheAhYu35I1-CSQy0jyi6wSLGqHBe1IS0DH5B0TCr-UGwVJ7rUppNbIskrdfXUnmyMv3t7z2k9U0lJxdK5tUBBgDoPFD53Ucj1n-cBOiiyPkBxhkOjKbyjXgTnsVp_hO0xzUOMzITst0M0__SWlGsjsWWVvLanZLc57qGsQHG0AVAGkY8Po-QYSruyCOEcrxamGV6ilW8ooxjNABqo13FPL8rrXjZOOmnpGLoSIN3zaUhLYIF_7lQkRYmHVA0ioKVJvd25n15-bABtjlYTiyJdqzWRuyZvuT5I6HEbiTQ7DfrhEVTWQdHRWdlqQHCEqEIOcbe-wS__jH96tlE1nR887c4quXhZBBtLyUfCIxYkGwFRFIE2251sZjPlJZqMijxQRmjhK0DDLcOLKM5Yo4RUDmL_ar3N5qyCEjwMndCizV2DNK9F0-rq3mHhp531ZwkHeoZBnd3sMyxrM6l_nurWNjL-M4e9N_BrZ1f04m4kjcd8NHlZDrEV6ZMgmWUig&cid=CAASFeRoZ54IA88k6VIeXZUOI-NLaAaXbg&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8004:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
XEBXDGfPz4Si+NU3Ezlb2LZOYMUOjI5zMj1PHd3Y6O4XHse9H137GfhrSmXP88E4fgRx6PnGgpyGHms7Uks0hA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
date
Wed, 09 Jun 2021 13:16:18 GMT
vary
Accept-Encoding
report-to
{"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
image/gif
x-xss-protection
0
cache-control
private, no-cache, no-store, must-revalidate
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame D714 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsSb67vPNSe60fsS8fsMKzbjRZVvAXVVsKkX0n-ulxKGgM6x_PROaify_B7HSulVzTog_Fv90teVWXG_fpjnDKYgIowYKjWxNxjCAJvUVNfiWRYhT3qBTgqVkCv-La_1uLyWm1DuHF9yl62oJkq5Oj0uphhg&dbm_d=AKAmf-ALrGJK6LhpH3hjFucug1J-n_VVJmP2_a4h4-sOtHmJxA3PjXyaAS02spyZdlkH2cSryRwzJ_VAjnistA-IozIJqqS3TBoA46u8-4_yow5y21Evo-J5gKL-SiyEAOdNAGmoiszHBBS5q4sFtlga0pP8K9uYL-I5n3MaoyZ8nEOvR9ACnoxDNNrzjsBLIERrOKeXCHqPhWjejXzOtydJQ_2TALd5yO9STWQbxfHsDTEj2Q7Dmrp3NQKgOA0Go66l6pGy0-9gyq4cbd5F15vE0dqIgGuoM7SkWfLSZn-guG3B5ySbqqLUrpclTCElmFjXgVDbybJSaShsx_I8rtMCCNFxEXrrkXwUzm4bij_rKU1B3twCsK7aRhl7KFLpgJvUbgMblt5QexzlGPTUM67JVcJ7-RjHWgGGNkZnpmEUZc17r2UW8v7XgnRrLnLFmGPTpCy7PRhPmy2jCH7OyTy2HQkbYLgTQR6Pki752TawxOPGjvaE7YS98NZJ-USdHLWBbhM62xFpgU-BAygQqfDYgIFKDO3MUHVEDpxF9-5r63TcnsN1MVeHE5OEdjsz4I3gJazMtNitzwqz0oyCpDhaeVXhtQx6kfR8O4H7NtdaeqHOZAoqiTxFO9jPpD-JYPoCJCQbz3LI1rfpJNcr-9BrqP-7u_ens6uPbfU7RPFwA_T5bujoe5HF3K-g_HXIHXKUSG1Q_D3ZRMBamyh8zLouSiGmb2NaA4oiccSKpQ6ru844dG6cr5MNFe1vgfc-8TIPu768Kuus8vITuuuZ5ifIseanJx-c2VvctqpiPW5aBH0uMFr-OoEkzXTcaxa8IeHbvH8ujqs11qO4GhfsfZTKMYK1FPHJwz41JuPb1U_aUH9DohJQd4-V03a6ZYpCAze9qexeh-o4f4Qz96z9-5WHKnSHEgCmKNJStTpYEmDxrdQ4vvhzsPIHWXE5XPCMLEWQMKdmGgnfe5S0Iuw0zY2ja6LS6hrXgjBB3Texg52SMllzQs8NObNm4_k3wewy_fDhJHn5X04uJTqtAxCki1kS1umoWn5mI4OhRwUaawzPAx0MKzkVEWYGzfHG5lxFx3j-yPVU4taIM8LOLy48Bi6VYjMmlk_54bWK66FJteXQewlG9cr1RCgBuJVmBiSyVgExXrHhYy5iGsYt6LXh5jfY8q0T89imv7Qod82f8gswcODbrQS8pm0A9UtlGHW0CMhO0r-VVJ74YrfMANXwLGH873G6DkOovUHTnPopFQ4kpSEXSZFPi5-B01p2o5FCq3QwQ90Fy7gKdYQrLpVN4WGI_TuLjHJ_jjC74l2Zv6gE50K1NxQyKaHwZ03c3Al8nUMW3KKDYsJroY6Hzl2R4ZM1NFRr9yFHglMKSS-p1lVku5nMuW9lqy5voPZ-k3u-Y6NAHqzKKu09MMj_ih_9XTp9pA6Wew8r2jMjR2srZU6vqgzn80NYpzHZKnr8fSNLd6Vzy8GIlKQPV4mUuXp7vuAKHStMqFFNRoPvT38Gwyy4I_K0S_CLHkEaZg5DCYKL_vfxqMXKrHAz8FKpN6FNj_8WlZuFFJAuwO8iWcn-DfTqJ82IYf50l9o19Ry9jfL408IGRGv77aBhIYTAooxaVsehzOOSW_JlR4jnAK-LrMIU-wmP5jjNb0fF0I9DiIll32Re0C6BxrVvGV-cdK43CR_Gym0ZleKBCclgwUJoFSJ1h_feYAOcRB6N3uJaQVkznHCWCmHvcWznLF92_WY49MmDXAek5ffjxLrTVdeo21BdylA0vwn6xZmEe6y5ZZEQPJ75ipaqr-PPDhGIb7saPCW9cVl2HMzI5E1nRGVfti0JPU5k1ugsEIXfud6bgmVWeY7KVggyMS1xwm7jSXbYplBgfO9hCtGUkJLV5DJNPP_m0_yUIhzA531TaQVSLthH3q7j69Gg0kav8K30Omidkn0DFMJXMQDfr6wriJiVJifFEJ18ZkifFMR1JKW82MG0STMarOOVdR-ADCt7hGff7tbrGkWHRBLDYkDIKDLK2Lw8IbpgHI_I_iqxbprYYcL6xGQfYY64gsIhvm0UR1GvuN9ORMi00gP29nejac7mm8XgcIdO1WnfD67fHhZ4iu0RT8KOeT06nf9H0Y5WI7OfND1c9g33R3p8a8Kl9y604WMmwy6gTdJ4KqgGAZgcOkcHyijxcxftyLQRWicmdfg6559J32YFmSpJdqozzxWvP9qkoE97kG9NyXtn0ETL4jV8TxraLKKd2Nf04FHkrnlPMSR5gkoHuPo8jTbex2Kvd56ev2xsjz5ET3glR2GRWdW2csqvz7wVbHyoVrXsUhogY4LpMVp9NZ5fZrZqFpgvHYVqbMwbGX8SrReQGT69KHZRbV1rXlZphdYDIIRDvg0okeyDekiL2-pWtTPhOFLnT_1CTo6uU5VORDi__akG-j-DPcpo-kiTt1XbzCC-7uvh82ZTlny6esq2AL4hj6fubh5LfDrYSbrVQOxtBM4N_1tgCSITVaLl2rKdm3MEE-vm9a4AU3yvvi9DHjAM4hfEU-sh13az56oZnq_Km66gRRlZQXPAjDl7egWWPpCa2hyrK6cmso0vhAsBQ60_4Q-Vl6Wme3O5S3REaG6d5WXhjIfui1Ze6-o4hhDaO-VvRigaP42jHVMWGp8CPxIof4egUQCnAR4JpBgytZa5hgUdN3vW2TqSwRxI5FZhf2chwH6hBCl4YfZ6AFqf8_CiheAhYu35I1-CSQy0jyi6wSLGqHBe1IS0DH5B0TCr-UGwVJ7rUppNbIskrdfXUnmyMv3t7z2k9U0lJxdK5tUBBgDoPFD53Ucj1n-cBOiiyPkBxhkOjKbyjXgTnsVp_hO0xzUOMzITst0M0__SWlGsjsWWVvLanZLc57qGsQHG0AVAGkY8Po-QYSruyCOEcrxamGV6ilW8ooxjNABqo13FPL8rrXjZOOmnpGLoSIN3zaUhLYIF_7lQkRYmHVA0ioKVJvd25n15-bABtjlYTiyJdqzWRuyZvuT5I6HEbiTQ7DfrhEVTWQdHRWdlqQHCEqEIOcbe-wS__jH96tlE1nR887c4quXhZBBtLyUfCIxYkGwFRFIE2251sZjPlJZqMijxQRmjhK0DDLcOLKM5Yo4RUDmL_ar3N5qyCEjwMndCizV2DNK9F0-rq3mHhp531ZwkHeoZBnd3sMyxrM6l_nurWNjL-M4e9N_BrZ1f04m4kjcd8NHlZDrEV6ZMgmWUig&cid=CAASFeRoZ54IA88k6VIeXZUOI-NLaAaXbg&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 06:19:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25017
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 09 Jun 2022 06:19:21 GMT
Y0wenRQHJt67AWlMUY8ZjpjdFu8mKTuwOAhZmk4GzzkNy47RdLMcB0jUAGpN7VQI4HoAKKlxORw_RlzuidljlwtF7ZuRUa8BGKir=w300-h250-n
s2.2mdn.net/proxy/ Frame D714 		88 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2.2mdn.net/proxy/Y0wenRQHJt67AWlMUY8ZjpjdFu8mKTuwOAhZmk4GzzkNy47RdLMcB0jUAGpN7VQI4HoAKKlxORw_RlzuidljlwtF7ZuRUa8BGKir=w300-h250-n
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1d2835f8983acb1265b618bcef75a450921f0ba8548ff36c965f2e2ec97bf5df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:08:32 GMT
x-content-type-options
nosniff
server
fife
age
466
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="unnamed.png"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
90032
x-xss-protection
0
expires
Thu, 10 Jun 2021 13:08:32 GMT
truncated
/ Frame D714 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
382ba0753a954f6e25fb348c10ccf194ec67fff7ff74c97e7a515b0a667deeec

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 3763 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Wed, 09 Jun 2021 06:20:54 GMT
expires
Thu, 09 Jun 2022 06:20:54 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
24924
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame D714 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstcvd5TIFrUBKQKnplNnQXPNu9KfQOtisrMO19nvVGTMzSd1Ui4Xau5QnQ189UAXEaugKIe-RrdB5BQpCQJrMqW-Y-UPwsfyH-rfbAmsbruD5inKuZblldcW2aYPMZtUp30El4FtpZk1l26etwgdEpSGNYfvPYRZYkqY3dURcmZEmEImHTbQvcU3GwIVd1YwwHZutlBGDiibVo0Eu0WmtjwLspA1tlG4HzEK9QX_yhJk5lyVS4EbBxM9QiDxAc1Ecq8AjwSNoj8cKQb6AmC42uoFs7JGhRz2LSNSBSZVe9xRa9zYFvI5llEuMs9zSi3_7t56N1GPcd440kurTHJUUWLP8m5cE80qSDGOoSRreXJ1uJTdwE73qwcnp4nwnr0n1iMe2SxgUzqJJlphIgFMNGxpl0TTcafKTWvo6EeQ_9MverFkOEoVR8AymA2T1UnRT-mb8RvPL1MNoBhRVzPuFQczdrifPN_2vPRVGRfFzcpvfINJf6xXaPTJs2zhME87SWETv-e6Gzk8ZkiYLWDE5kFfcmPR0JEWxrtxNKvOvnii69nHwAqrnadidwexhZ3-70Cv3iDC4mpCxIDO1-C8YX8UryCXRJwjanOzzXkHKitD49k82kdmOklRwN5PQNNtjbrHiy349pd5PEUl5PbnoW_gmA-Jn5Z6Nhtefbkn7E0gX2r6gmvIv0KgaZeGYPQzFt2Nm4rsjEh6g89Ze6Ydm1ZwsoIJp8HwiqsdkU9l_1bf4n3K6urbbTa6UCFfV7TLJzTqcLQnbbdxE1QqwhmvGLKDIekh6g2bKwbFx6MWmo_oY2A8bH3YNEzzcRis8sHFbcQrp8yNbLIBH6q2OHzSiqwvlJFvb8pBOU0tDujUTQWxAGqtBKPeU1CTxkYyNdHM692HnDacHpQgeEJVoz34mLpi8mcaVVdaYDkbHgJBE1PoJ86LfNGleS2H4juQDUHFZKBB-smGSmgIvvIrqx2MpjBU2G0daxDw0WzVdGJKj2WjL9Bl8YyXS_Ozv2t_kMp0CQ4YGiF74b5Y77Pc-PND7yeGSvvXD1pK2UZxrbtlbW_PBzGxcvPeRp1DISNZxQ03jgcZBu1snXmCkcLx0rp0y3p2djzHLOlempkj2rpsS0kJ76PYlsoI4gWjKiJfvo8o7edpTkWBan7E0s7AiHS2jAvjaAiYzlcgSa6gcwqY2-tLv0XaagvFcK5YYVptd6U_olidh4Qyj6kcLIMuWuPh1Jy3OPcIaAv7WRPhudh-IYbi7dr5bL7kig&sai=AMfl-YS05w-5KPaa4sAXlAP_SDXf_nyK7O7hnsHdTDkdkJVktLwcU0E0nxlItXfrF8rsPLK8-wLOQ3V-P_II9B1rv55IAo59VRElGJjaeAWv4THudvr_9VSJCPK9v0ycu1IKz5btR9bCSBuQLHFIcwRd84282msMFH2ub7ymRNo&sig=Cg0ArKJSzDEocjO0mbrqEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=215&vt=11&dtpt=214&dett=2&cstd=0&cisv=r20210607.33429&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsSb67vPNSe60fsS8fsMKzbjRZVvAXVVsKkX0n-ulxKGgM6x_PROaify_B7HSulVzTog_Fv90teVWXG_fpjnDKYgIowYKjWxNxjCAJvUVNfiWRYhT3qBTgqVkCv-La_1uLyWm1DuHF9yl62oJkq5Oj0uphhg&dbm_d=AKAmf-ALrGJK6LhpH3hjFucug1J-n_VVJmP2_a4h4-sOtHmJxA3PjXyaAS02spyZdlkH2cSryRwzJ_VAjnistA-IozIJqqS3TBoA46u8-4_yow5y21Evo-J5gKL-SiyEAOdNAGmoiszHBBS5q4sFtlga0pP8K9uYL-I5n3MaoyZ8nEOvR9ACnoxDNNrzjsBLIERrOKeXCHqPhWjejXzOtydJQ_2TALd5yO9STWQbxfHsDTEj2Q7Dmrp3NQKgOA0Go66l6pGy0-9gyq4cbd5F15vE0dqIgGuoM7SkWfLSZn-guG3B5ySbqqLUrpclTCElmFjXgVDbybJSaShsx_I8rtMCCNFxEXrrkXwUzm4bij_rKU1B3twCsK7aRhl7KFLpgJvUbgMblt5QexzlGPTUM67JVcJ7-RjHWgGGNkZnpmEUZc17r2UW8v7XgnRrLnLFmGPTpCy7PRhPmy2jCH7OyTy2HQkbYLgTQR6Pki752TawxOPGjvaE7YS98NZJ-USdHLWBbhM62xFpgU-BAygQqfDYgIFKDO3MUHVEDpxF9-5r63TcnsN1MVeHE5OEdjsz4I3gJazMtNitzwqz0oyCpDhaeVXhtQx6kfR8O4H7NtdaeqHOZAoqiTxFO9jPpD-JYPoCJCQbz3LI1rfpJNcr-9BrqP-7u_ens6uPbfU7RPFwA_T5bujoe5HF3K-g_HXIHXKUSG1Q_D3ZRMBamyh8zLouSiGmb2NaA4oiccSKpQ6ru844dG6cr5MNFe1vgfc-8TIPu768Kuus8vITuuuZ5ifIseanJx-c2VvctqpiPW5aBH0uMFr-OoEkzXTcaxa8IeHbvH8ujqs11qO4GhfsfZTKMYK1FPHJwz41JuPb1U_aUH9DohJQd4-V03a6ZYpCAze9qexeh-o4f4Qz96z9-5WHKnSHEgCmKNJStTpYEmDxrdQ4vvhzsPIHWXE5XPCMLEWQMKdmGgnfe5S0Iuw0zY2ja6LS6hrXgjBB3Texg52SMllzQs8NObNm4_k3wewy_fDhJHn5X04uJTqtAxCki1kS1umoWn5mI4OhRwUaawzPAx0MKzkVEWYGzfHG5lxFx3j-yPVU4taIM8LOLy48Bi6VYjMmlk_54bWK66FJteXQewlG9cr1RCgBuJVmBiSyVgExXrHhYy5iGsYt6LXh5jfY8q0T89imv7Qod82f8gswcODbrQS8pm0A9UtlGHW0CMhO0r-VVJ74YrfMANXwLGH873G6DkOovUHTnPopFQ4kpSEXSZFPi5-B01p2o5FCq3QwQ90Fy7gKdYQrLpVN4WGI_TuLjHJ_jjC74l2Zv6gE50K1NxQyKaHwZ03c3Al8nUMW3KKDYsJroY6Hzl2R4ZM1NFRr9yFHglMKSS-p1lVku5nMuW9lqy5voPZ-k3u-Y6NAHqzKKu09MMj_ih_9XTp9pA6Wew8r2jMjR2srZU6vqgzn80NYpzHZKnr8fSNLd6Vzy8GIlKQPV4mUuXp7vuAKHStMqFFNRoPvT38Gwyy4I_K0S_CLHkEaZg5DCYKL_vfxqMXKrHAz8FKpN6FNj_8WlZuFFJAuwO8iWcn-DfTqJ82IYf50l9o19Ry9jfL408IGRGv77aBhIYTAooxaVsehzOOSW_JlR4jnAK-LrMIU-wmP5jjNb0fF0I9DiIll32Re0C6BxrVvGV-cdK43CR_Gym0ZleKBCclgwUJoFSJ1h_feYAOcRB6N3uJaQVkznHCWCmHvcWznLF92_WY49MmDXAek5ffjxLrTVdeo21BdylA0vwn6xZmEe6y5ZZEQPJ75ipaqr-PPDhGIb7saPCW9cVl2HMzI5E1nRGVfti0JPU5k1ugsEIXfud6bgmVWeY7KVggyMS1xwm7jSXbYplBgfO9hCtGUkJLV5DJNPP_m0_yUIhzA531TaQVSLthH3q7j69Gg0kav8K30Omidkn0DFMJXMQDfr6wriJiVJifFEJ18ZkifFMR1JKW82MG0STMarOOVdR-ADCt7hGff7tbrGkWHRBLDYkDIKDLK2Lw8IbpgHI_I_iqxbprYYcL6xGQfYY64gsIhvm0UR1GvuN9ORMi00gP29nejac7mm8XgcIdO1WnfD67fHhZ4iu0RT8KOeT06nf9H0Y5WI7OfND1c9g33R3p8a8Kl9y604WMmwy6gTdJ4KqgGAZgcOkcHyijxcxftyLQRWicmdfg6559J32YFmSpJdqozzxWvP9qkoE97kG9NyXtn0ETL4jV8TxraLKKd2Nf04FHkrnlPMSR5gkoHuPo8jTbex2Kvd56ev2xsjz5ET3glR2GRWdW2csqvz7wVbHyoVrXsUhogY4LpMVp9NZ5fZrZqFpgvHYVqbMwbGX8SrReQGT69KHZRbV1rXlZphdYDIIRDvg0okeyDekiL2-pWtTPhOFLnT_1CTo6uU5VORDi__akG-j-DPcpo-kiTt1XbzCC-7uvh82ZTlny6esq2AL4hj6fubh5LfDrYSbrVQOxtBM4N_1tgCSITVaLl2rKdm3MEE-vm9a4AU3yvvi9DHjAM4hfEU-sh13az56oZnq_Km66gRRlZQXPAjDl7egWWPpCa2hyrK6cmso0vhAsBQ60_4Q-Vl6Wme3O5S3REaG6d5WXhjIfui1Ze6-o4hhDaO-VvRigaP42jHVMWGp8CPxIof4egUQCnAR4JpBgytZa5hgUdN3vW2TqSwRxI5FZhf2chwH6hBCl4YfZ6AFqf8_CiheAhYu35I1-CSQy0jyi6wSLGqHBe1IS0DH5B0TCr-UGwVJ7rUppNbIskrdfXUnmyMv3t7z2k9U0lJxdK5tUBBgDoPFD53Ucj1n-cBOiiyPkBxhkOjKbyjXgTnsVp_hO0xzUOMzITst0M0__SWlGsjsWWVvLanZLc57qGsQHG0AVAGkY8Po-QYSruyCOEcrxamGV6ilW8ooxjNABqo13FPL8rrXjZOOmnpGLoSIN3zaUhLYIF_7lQkRYmHVA0ioKVJvd25n15-bABtjlYTiyJdqzWRuyZvuT5I6HEbiTQ7DfrhEVTWQdHRWdlqQHCEqEIOcbe-wS__jH96tlE1nR887c4quXhZBBtLyUfCIxYkGwFRFIE2251sZjPlJZqMijxQRmjhK0DDLcOLKM5Yo4RUDmL_ar3N5qyCEjwMndCizV2DNK9F0-rq3mHhp531ZwkHeoZBnd3sMyxrM6l_nurWNjL-M4e9N_BrZ1f04m4kjcd8NHlZDrEV6ZMgmWUig&cid=CAASFeRoZ54IA88k6VIeXZUOI-NLaAaXbg&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:18 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
integrator.js
adservice.google.ch/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		49 KB
25 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=116325644524575&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=3&prev_scp=a%3D%257C251%257C%26iid8%3D716165%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-716165%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D22%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D160%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D82%2C25%2C176%2C67%2C51%2C122%2C89%2C20%2C26%2C188%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C20%26lb%3D400%26reqt%3D1623244578373&eri=1&cookie=ID%3Df8399ab25439d63b-226a1d155dc800d8%3AT%3D1623244577%3AS%3DALNI_MYMNNLqpP-nyErEWZWcvxvsd4jo4Q&bc=31&abxe=1&lmt=1623157819&dt=1623244578400&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=d&ifi=13&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
beb2036f2233e320f81e54504662f33bce0368f18b7bfd9865b3f1f5eab90133
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:18 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25700
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js
pagead2.googlesyndication.com/bg/ Frame 3763 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 00:21:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
46507
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5768
x-xss-protection
0
last-modified
Mon, 31 May 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Jun 2022 00:21:11 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3763 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BljgvIr_AYJ6QBYHz3wOcnJKIAgAAAAA4AeAEAg&bg=!Q0ClQATNAAY6sG-_OrA7ACkAdvg8WtuoRNXBRTj8k2_-SAXKY2B6i8XN3wVi2bOrHFftgdGK0nBodwIAAADiUgAAABNoAQeZAsZHzeIwb9Zqd3zseQYBxdkX9eOlcFRqjwkzVQ8E4aniYDQZ3NmaYd6oBYbhtFrFGKzGpAJ7X4TI_4ELk8OiaD0ki-7Vp-hYq95nEt4lyEogHOndGULlD6jHnD2ApaICAIS-w4S73v_8kooDjO-Faet7q7P8ExZID_sRmWwSJv4YwHC-i7EyKhvHxBUWLs6XqYIzmNCA_P8K-Oo9t9EhtItg6MrHgPmnoY8Jq14rqQeTEhnGP4EaRqjdFWSnJoU6GGHOfSey_DD1hRqoQrACh-VZCSAa0CjQI5gk3FYkhUOQu10xLcByJNdENmp3OlNARDP3jBG0GUHS1AXa3SJkkyV37tNvgSMlcNt-qWAZrMHX5lzD0paWWKPhnTRdfua8scwMLkhVtJnIu4P40vYyrXgTm0-Pmwys1vqSFoGztRzBIBTPCL7tgw5t3L5xuSL2G8whlrP3WhwpWl7PIhk9ilyamsShF8SIrIvn91gluuOplV-0aN23vn8fpbiXsro-5bPPAeY7HjTUtDKNG3NA65i_9vmZHYAaLvZ0jNfEqljQyi7kJgL0BOH0hQHi-A-7H48yi8ZlY0FTQc0AOWcVjNwRVtOq2XRDHLSdtBVEJbbbSCCO0OFhsKVxWOn0J7YBX4_DVmYUy18pv4SAdvR3vXHXb4a5JvuYzan_tHhOy1n4JeUJiyAiN_uAmgYwn0kBfrXg3KBI0c7rNAqCsORHnVl1FytIv0JAmdtH5lZuOnYinmn2pzlJNFRz2l5kUUI0wT_9-GLibvGJtxVW_DMq18JkVXh_Y7cRXkHFc82zKKyvO3afThlK846xNxQNjOEbvTxA1mhTHbfJf_vlD7EqX5I-HtNXuc7WMOh_8hWd2io74bBti26NiSg5BaHdyhL3l-_t9WoGW7vJlwgFNvQyT8LmbsiOQImVz6dm_eRX0G-57UMh7bQmEQ
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.ch/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
container.html
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6108 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://returnsandrefund.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Wed, 09 Jun 2021 13:16:12 GMT
expires
Thu, 09 Jun 2022 13:16:12 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
7
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
securepubads.g.doubleclick.net/gampad/ 		477 B
284 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=3304148053808711&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=4&prev_scp=a%3D%257C3%257C%26iid7%3D671765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-671765%26eb_br%3D3ba982fc4238dd4197b1d51b345478dc%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D2%26bvm%3D0%26bvr%3D6%26shp%3D1%26br1%3D50%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C22%2C20%2C21%2C22%2C17%2C20%2C21%2C22%2C17%2C19%2C20%2C21%2C22%26lb%3D140%26reqt%3D1623244578079&eri=1&cookie=ID%3Df8399ab25439d63b%3AT%3D1623244577%3AS%3DALNI_MaYBnRueTwuNx8hTwKqWKlqcUf4ww&bc=31&abxe=1&lmt=1623157819&dt=1623244579103&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=e&ifi=14&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
b74a47136484696d55cda4cb6f5cb93bdbadb428edd938d9f5518b688c400753
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:19 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
254
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/ 		0
42 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIzNTMwZmNiNmJjYzEzZGMzYzE3MTJlYWVmN2Q5MjcwMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMTYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDE2LCJiaWRfZmxvb3JfcHJldiI6MC4wMDQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTYxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4OCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTg4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTYxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4OCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIzNTMwZmNiNmJjYzEzZGMzYzE3MTJlYWVmN2Q5MjcwMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMTYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDE2LCJiaWRfZmxvb3JfcHJldiI6MC4wMDQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTYxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4OCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTg4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTYxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4OCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
__gads=ID=f8399ab25439d63b:T=1623244577:S=ALNI_MaYBnRueTwuNx8hTwKqWKlqcUf4ww; ezouspvv=160; ezouspva=1; ezouspvh=160
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:19 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:18 UTC
28687274
g.ezoic.net/dac/ 		0
40 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g.ezoic.net/dac/28687274
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 09 Jun 2021 13:16:19 GMT
cache-control
max-age=3600, public
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain
army.gif
returnsandrefund.com/porpoiseant/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMyJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMyJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
__gads=ID=f8399ab25439d63b:T=1623244577:S=ALNI_MaYBnRueTwuNx8hTwKqWKlqcUf4ww; ezouspvv=160; ezouspva=1; ezouspvh=160
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:19 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:19 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImF1Y3Rpb25fZXBvY2giOjE2MjMyNDQ1NzksImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjEzMDAsImJpZF9mbG9vcl9wcmV2Ijo0MDAsImJpZF9mbG9vcl9maWxsZWQiOjE2MCwiYXVjdGlvbl9jb3VudCI6NCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NjkxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImF1Y3Rpb25fZXBvY2giOjE2MjMyNDQ1NzksImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjEzMDAsImJpZF9mbG9vcl9wcmV2Ijo0MDAsImJpZF9mbG9vcl9maWxsZWQiOjE2MCwiYXVjdGlvbl9jb3VudCI6NCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NjkxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
pragma
no-cache
cookie
__gads=ID=f8399ab25439d63b:T=1623244577:S=ALNI_MaYBnRueTwuNx8hTwKqWKlqcUf4ww; ezouspvv=160; ezouspva=1; ezouspvh=160
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:19 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:18 UTC
pixel
googleads.g.doubleclick.net/xbbe/ Frame BA62 		0
172 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLvO5QIQj7KT9gEYlNPEnQEwAQ&v=APEucNWOXFuQNxhmbnDWNSSR3NrStzryL9e0fryzJ0kW3SmRX6dHOH50QDUmQHJxX4QWY5vIVCO0N322FMtYcNSvI20xwwqtoQ
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/xbbe/pixel?d=CLvO5QIQj7KT9gEYlNPEnQEwAQ&v=APEucNWOXFuQNxhmbnDWNSSR3NrStzryL9e0fryzJ0kW3SmRX6dHOH50QDUmQHJxX4QWY5vIVCO0N322FMtYcNSvI20xwwqtoQ
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 09 Jun 2021 13:16:19 GMT
server
cafe
content-length
0
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 09-Jun-2021 13:31:19 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Jun 2021 13:16:19 GMT
cache-control
private
abg_lite_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame 6108 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite_fy2019.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0fc32732b1520df908e4ce5063434010c35725a930e0cc9df0be61c66a87cf32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:02:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
837
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7010
x-xss-protection
0
server
cafe
etag
16168581138844513892
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Jun 2021 13:02:22 GMT
18159619339694914563
s0.2mdn.net/simgad/ Frame 6108 		88 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/18159619339694914563?sqp=-oaymwENCMoHEFogAUhkUAFYAQ&rs=AOga4qki80s0Uv_lOy4MOOUr0ZNrKJNbJQ
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c2c8238fc3e9cd0d50e612746f1582ece2fe220d1a2cfd2b905731ec862695b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 16:16:56 GMT
x-content-type-options
nosniff
last-modified
Wed, 10 Feb 2021 16:13:27 GMT
server
sffe
age
75563
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
89802
x-xss-protection
0
expires
Wed, 08 Jun 2022 16:16:56 GMT
omrhp_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame 6108 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp_fy2019.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0dc4093b6b9286ebfc6c728ddd3a70812a726d79d6f41d60a506fd5b93c4929c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 12:37:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2331
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2661
x-xss-protection
0
server
cafe
etag
7752240862628680351
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Jun 2021 12:37:28 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 6108 		0
61 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvbhtcH3RNnCEio7BDdPE0WOdJqahjcLvBRjHbjIlRe_VpF2LmUXqtE1ZNtQo3MOHeaueSr1OBb33bYTgi_-H-fpUrfhbK0oh5C66CG2GB-EXXSr9teKWYMnBMqv4Thv7k3zrrzs-JquKydteLN-1Ce5tlkbGIQOrEgBolPw_4j9GQ4uHrFIgW1KBOyBip6wP6aKpiVJgeJO9P126Hzh4oBjSH3WO-MWY0Tnr3_0cbpqtPjYkv66dicUzHBijDZroy2ziL6mm6s4hmDdGubppDFn0xv6yfEITGW1rX7-ur2z1YzjOuQV-9KzscCLfR8eWgaIqBYMPGbgIPxeoGz0fuy_aniS2apPE4vk76BShgx2_6cK_atN9BGZeXbJeMCQ9jPiig6ubQxDFIjocEkh4lV3TW4HsVLLzPX3Knn9v4JWo77_Ak5QG5lwJWN5sbFPZY0pj-0uUlETd9ElOCBG4gKfhLYoS91C7wK4ajRF0yuhdoL6YH3NRAKziRGnGyujRIdnZtCwxsAl5U0cmgYD1V-WRQ2h3RXsca-CV4urEmBZf-w7Igex0kFtaO87A5vVchM1a3Az2IpMRMXo5TmzhxidJf4OSv6ZWUQ77-HLajjlF-DiErF0jIGkTKQ4vHOBg_tuT7SzK2K8lIz2FabH8TKlGeqV9OPC2yqxULnQBx7l1fIXtJvTgRvt9SgaSFr-Brp62--P36VMkJdE7rfzsp0cxywyx5xMdujbHXmMg_b7JvRP40h8k2ely3KyEit5rZjr40C3gcWvdOLgjnh4QrDVUWNF-ZQrlD84T36PO2iRcVQsAC9Fc0fv_88vFTRQ1hU2F9WbwWJyT_To4irKO81IuM4aBJi3nt6g-G-4gF8tKXWl3EgANZl5QmciJBTVSL3cqpitUnGbScHW4gsz2XxNRxFSRAo3PfYVxq2i0UFghneFJK8cRYc1BphuKcppqyLoAIuym_AtaTCJdxrB1bGYVmLWhGVpWKt7v7qnHsQDuehBRkoMEprQxl_b04-Ltqw5cZMfa-uxQxf8MTkprQhUDyd8pwXIVBIRpE2O9_PDg5pGUhbCr74vK5onhnp403PwcGKWwwblvYdmHd6JO-g_dqyzddfxUOsohpmTDEEIqljhWaotAtcPHMNbkYLXX61CnRElRifIpe5mQurep6vctJbC0w5TGGaTI9U3oWR&sai=AMfl-YTJOWARXrxkR7hlNWEHsUCdVkUw5fIC9_v4AtMC6Q2G1ctHa8HS2-EroexSQhX7xDIMbybDsoCbtauTqkxz_Gdb60TBTSUnVoAmXCHOPpZmd75HBl-cnuBwursS89vzjLPq1hARSnUWZ4tkz-Sr776JjC-vYUfCUik4L3nnlRUyZT4KQj-56R6ZRRMkEkc97Ly9bG0N6naX0GgmuvjYQ5jttxLAYX1fXLdoiJEqDxnYPfsp0_1g3TaFtOlhhdbmONjCfMxXTT85_SG66R6Tgmh2baPEwGw&sig=Cg0ArKJSzCbpJH89WUG4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20210607.70125&adurl=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Wed, 09 Jun 2021 13:16:19 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 6108 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 06:19:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25018
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 09 Jun 2022 06:19:21 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6108 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BIfL4dBedLhu1oXzfncqw6YUQsmwrEZWS9rZmJrpdCqoFztcQGwQ94hX8sNuciWAvPK4eyt4ZU66uPaa84VcPkj3Ym3S-hPWk0T2ID9B3lL9j54fg
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 6108 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:09:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
404
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1316
x-xss-protection
0
server
cafe
etag
797314601362473214
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Jun 2021 13:09:35 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6108 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:19 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623066169988846"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37960
x-xss-protection
0
expires
Wed, 09 Jun 2021 13:16:19 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 6108 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5644
x-xss-protection
0
server
cafe
etag
16788636151609896382
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Jun 2021 13:16:02 GMT
l
www.google.com/ads/measurement/ Frame 6108 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ7wAu2J62CmYYc0UZ5BX2QESnYGg5VRadZbIwB93Jt1iTxZYydWoGfHbe5b_aLoOLsfz18FmlVfCb0G8E1ZEz8ZOafZg
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame B17B 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 09 Jun 2021 05:40:48 GMT
expires
Thu, 10 Jun 2021 05:40:48 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
27331
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 6108 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvbhtcH3RNnCEio7BDdPE0WOdJqahjcLvBRjHbjIlRe_VpF2LmUXqtE1ZNtQo3MOHeaueSr1OBb33bYTgi_-H-fpUrfhbK0oh5C66CG2GB-EXXSr9teKWYMnBMqv4Thv7k3zrrzs-JquKydteLN-1Ce5tlkbGIQOrEgBolPw_4j9GQ4uHrFIgW1KBOyBip6wP6aKpiVJgeJO9P126Hzh4oBjSH3WO-MWY0Tnr3_0cbpqtPjYkv66dicUzHBijDZroy2ziL6mm6s4hmDdGubppDFn0xv6yfEITGW1rX7-ur2z1YzjOuQV-9KzscCLfR8eWgaIqBYMPGbgIPxeoGz0fuy_aniS2apPE4vk76BShgx2_6cK_atN9BGZeXbJeMCQ9jPiig6ubQxDFIjocEkh4lV3TW4HsVLLzPX3Knn9v4JWo77_Ak5QG5lwJWN5sbFPZY0pj-0uUlETd9ElOCBG4gKfhLYoS91C7wK4ajRF0yuhdoL6YH3NRAKziRGnGyujRIdnZtCwxsAl5U0cmgYD1V-WRQ2h3RXsca-CV4urEmBZf-w7Igex0kFtaO87A5vVchM1a3Az2IpMRMXo5TmzhxidJf4OSv6ZWUQ77-HLajjlF-DiErF0jIGkTKQ4vHOBg_tuT7SzK2K8lIz2FabH8TKlGeqV9OPC2yqxULnQBx7l1fIXtJvTgRvt9SgaSFr-Brp62--P36VMkJdE7rfzsp0cxywyx5xMdujbHXmMg_b7JvRP40h8k2ely3KyEit5rZjr40C3gcWvdOLgjnh4QrDVUWNF-ZQrlD84T36PO2iRcVQsAC9Fc0fv_88vFTRQ1hU2F9WbwWJyT_To4irKO81IuM4aBJi3nt6g-G-4gF8tKXWl3EgANZl5QmciJBTVSL3cqpitUnGbScHW4gsz2XxNRxFSRAo3PfYVxq2i0UFghneFJK8cRYc1BphuKcppqyLoAIuym_AtaTCJdxrB1bGYVmLWhGVpWKt7v7qnHsQDuehBRkoMEprQxl_b04-Ltqw5cZMfa-uxQxf8MTkprQhUDyd8pwXIVBIRpE2O9_PDg5pGUhbCr74vK5onhnp403PwcGKWwwblvYdmHd6JO-g_dqyzddfxUOsohpmTDEEIqljhWaotAtcPHMNbkYLXX61CnRElRifIpe5mQurep6vctJbC0w5TGGaTI9U3oWR&sai=AMfl-YTJOWARXrxkR7hlNWEHsUCdVkUw5fIC9_v4AtMC6Q2G1ctHa8HS2-EroexSQhX7xDIMbybDsoCbtauTqkxz_Gdb60TBTSUnVoAmXCHOPpZmd75HBl-cnuBwursS89vzjLPq1hARSnUWZ4tkz-Sr776JjC-vYUfCUik4L3nnlRUyZT4KQj-56R6ZRRMkEkc97Ly9bG0N6naX0GgmuvjYQ5jttxLAYX1fXLdoiJEqDxnYPfsp0_1g3TaFtOlhhdbmONjCfMxXTT85_SG66R6Tgmh2baPEwGw&sig=Cg0ArKJSzCbpJH89WUG4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=64&vt=11&dtpt=62&dett=2&cstd=0&cisv=r20210607.70125&adurl=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
__gads=ID=f8399ab25439d63b:T=1623244577:S=ALNI_MaYBnRueTwuNx8hTwKqWKlqcUf4ww; ezouspvv=160; ezouspva=1; ezouspvh=160
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:19 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:18 UTC
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 7E65 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Wed, 09 Jun 2021 06:20:54 GMT
expires
Thu, 09 Jun 2022 06:20:54 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
24925
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 6108 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2191e12fd2e98c6a417ca64a70334301336fa97e7e3077ec1aa06c39d4c209d

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwMTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MTQsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
__gads=ID=f8399ab25439d63b:T=1623244577:S=ALNI_MaYBnRueTwuNx8hTwKqWKlqcUf4ww; ezouspvv=160; ezouspva=1; ezouspvh=160
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:19 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:19 UTC
pixel
cm.g.doubleclick.net/ Frame B17B
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL3CXkLTLFENsWxSiBq-LEI&google_cve...
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL3CXkLTLFENsWxSiBq-LEI&goog...
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=bG9rWWhQYWIxTFFZNGI1&google_gid=CAESEL3CXkLTLFENsWxSiBq-LEI&google_cver=1&google_push=AYg5qPJ5S-leCXXkOu3bFfGVyL_cPsimijecs9d9c_gN9mV...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=bG9rWWhQYWIxTFFZNGI1&google_gid=CAESEL3CXkLTLFENsWxSiBq-LEI&google_cver=1&google_push=AYg5qPJ5S-leCXXkOu3bFfGVyL_cPsimijecs9d9c_gN9mVxwTB98ZUO_PnVzcSCSs927ORb5i9LqWS0sJUJNMr0r13cvzQfBCrmJw
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 09 Jun 2021 13:16:19 GMT
Server
PingMatch/v2.0.30-649-g03fe1b8#rel-ec2-master i-0a3ddc230a4e51549@eu-west-1b@dxedge-app-eu-west-1-prod-asg
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=bG9rWWhQYWIxTFFZNGI1&google_gid=CAESEL3CXkLTLFENsWxSiBq-LEI&google_cver=1&google_push=AYg5qPJ5S-leCXXkOu3bFfGVyL_cPsimijecs9d9c_gN9mVxwTB98ZUO_PnVzcSCSs927ORb5i9LqWS0sJUJNMr0r13cvzQfBCrmJw
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame B17B
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMhWrwPhsdkQ0bekZNcSTuI&google_cver=1&google_push=AYg5qPKF9x5g12f1HJ_PYWzc52nUUf58wRQwd0fBi4r_easzmr27FxiilIsokiOD-5r05mTG8pgMrUNEkC0wMsS2...
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKF9x5g12f1HJ_PYWzc52nUUf58wRQwd0fBi4r_easzmr27FxiilIsokiOD-5r05mTG8pgMrUNEkC0wMsS2bTNrPAT9Fm5n5Q
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKF9x5g12f1HJ_PYWzc52nUUf58wRQwd0fBi4r_easzmr27FxiilIsokiOD-5r05mTG8pgMrUNEkC0wMsS2bTNrPAT9Fm5n5Q
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Wed, 09 Jun 2021 13:16:17 GMT
Server
MT3 3759 5f8f15b master cdg-pixel-x12
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKF9x5g12f1HJ_PYWzc52nUUf58wRQwd0fBi4r_easzmr27FxiilIsokiOD-5r05mTG8pgMrUNEkC0wMsS2bTNrPAT9Fm5n5Q
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 09 Jun 2021 13:16:16 GMT
pixel
cm.g.doubleclick.net/ Frame B17B
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEA15TEb_xNfBPO5inNGSoUg&google_cver=1&google_push=AYg5qPI0SzX9doriWF8VvPVioWK3r2gJE9BuJgOuRovJuFj-WfteeyRNBLr24U_Vh6Mmx0I0Nxxrwt2V...
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEA15TEb_xNfBPO5inNGSoUg&google_cver=1&google_push=AYg5qPI0SzX9doriWF8VvPVioWK3r2gJE9BuJgOuRovJuFj-WfteeyRNBLr24U_Vh6Mmx0I0Nxx...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI3OTIwMDk1MzI5NTY1NTMzMA&google_push=AYg5qPI0SzX9doriWF8VvPVioWK3r2gJE9BuJgOuRovJuFj-WfteeyRNBLr24U_Vh6Mmx0I0Nxxrwt...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI3OTIwMDk1MzI5NTY1NTMzMA&google_push=AYg5qPI0SzX9doriWF8VvPVioWK3r2gJE9BuJgOuRovJuFj-WfteeyRNBLr24U_Vh6Mmx0I0Nxxrwt2VU3w56E-IzVPPPRRK7hy29A
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI3OTIwMDk1MzI5NTY1NTMzMA&google_push=AYg5qPI0SzX9doriWF8VvPVioWK3r2gJE9BuJgOuRovJuFj-WfteeyRNBLr24U_Vh6Mmx0I0Nxxrwt2VU3w56E-IzVPPPRRK7hy29A
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame B17B
Redirect Chain
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMndHU3qTP27u4XxKp9lsfU&google_cver=1&google_push=AYg5qPIGhSK1ZORsSZjggC-LGuyGqtcKR-KxlDAdYZ-vqmsQC8AbmfGq3Nm2CZ_iJOd8dWCEC4LR9GICPYZVxw7T5...
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMndHU3qTP27u4XxKp9lsfU&google_cver=1&google_push=AYg5qPIGhSK1ZORsSZjggC-LGuyGqtcKR-KxlDAdYZ-vqmsQC8AbmfGq3Nm2CZ_iJOd8dWCEC4LR9GICPYZVxw7T5...
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIGhSK1ZORsSZjggC-LGuyGqtcKR-KxlDAdYZ-vqmsQC8AbmfGq3Nm2CZ_iJOd8dWCEC4LR9GICPYZVxw7T5GqFJY8Aa9oHpQ&google_hm=05d666bdebf8add147f0...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIGhSK1ZORsSZjggC-LGuyGqtcKR-KxlDAdYZ-vqmsQC8AbmfGq3Nm2CZ_iJOd8dWCEC4LR9GICPYZVxw7T5GqFJY8Aa9oHpQ&google_hm=05d666bdebf8add147f06f12
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Wed, 09 Jun 2021 13:16:19 GMT
Server
nginx
Location
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIGhSK1ZORsSZjggC-LGuyGqtcKR-KxlDAdYZ-vqmsQC8AbmfGq3Nm2CZ_iJOd8dWCEC4LR9GICPYZVxw7T5GqFJY8Aa9oHpQ&google_hm=05d666bdebf8add147f06f12
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame B17B
Redirect Chain
  • https://ads.yieldmo.com/exptsync?google_gid=CAESECoXlVF86Y-J5wPcmvoEo38&google_cver=1&google_push=AYg5qPK-MMZlrkD3BiRab8AbTAo-OU_iIuM9v5MYWIU814XiZ9-TP41LXbwGEFa8Mgo-2HDGRUbewFouIQihpkuG_75AtsIEUdXbtQ
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPK-MMZlrkD3BiRab8AbTAo-OU_iIuM9v5MYWIU814XiZ9-TP41LXbwGEFa8Mgo-2HDGRUbewFouIQihpkuG_75AtsIEUdXbtQ&google_hm=Z2FjNzc2MjM2YzcwNz...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPK-MMZlrkD3BiRab8AbTAo-OU_iIuM9v5MYWIU814XiZ9-TP41LXbwGEFa8Mgo-2HDGRUbewFouIQihpkuG_75AtsIEUdXbtQ&google_hm=Z2FjNzc2MjM2YzcwNzM2MjU0Njk=
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
location
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPK-MMZlrkD3BiRab8AbTAo-OU_iIuM9v5MYWIU814XiZ9-TP41LXbwGEFa8Mgo-2HDGRUbewFouIQihpkuG_75AtsIEUdXbtQ&google_hm=Z2FjNzc2MjM2YzcwNzM2MjU0Njk=
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
0
pixel
cm.g.doubleclick.net/ Frame B17B
Redirect Chain
  • https://cs.media.net/cksync?type=g&google_gid=CAESEHbnpJUiRL0epJ7ml7HOJZ0&google_cver=1&google_push=AYg5qPI-K1XiahON-2xAlt9BWV6rSSDxrG6muu2zsz81NbomUEUQSY5zZCBxenq_AlSblCBHBWnb2T4k_eL6WlqUnqc-haZZH...
  • https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjY2MjQ2MTc5MTIzNTYxMjAwMFYxMA%3d%3d&mn_hm=MjY2MjQ2MTc5MTIzNTYxMjAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPI-K1XiahON-2xAlt9BWV6rSSD...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjY2MjQ2MTc5MTIzNTYxMjAwMFYxMA%3d%3d&mn_hm=MjY2MjQ2MTc5MTIzNTYxMjAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPI-K1XiahON-2xAlt9BWV6rSSDxrG6muu2zsz81NbomUEUQSY5zZCBxenq_AlSblCBHBWnb2T4k_eL6WlqUnqc-haZZH08iqg&gdpr=&gdpr_consent=
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 09 Jun 2021 13:16:19 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjY2MjQ2MTc5MTIzNTYxMjAwMFYxMA%3d%3d&mn_hm=MjY2MjQ2MTc5MTIzNTYxMjAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPI-K1XiahON-2xAlt9BWV6rSSDxrG6muu2zsz81NbomUEUQSY5zZCBxenq_AlSblCBHBWnb2T4k_eL6WlqUnqc-haZZH08iqg&gdpr=&gdpr_consent=
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html
Content-Length
154
X-MNET-HL2
E
Expires
Wed, 09 Jun 2021 13:16:19 GMT
/
cc.adingo.jp/adx/push/ Frame B17B 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cc.adingo.jp/adx/push/?google_gid=CAESEBm5Mq4Y9BsgQVP2X8A331Y&google_cver=1&google_push=AYg5qPKtrj7-WlnfNulAx8_SVwkli7NvscjNjQlTBQyiLKBAYaFSSXOs2JVNJwxx_ktSYFY7xB_4RJxfAnq1xrI-FGZve1q91nJDiA
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.184.38 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:20 GMT
server
awselb/2.0
attr
cm.g.doubleclick.net/pixel/ Frame B17B 		0
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JFSiiebBSRTEbNc7R2pXmJFtAFyfVVXZp-xtnQ0fd__zSbeHBJ5IuyOjWsA4zVXrmNmO94
Requested by
Host: 969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
URL: https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:19 GMT
server
HTTP server (unknown)
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js
pagead2.googlesyndication.com/bg/ Frame 7E65 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 00:21:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
46508
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5768
x-xss-protection
0
last-modified
Mon, 31 May 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Jun 2022 00:21:11 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame D714 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssLsXDM4VICiwJNue3DY9iwAmW6iGe1MCfMvfaTCbGPt-6RtNkZcbeshpWZ6Jj1nVW6oOvs3rLjmUtBFdyyF4shGH_pw79CBhercWwZpqHgGVyfje5zPczU4b0&sai=AMfl-YThEs0dLIt6F8rsatSIV_pRJEs21HICtpUvyQTLsxKWms9Ctfr7ymPdCirzOMn4i0YNF_xrZeWDi-wLfYYEOIoZtMz1YHf-rChqaJa0Sfcol_kGm1g0MtXLyoeEhmU&sig=Cg0ArKJSzOZgjDIWFX6OEAE&cid=CAASFeRoZ54IA88k6VIeXZUOI-NLaAaXbg&id=lidar2&mcvt=1001&p=80,650,334,950&mtos=0,1001,1001,1001,1001&tos=0,1001,0,0,0&v=20210607&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=3330214951&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623244577756&dlt=291&rpt=285&isd=0&msd=0&r=v
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
greenoaks.gif
returnsandrefund.com/detroitchicago/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjMxMjQwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiI0In0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjQ2OTMwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiNCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiMTA5NzkyMDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiNjg2MiJ9XX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5MGZlYjlkZi1mZTE4LTRiZDItNWIwNy1lZDEwODk2N2MzNzYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIzMjQ0NTcwLCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjMxMjQwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiI0In0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjQ2OTMwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiNCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiMTA5NzkyMDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiNjg2MiJ9XX1d
pragma
no-cache
cookie
ezouspvv=160; ezouspva=1; ezouspvh=160; __gads=ID=f8399ab25439d63b-226585095dc8004f:T=1623244579:S=ALNI_MY8noqRVptHk8VEQBSlftKtotS2mw
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:19 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:19 UTC
integrator.js
adservice.google.ch/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Jun 2021 13:16:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		44 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4071789645104571&correlator=2031960169872726&output=ldjh&impl=fifs&eid=31061359&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210609&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=1&rcs=5&prev_scp=a%3D%257C3%257C%26iid7%3D671765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-671765%26eb_br%3D14e8a85d4c42ff1db8790cbef9e33493%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D2%26bvm%3D0%26bvr%3D6%26shp%3D1%26br1%3D12%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C22%2C20%2C21%2C22%2C17%2C20%2C21%2C22%2C17%2C19%2C20%2C21%2C22%2C17%2C18%2C19%2C20%2C21%2C22%26lb%3D50%26reqt%3D1623244579706&eri=1&cookie=ID%3Df8399ab25439d63b-226585095dc8004f%3AT%3D1623244579%3AS%3DALNI_MY8noqRVptHk8VEQBSlftKtotS2mw&bc=31&abxe=1&lmt=1623157819&dt=1623244579788&dlt=1623244571163&idt=971&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=f&ifi=15&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&ga_vid=1604365714.1623244572&ga_sid=1623244572&ga_hid=1362958342&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
e4e111957492227a15b7890740ae0acbc8250613c933f9888fbad0454ff417f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:20 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10829
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
ezouspvv=160; ezouspva=1; ezouspvh=160; __gads=ID=f8399ab25439d63b-226585095dc8004f:T=1623244579:S=ALNI_MY8noqRVptHk8VEQBSlftKtotS2mw
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:20 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:20 UTC
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7E65 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5QBEIr_AYIaJHIzH7gON_a_wDQAAAAA4AeAEAg&bg=!oqGloeXNAAY6sG-_OrA7ACkAdvg8WhBw7Th7ExGgmFqHgm1-7Mmog2jvXKRIr6LQQ3eU8qKMGtUjcAIAAAKOUgAAABZoAQeZAtVjlOIn321cDb7aSu4MYzgcC7Uqh6wxPODOT0z1UmjaW7Ypvdcq9OPxyRn70RAnCyh0LFVRJNJGOC7kFmXztEadQBnh9YKcbMIBCmf4O3OFtcyLH58lir3jZBuMXDdLylAfU3a6HpaFfE3PZDowiymZMtDdXZSfjSBlU9rdj-rgc58Qarbnpi6vzLquG8z1I8H2qelnktMPQxiEeu19p_hhEuTba2JgsG-tC9XSsLp_DrM2UfFwHNqhLzJkgAYBWOrDY2lCnejPjW5BGel3-D52-Nzdt_LF2bRjQqzRSQjErSjBs2dSiv_Ol8f14uIOUYfsEqQP0RFkdutl6ms3brArAUM-3wtwROINvGtndNSue4Zkapri8MAE9ixIJhIq9PEvEQIJ1ipaZH5bPsZtnWyearPcaC3SF6AqPMAyEYIhOdXKkAy-l1he3jkffqkIpJdBaKDzQoTopwzzVDq5wu0y2TQ3niThNaoLBX_E4eIbNuoSX_RNZyw5ciIwHlANkIKTAdCkIItvWsMv7tHTsKC4LrLS1kyqD5H2m1S-nCUuin6KOlngvGCh-OdvxF01CXTBxaDgO9AElyDTP5141i_4QPJXYpEwD03MIYvSYXGkt43HtbVHjoRhcRPCEb_DLxXPvqT1FEcCEKpfXfmfPSDb8iTwtD-Yl_lzuJlhXwJMHh7BP85-rxeMlqPDyWu7cLOKJCIEdf04RN77UnsB6Mkl_q2p1nregB0lEgEOqwM9WPcl-S1IHTr1e2lgEQsfcf3-p8C4GQ5NUZY5lJoeIa9tUmNJfOhypCRYLbTteHCUjVgoT3XM6ey-bGUELRemjRF0teBQpKvKIj3YhA9qXmRrtA2eJCWRInp_kbeAOvy0byonMMIe9MhlQd4H7n2CT9foaXA5GnvGLP3CEITraz1wvdjMoy-bI6C6pxgizmcVTT2c-CLX7OCv_X9EXSFTsn0OKb21Mg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 6108 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvQrn3ekXRhmzL5Z9iRV2Zb_cfVry4yh2dHj1Jw2eEq7l_Q0VndKfA_8OqsnQG7uQOj8yoWVEmuAV2nmdhFOWZaZ20ZeBXT51CMIxbMALNvDCVBgn_eXa4MdIg&sai=AMfl-YTOXPMUKl87v1HjOB_1dl-jiCMz9kOgyDERVgGPw1wtjl5P-4edDTeJAWMsgDtZMl3-e74Ffbn4OzCURI4wu39wDdoLpK1LvsmGGV5QwZeL-sGEpGessm7-9Ot_&sig=Cg0ArKJSzIBBdrOa6rnnEAE&cid=CAASEuRovvbpgMCw7f_NK07oCSSGVw&id=lidar2&mcvt=1003&p=1108,315,1202,1285&mtos=0,1003,1003,1003,1003&tos=0,1003,0,0,0&v=20210607&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=3121120320&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623244579099&dlt=16&rpt=1&isd=0&msd=0&r=v
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012105242203000/ Frame 41C2 		191 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
48642
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55246
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 23:45:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"e9907e100ee706e0"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 23:45:38 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 41C2 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
86275
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4568
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 13:18:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"b435c2fa80137a0e"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 13:18:25 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 41C2 		87 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
111586
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27371
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 06:16:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"6687a81702b10306"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 06:16:34 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 41C2 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
86275
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1521
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 13:18:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5a9e085610d63d0a"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 13:18:25 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 41C2 		41 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012105242203000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
65887
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13132
x-xss-protection
0
server
sffe
date
Tue, 08 Jun 2021 18:58:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"1bd5431ac5ac76b7"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 18:58:13 GMT
css
fonts.googleapis.com/ Frame 41C2 		7 KB
839 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500|Roboto:300&lang=en
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
37d29979cc13eac68ee8339830a9685021bdb74db368b1a9bb0be3db71818d63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 12:43:56 GMT
server
ESF
date
Wed, 09 Jun 2021 13:16:20 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Jun 2021 13:16:20 GMT
css
fonts.googleapis.com/ Frame 41C2 		5 KB
765 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&text=
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
83e1fc06d61560e19649771db56bc018fc7fdb56e98f3a9f74505230a8f35060
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 12:25:51 GMT
server
ESF
date
Wed, 09 Jun 2021 13:16:20 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Jun 2021 13:16:20 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 41C2 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 08 Jun 2021 13:34:38 GMT
x-content-type-options
nosniff
server
cafe
age
85302
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Wed, 09 Jun 2021 13:34:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 41C2 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 08 Jun 2021 22:25:59 GMT
x-content-type-options
nosniff
server
cafe
age
53421
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Wed, 09 Jun 2021 22:25:59 GMT
truncated
/ Frame 41C2 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3e077831ff4be1d4f081ecd4725bd33555b34dcc015abec8bbea430a2583dfd2

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
adview
securepubads.g.doubleclick.net/pagead/ Frame 41C2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CprviI7_AYKamN4b57gO8p6SoApzX4OlihOz8yYQNpt_AhIYCEAEg9PnGJWD1lc6B4ASgAaLKjNoDyAEBqQKL7e1ZnreyPuACAKgDAcgDCqoE4QFP0NFBJ3WpmHW4g1tk8lHqXhXuPPZ_0a5ORoiPx-Yg9QolbI9P5HC0iG8dvP7ayKfM9CKKW7pPEvgcS8Ivzk_hBWAkgwGyNpMHjzEoRuGuAOw-tzOz9pTALEfOmsDC1hH-aDYlxH1zyHO1yXrZ0uN4LuraXRAPDqMaxxLb_ME1PXYJrMrEaJzxLtr8zhu-8a2ccoZxikr-bjP22dhN0nVtZfeOemmS89tFXdRTbyo6GjCet4X5eSDKvd5-Qca1kKEhe5I4zvK6BW72dXsNZ9g_vdYM0Ve5syrirfv6WYCzLwbABKWA18jlAuAEAZIFBAgEGAGSBQQIBRgEoAZRgAfGtfMlqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEIfZENIIBwiAYRABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgPICwHYEwrQFQGAFwGyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=g_BmVYI1j68
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIxNGU4YTg1ZDRjNDJmZjFkYjg3OTBjYmVmOWUzMzQ5MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDEyLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTIsImJpZF9mbG9vcl9wcmV2IjowLjAwMDUsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzE3NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDQxNjk4OCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwNDE2OTg4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzE3NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDQxNjk4OCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIxNGU4YTg1ZDRjNDJmZjFkYjg3OTBjYmVmOWUzMzQ5MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDEyLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTIsImJpZF9mbG9vcl9wcmV2IjowLjAwMDUsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzE3NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDQxNjk4OCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwNDE2OTg4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzE3NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDQxNjk4OCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
ezouspvh=160; __gads=ID=f8399ab25439d63b:T=1623244579:S=ALNI_MbWC30pu5jDbzAH5xagJ9k1Q0VRHQ; ezouspvv=172; ezouspva=2
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:20 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:20 UTC
28687274
g.ezoic.net/dac/ 		0
40 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g.ezoic.net/dac/28687274
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 09 Jun 2021 13:16:20 GMT
cache-control
max-age=3600, public
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMyJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMyJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
ezouspvh=160; __gads=ID=f8399ab25439d63b:T=1623244579:S=ALNI_MbWC30pu5jDbzAH5xagJ9k1Q0VRHQ; ezouspvv=172; ezouspva=2
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:20 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:20 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImF1Y3Rpb25fZXBvY2giOjE2MjMyNDQ1ODEsImFkX3Bvc2l0aW9uIjoxMTAxLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjg1MCwiYmlkX2Zsb29yX3ByZXYiOjUwLCJiaWRfZmxvb3JfZmlsbGVkIjoxMiwiYXVjdGlvbl9jb3VudCI6NiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NzM2LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImF1Y3Rpb25fZXBvY2giOjE2MjMyNDQ1ODEsImFkX3Bvc2l0aW9uIjoxMTAxLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjg1MCwiYmlkX2Zsb29yX3ByZXYiOjUwLCJiaWRfZmxvb3JfZmlsbGVkIjoxMiwiYXVjdGlvbl9jb3VudCI6NiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NzM2LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
pragma
no-cache
cookie
ezouspvh=160; __gads=ID=f8399ab25439d63b:T=1623244579:S=ALNI_MbWC30pu5jDbzAH5xagJ9k1Q0VRHQ; ezouspvv=172; ezouspva=2
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:20 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:20 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTYxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4OCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTYxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4OCwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxMjIifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE2MTY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTYxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4OCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTYxNjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzI0NDU3MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiOTBmZWI5ZGYtZmUxOC00YmQyLTViMDctZWQxMDg5NjdjMzc2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4OCwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxMjIifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
ezouspvh=160; __gads=ID=f8399ab25439d63b:T=1623244579:S=ALNI_MbWC30pu5jDbzAH5xagJ9k1Q0VRHQ; ezouspvv=172; ezouspva=2
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:20 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:20 UTC
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 41C2 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500|Roboto:300&lang=en
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 13:14:27 GMT
x-content-type-options
nosniff
age
86513
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 13:14:27 GMT
jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 41C2 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500|Roboto:300&lang=en
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 10:59:25 GMT
x-content-type-options
nosniff
age
94615
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45416
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:09:20 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 10:59:25 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 41C2
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date
Wed, 09 Jun 2021 13:16:21 GMT
x-content-type-options
nosniff
server
safe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
246
x-xss-protection
0
army.gif
returnsandrefund.com/porpoiseant/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils1ODAsNDAwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils1ODAsNDAwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:22 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:22 UTC
activeview
pagead2.googlesyndication.com/pcs/ Frame 41C2 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsskBiFztckqTG40PEapdggNhkG98kks-L8t4j-yfM4KcHHgguz66yV5gJVCKsAcLHJPIWKfbiePVVqquraHpgPWKOzzlG9vy0xjFnPS41MbEkdnmMQcj9GEZyY&sai=AMfl-YSdBuofM-40SQ7cAdMltr8VW2fPDIZgadx5BsApdslLy0Vt3Zg5Osdi-ZmmKDnjMSDK3e5MRZLR1fmJs94zeMrZo3EublMRUkAvzzcIVuVzYyfcxfePKpZ-EHuV&sig=Cg0ArKJSzCC7rBEABkDLEAE&cid=CAASFeRo26K4uTUYlvA-FmHCnbrWZzvecg&id=ampim&o=345,920&d=580,400&ss=1600,1200&bs=1600,1200&mcvt=1075&mtos=0,0,1075,1075,1075&tos=0,0,1075,0,0&tfs=180&tls=1255&g=69.9999988079071&h=69.9999988079071&tt=1255&r=v&avms=ampa&adk=3214824028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Jun 2021 13:16:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=194-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-218-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.66.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjcxNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjMyNDQ1NzAsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjkwZmViOWRmLWZlMTgtNGJkMi01YjA3LWVkMTA4OTY3YzM3NiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTY5ODgsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 09 Jun 2021 13:16:22 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Tue, 08 Jun 2021 13:16:22 UTC

Verdicts & Comments Add Verdict or Comment

231 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| __ez string| __sellerid object| __banger_pmp_deals object| _ebcids number| ezobv function| ez_isclean object| ezSlotKVStore function| ezSetSlotTargeting function| ezGetSlotById object| ez_queue function| sort_queue function| execute_ez_queue function| ez_write_tag function| in_array object| ezrpos undefined| ez_current_interval number| ez_current_load function| __ez_fad_load boolean| __ez_fad_floatshowd function| __ez_fad_floatshow object| __ez_fad_initslot object| __ez_fad_fastd object| __ez_fad_fastdiv object| __ez_fad_fastslots object| __ez_fad_viewslots object| __ez_fad_instaslots object| ezslit_run object| __ez_fad_divs object| __ez_fad_divsd number| __ez_fad_vw number| __ez_fad_vh function| __ez_fad_invisible function| __ez_fad_position function| __ez_fad_fast function| __ez_fad_csnt boolean| __ez_fad_haspo function| __ez_fad_rdy function| __ez_fad_docht function| __ez_fad_vpht number| __ez_fad_doc_ht number| __ez_fad_vp_ht boolean| __ez_fad_hascp object| ez_ad_units object| ezslots object| ezsrqt object| __ez_fad_divpos object| ezorbf boolean| isEZABL number| ezmadspc boolean| ezoViewCheck boolean| ezDisableInitialLoad object| googletag object| ezoibfh object| ezaxmns object| ezaucmns object| __ez_fad_floating boolean| __ez_fad_gptd boolean| __ez_fad_ezpbinitd function| __ez_fad_gpt function| __ez_fad_pb function| ezogetbrkey boolean| ezoll string| ezoadxnc string| ezoadhb function| ezorefgsl boolean| ezoicTestActive object| _ezaq object| _ezim_d object| _ezat object| ggeac object| google_js_reporting_queue string| ezoScriptHost object| IL11ILILIIlLLLILILLLLIILLLIIL11111LLILiiLIliLlILlLiiLLIiILL object| ezomash function| ezbanger function| ezvb function| ezsr function| ezosethbbids function| ezoSyncToDfp function| ezoGetDFPSlot undefined| $ function| jQuery function| gtag object| dataLayer function| loadCSS object| cookieconsent_options boolean| hasCookieConsent string| ezouid string| ezoTemplate string| ezoFormfactor object| ezo_elements_to_check string| soc_app_id number| did string| ezdomain number| ezoicSearchable function| __ez_ezosuigenerisEvt function| create_ezolpl function| attach_ezolpl string| _audins_dom number| _audins_did number| _ez_fad_vw object| google_tag_manager function| ez_attachEvent function| ez_attachEventWithCapture function| ez_detachEvent function| ez_getQueryString function| __ezDotData object| ezux object| ct object| ezdent object| ezDenty object| ezmt object| ezua object| ezuxgoals function| _ez_TOS_TrackEvent function| ezocfol number| netStartTime function| hashCode function| ezogetrqbykey function| ezorqs function| ezorqe function| _fEzDt object| vitalsFired object| metricNameMap function| ezlogVital object| _qevents object| _ezfd object| riveted number| ez_tos_track_count number| ez_last_activity_count function| ES6Promise function| EzoIvent function| _findOverlappingQuietPeriods function| _findNetworkQuietPeriods function| ezoFetchConst object| webVitals function| ezoChar function| ezoCharSize function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| wpcf7 function| __ez_fad_ezpbinit object| epbjs boolean| __enableAnalytics object| __s2sbidders function| __ez_tkn_evnt function| __ez_fad_scroll number| __ez_fad_scrollint function| __ez_fad_chkpos object| ezslot_2 object| ezslot_0 object| ezslot_3 number| i3 object| googleToken object| googleIMState function| processGoogleToken object| ezRBA function| __ez_addAllListeners number| indexKey undefined| __ez_dims object| google_tag_data string| GoogleAnalyticsObject function| ga string| ezosuigeneris function| __ez_func_ezosuigeneris object| ezslot_1 number| __google_ad_urls_id number| google_unique_id object| gaGlobal object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| ga_skiplinks object| wp object| jQuery112409140278283822643 number| ezodomstart number| ezoIint function| uglipop function| quantserve function| __qc object| ezt object| _qoptions function| qtrack function| epbjsRequestAdUnits function| epbjsRefreshSlot object| gaplugins object| gaData string| pubcidCookie function| update_cookieconsent_options object| perf_vals string| token boolean| ezowwinit object| GoogleGcLKhOms object| google_image_requests number| ezouspvv string| slotElName number| bid_val object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| slots string| slot string| slot_key object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired object| ampInaboxIframes object| ampInaboxPendingMessages function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb

22 Cookies

Domain/Path Name / Value
.returnsandrefund.com/ Name: __qca
Value: P0-1302297312-1623244572600
.returnsandrefund.com/ Name: _gid
Value: GA1.2.1868471919.1623244573
.returnsandrefund.com/ Name: _gat_gtag_UA_150748452_1
Value: 1
.returnsandrefund.com/ Name: _ga
Value: GA1.2.1604365714.1623244572
.returnsandrefund.com/ Name: ezosuigeneris
Value: c0ad71a5401a51e58002602d9580a3ea
returnsandrefund.com/ Name: ezouspva
Value: 0
.returnsandrefund.com/ Name: ezCMPCCS
Value: true
returnsandrefund.com/ Name: ezohw
Value: w%3D1600%2Ch%3D1200
.returnsandrefund.com/ Name: ezovuuid_200400
Value: 11626a3c-7a0b-4d64-4be7-08306cfc27e0
returnsandrefund.com/ Name: ezouspvv
Value: 0
.returnsandrefund.com/ Name: lp_200400
Value: https://returnsandrefund.com/
.returnsandrefund.com/ Name: ezovuuidtime_200400
Value: 1623244571
.returnsandrefund.com/ Name: __gads
Value: ID=4437ae69a157d66b-2259aa245dc80060:T=1623244572:S=ALNI_MY4kvh285phsIAnYNoR9C20nuy7mA
.returnsandrefund.com/ Name: ezovid_200400
Value: 860382888
.returnsandrefund.com/ Name: ezepvv
Value: 0
.returnsandrefund.com/ Name: ezoref_200400
Value:
returnsandrefund.com/ Name: ezux_lpl_200400
Value: 1623244572645|90feb9df-fe18-4bd2-5b07-ed108967c376|false
.returnsandrefund.com/ Name: ezoadgid_200400
Value: -1
.returnsandrefund.com/ Name: active_template::200400
Value: pub_site.1623244570
returnsandrefund.com/ Name: ezds
Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
.returnsandrefund.com/ Name: ezopvc_200400
Value: 1
.returnsandrefund.com/ Name: ezoab_200400
Value: mod1

2 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs(Line 17)
Message:
Powered by AMP ⚡ HTML – Version 2105242203000 https://returnsandrefund.com/
console-api info URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs(Line 17)
Message:
Powered by AMP ⚡ HTML – Version 2105242203000 https://returnsandrefund.com/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

969e507b97a2de64a3fb9df05936b2f3.safeframe.googlesyndication.com
ad.atdmt.com
ads.yieldmo.com
adservice.google.ch
adservice.google.com
ap.lijit.com
c1.adform.net
cc.adingo.jp
cdn-7.returnsandrefund.com
cdn.ampproject.org
cm.g.doubleclick.net
cs.media.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
go.ezodn.com
go.ezoic.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
pagead2.googlesyndication.com
pixel.quantserve.com
pm.w55c.net
returnsandrefund.com
rules.quantcount.com
s0.2mdn.net
s2.2mdn.net
secure.quantserve.com
securepubads.g.doubleclick.net
sync.mathtag.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
104.108.144.24
104.108.145.8
142.250.185.130
142.250.186.66
142.250.186.98
15.188.66.177
185.29.135.190
216.52.2.30
2600:9000:218c:b600:2:cb38:840:93a1
2600:9000:218d:d200:6:44e3:f8c0:93a1
2606:4700:3035::6815:4c02
2606:4700:3037::6815:4d7e
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:802::200a
2a00:1450:4001:803::2006
2a00:1450:4001:809::2001
2a00:1450:4001:809::2003
2a00:1450:4001:809::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:813::2001
2a00:1450:4001:813::2002
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::200e
2a03:2880:f01c:8004:face:b00c:0:8c
3.126.196.163
34.252.219.156
37.157.6.242
52.48.16.72
54.178.184.38
03cc4fbc6f25876c1a5de9475081af50464b0140e2c304444ab261cb77f86b2e
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
05f4128ec53c7f741949fab76e87979a9ff495e42b41793cb8647bf364f4c7f4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd
0cb9789933bfdd096c06061dc1cb0d0cddbc4e281c6536079df3b87c9f05ab96
0dc4093b6b9286ebfc6c728ddd3a70812a726d79d6f41d60a506fd5b93c4929c
0fc32732b1520df908e4ce5063434010c35725a930e0cc9df0be61c66a87cf32
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
1b3ae74af92f75120cd1c833b07fce7b35a023e03d3fdfb0a2b50967265c7f5b
1d2835f8983acb1265b618bcef75a450921f0ba8548ff36c965f2e2ec97bf5df
1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa
1d8c7ce12428be733a9213b2fecae66db6950a933c276d68bf7c8271829a627d
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5
2481d3235807a8e4928dd232eed9476b2399fa50414e620522d17f5e568ede3f
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec
31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37d29979cc13eac68ee8339830a9685021bdb74db368b1a9bb0be3db71818d63
382ba0753a954f6e25fb348c10ccf194ec67fff7ff74c97e7a515b0a667deeec
39219c1a55e9d5295167a8ffeb2c51e1c09efb2d8e8a76303d3073e3f5b3fc2a
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6
3e077831ff4be1d4f081ecd4725bd33555b34dcc015abec8bbea430a2583dfd2
457f55ea0c6f05fbf9093f1535e1da2c627530ddbeb46c27a0fb8aef5b7e2805
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4
4eaa6b7218b8c3be74092d5d10d27a28bd19c0a51b1c044f37ffe25ad92e78ca
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5e8b469fc37d4e3085e90ca60ca3d13451ae5a505af81346ddd302275a159e04
66ff90c92915ac010e1bb27d29cfecc4b2c433af5616bc33164e36ae2db712aa
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bc648650a69b14296d752f8aa8607e530f5bcaf9e4423041384f888586e7596
6cdfc74a34e7e2442122f5a7e88fbd793aaeb4d2901dd0bfb62cfe4df8c33e5b
76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80cebe8a3c58125a079ac27f180b6cda1bf062d518933ebe73360378a3eb8024
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83e1fc06d61560e19649771db56bc018fc7fdb56e98f3a9f74505230a8f35060
8c63493b034323da08e44455885820239e72b10f9fb8b857e8313008f4d6fac5
8e424541604f9439f054eb9e4e78925da8c4d2a77985f642f9f4b5f025424d48
942cd748d7eb684720b78d2684bc41555adb5df88b22a1037082047b7bdc3678
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
99ac6ec6097a4d79b5886acd0ba1b6a78451bf71804f38275f5fbbbb2eab2154
9a7d14f05ab22b41bfefb5957fc91559e1628acf9b160ddd4b26d82eec6e531a
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
9f762334ff28e79eb7547f6ddb109583d35e0ea3600b71406ca233fb57c12458
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8624c005bdb7cbd25eeeb84d66699578f7d827667cd7bd0cd13d27b9c6c0aef
a965454ed27194420a23bd494e396653825da3850d9d9258d6464dd5e4f26bfc
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb
b04c10e9ef56b9200c56cc5141fe6d712ec85a8d90c0fe5b98fbf9ebe2873cc0
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b74a47136484696d55cda4cb6f5cb93bdbadb428edd938d9f5518b688c400753
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
beb2036f2233e320f81e54504662f33bce0368f18b7bfd9865b3f1f5eab90133
c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6
c276812a8333541256c991bff9d1435f704ec14978e48b617bcbd154f8d8253d
c2c8238fc3e9cd0d50e612746f1582ece2fe220d1a2cfd2b905731ec862695b0
c63c08ec376a1c99ee774ecbd488d3c33396ea42f8ad0e984179916a2e252849
c889e9f09795bd6877dfc6c7aad995732f29960db06c3a4f046870c8132bf470
ca3b1bbec198dc22c5e704790195a1682eade3038f8b1152be9b1be2f5144a68
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046
cad7bf0c200c75adaecb91d241a2461ccb21f1d2ee0ba242e5f5c3cdcc0c9449
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d0b3850a417ef733c6acaff02a3311c7ce9a5b7ee55d2cd76d8c7f1f661bcb20
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
d2191e12fd2e98c6a417ca64a70334301336fa97e7e3077ec1aa06c39d4c209d
d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3
dc38604b8c9a84eb1f9ea3e884463518c5444f5f08a6655f88f3000d44b86a8f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc
df0caf2177a07d06e60540f6770b7b095446a80dfcdf735e88a147d19863c709
df26e589f4d9f498929e2b5241cee7f02aab73af7498f0a058c14ede25e3555a
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e3418b2afb577414ad8d76879f8e63594c8f621e32d4f625182c8f7c771ffae7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e111957492227a15b7890740ae0acbc8250613c933f9888fbad0454ff417f8
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
e84f5482195061eace360f0921613831305f4f52596a6f148c38e44a2e44497d
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efca4b1d7c19af67aa04f4a6ef3f9db4c8d3bea417a00240009db7ed26280080
f4ecce62a254717c7a9b2107c356c7c874eb36725c9cbc4280f7ffc8dfb06509
f85c946c4dd3a85febcac712e6619ff113e306577fc53b51e029fa6e732848e1
f8e8b4c464d2eae3d5189e814cd8dd58da4948f01c026141c93a5cecfcb9ed62