calls.refundsplus.com Open in urlscan Pro
54.208.72.118  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response calls.refundsplus.com/	7 KB 4 KB	376ms 119ms	Document text/html	54.208.72.118 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://calls.refundsplus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.208.72.118 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-208-72-118.compute-1.amazonaws.com Software openresty / Resource Hash d741299f2ee0bf9c3a58baba392ef8cad82abb061ae41661b67d50ee17e23c87 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains max-age=15768000 X-Frame-Options ALLOWALL Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control max-age=0, private, must-revalidate content-encoding gzip content-type text/html; charset=utf-8 date Thu, 04 Jul 2024 04:40:41 GMT etag W/"d741299f2ee0bf9c3a58baba392ef8ca" link <https://dv36c15u2wg3n.cloudfront.net/assets/login-59d35552d68b4b04a155e42d4cb3a43e9d64c18f33adbc9026081927c4ad831c.js>; rel=preload; as=script; nopush,<https://dv36c15u2wg3n.cloudfront.net/assets/application-9caf7c3bfde1334d44f06cac5a43331399724fd1476617dfbd78ebbd6eee2fe9.css>; rel=preload; as=style; nopush,<https://dv36c15u2wg3n.cloudfront.net/assets/application-9caf7c3bfde1334d44f06cac5a43331399724fd1476617dfbd78ebbd6eee2fe9.css>; rel=preload; as=style; nopush,<https://dv36c15u2wg3n.cloudfront.net/assets/login-ec1b0ea13382b7a6353da1a862077809ef97a69e8e3782565bf41921734dd1e5.css>; rel=preload; as=style; nopush,<https://dv36c15u2wg3n.cloudfront.net/assets/dynamic/locales/de-f6af4e6babb915908192415435f26d95b7bfdeb73261dedc4ced9e2cc6fce0e2.js>; rel=preload; as=script; nopush,<https://dv36c15u2wg3n.cloudfront.net/assets/application-ca3c2a02e127d1cb14ad84411e182600148d57bd949cf649693013a9f0a5ae51.js>; rel=preload; as=script; nopush server openresty strict-transport-security max-age=63072000; includeSubDomains max-age=15768000 vary Accept-Encoding x-frame-options ALLOWALL x-request-id 56c77a71-a514-4168-8099-bb09e6cdc5be x-runtime 0.023345
GET H2	200	login-59d35552d68b4b04a155e42d4cb3a43e9d64c18f33adbc9026081927c4ad831c.js Show response dv36c15u2wg3n.cloudfront.net/assets/	4 KB 2 KB	187ms 137ms	Script application/javascript	2600:9000:2070:9c00:15:b5c8:e0c0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dv36c15u2wg3n.cloudfront.net/assets/login-59d35552d68b4b04a155e42d4cb3a43e9d64c18f33adbc9026081927c4ad831c.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2070:9c00:15:b5c8:e0c0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software openresty / Resource Hash ca3c82a44aafa6acc6e0c0f1f8d3dd0c5a06f7899674594b6ddd3843bc434942 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 12:21:43 GMT content-encoding gzip via 1.1 f741e5a55bc5bd136ac1f5406bb11d88.cloudfront.net (CloudFront), 1.1 2b782f5f082f9e98adf8c50f24b6bb6c.cloudfront.net (CloudFront) last-modified Tue, 25 Jun 2024 12:08:20 GMT server openresty x-amz-cf-pop FRA60-P10, HAM50-C3 age 749938 etag W/"667ab334-1087" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=315360000, public alt-svc h3=":443"; ma=86400 x-amz-cf-id 4FfmzUszwKFnGw4HV8DIA8UM_fCz8GkcC3GbMtv83vfTi7WflmCN0A== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	application-9caf7c3bfde1334d44f06cac5a43331399724fd1476617dfbd78ebbd6eee2fe9.css dv36c15u2wg3n.cloudfront.net/assets/	541 KB 102 KB	188ms 138ms	Stylesheet text/css	2600:9000:2070:9c00:15:b5c8:e0c0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dv36c15u2wg3n.cloudfront.net/assets/application-9caf7c3bfde1334d44f06cac5a43331399724fd1476617dfbd78ebbd6eee2fe9.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2070:9c00:15:b5c8:e0c0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software openresty / Resource Hash 129f3173e5023a7fe9aae8b4ab0318168186ed2229594b9a6a31b392df7eaf98 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 20:19:36 GMT content-encoding gzip via 1.1 133ff3be92540995db4a7234eada8b80.cloudfront.net (CloudFront), 1.1 2b782f5f082f9e98adf8c50f24b6bb6c.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10, HAM50-C3 age 116465 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 02 Jul 2024 20:08:23 GMT server openresty etag W/"66845e37-8748f" vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control max-age=315360000 x-amz-cf-id UCaE714IN1cQbGy4csR9XyPabYxSQ9JNMH8ilAx4ZDYM_9GN_vAeZQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	login-ec1b0ea13382b7a6353da1a862077809ef97a69e8e3782565bf41921734dd1e5.css dv36c15u2wg3n.cloudfront.net/assets/	3 KB 1 KB	90ms 40ms	Stylesheet text/css	2600:9000:2070:9c00:15:b5c8:e0c0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dv36c15u2wg3n.cloudfront.net/assets/login-ec1b0ea13382b7a6353da1a862077809ef97a69e8e3782565bf41921734dd1e5.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2070:9c00:15:b5c8:e0c0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software openresty / Resource Hash 68e743dfa174b1d47c4b6015aba969eb550623c1dd92a6d5d62f2e02ac8ca565 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 18:16:36 GMT content-encoding gzip via 1.1 0ccdc706b9b907d47a4960eec0e95f2a.cloudfront.net (CloudFront), 1.1 2b782f5f082f9e98adf8c50f24b6bb6c.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10, HAM50-C3 age 2629445 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Wed, 15 May 2024 18:57:25 GMT server openresty etag W/"66450595-a19" vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control max-age=315360000 x-amz-cf-id mIfE05DivQf7pwtVYSJD84A2M5ynoenq1tmOmscBQnMW865zFsLqdg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	de-f6af4e6babb915908192415435f26d95b7bfdeb73261dedc4ced9e2cc6fce0e2.js Show response dv36c15u2wg3n.cloudfront.net/assets/dynamic/locales/	213 KB 59 KB	112ms 63ms	Script application/javascript	2600:9000:2070:9c00:15:b5c8:e0c0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dv36c15u2wg3n.cloudfront.net/assets/dynamic/locales/de-f6af4e6babb915908192415435f26d95b7bfdeb73261dedc4ced9e2cc6fce0e2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2070:9c00:15:b5c8:e0c0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software openresty / Resource Hash e1e2db5fccc16163088e150e77d6a399ded3d63a8fa13fa57d8d74bc5d04d461 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 30 Jun 2024 19:33:41 GMT content-encoding gzip via 1.1 f741e5a55bc5bd136ac1f5406bb11d88.cloudfront.net (CloudFront), 1.1 2b782f5f082f9e98adf8c50f24b6bb6c.cloudfront.net (CloudFront) last-modified Thu, 27 Jun 2024 17:02:54 GMT server openresty x-amz-cf-pop FRA60-P10, HAM50-C3 age 292020 etag W/"667d9b3e-3545e" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=315360000, public alt-svc h3=":443"; ma=86400 x-amz-cf-id 5E0SW3hc76uRkEjx3Qv1kO2BC-JfiqB7mxOWHyEF0dJ2noDE68xT9A== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	application-ca3c2a02e127d1cb14ad84411e182600148d57bd949cf649693013a9f0a5ae51.js Show response dv36c15u2wg3n.cloudfront.net/assets/	3 MB 762 KB	131ms 81ms	Script application/javascript	2600:9000:2070:9c00:15:b5c8:e0c0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dv36c15u2wg3n.cloudfront.net/assets/application-ca3c2a02e127d1cb14ad84411e182600148d57bd949cf649693013a9f0a5ae51.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2070:9c00:15:b5c8:e0c0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software openresty / Resource Hash b7a98d8a6434e71dc29ab19ade2a05e6991f23aefd5fccd8e12c31a740560a61 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 20:19:36 GMT content-encoding gzip via 1.1 503c2bd0b7e26f747c58a5188346ef54.cloudfront.net (CloudFront), 1.1 2b782f5f082f9e98adf8c50f24b6bb6c.cloudfront.net (CloudFront) last-modified Tue, 02 Jul 2024 20:08:22 GMT server openresty x-amz-cf-pop FRA60-P10, HAM50-C3 age 116465 etag W/"66845e36-2ffb12" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=315360000, public alt-svc h3=":443"; ma=86400 x-amz-cf-id HK67YYLDsHEVhZgJih47DinL3EvrA7d-CFV6JgC-GGMBmgnryCvx3g== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	css fonts.googleapis.com/	27 KB 2 KB	51ms 23ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700|Open+Sans+Condensed:300,600,700 Requested by Host: calls.refundsplus.com URL: https://calls.refundsplus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 4d143b4fbaee226c773161546cf5650c7c5ee08a28b61ba1960d4943e9b91bc1 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 04 Jul 2024 04:40:41 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Thu, 04 Jul 2024 04:40:41 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 04 Jul 2024 04:40:41 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	375 KB 121 KB	68ms 29ms	Script application/javascript	2a00:1450:4001:806::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-7N866XL9CB Requested by Host: calls.refundsplus.com URL: https://calls.refundsplus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash bfee43bcfc4a86e019f1088ad32607eb7fd44c095e77aa1fb0e29c25537116f0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:41 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 123888 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 04 Jul 2024 04:40:41 GMT
GET H2	200	t.js Show response app.calltrackingmetrics.com/	49 KB 16 KB	117ms 25ms	Script application/x-javascript	2600:9000:2359:ae00:9:a353:8080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.calltrackingmetrics.com/t.js Requested by Host: calls.refundsplus.com URL: https://calls.refundsplus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2359:ae00:9:a353:8080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software ctm / Resource Hash 20368cff61064056f9b18f0402ecd0ea36a9e65e4d23b323a3625b9b25795080 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:41 GMT content-encoding gzip via 1.1 fe1df26b55e8c12763613686df86f7f2.cloudfront.net (CloudFront) last-modified Thu, 04 Jul 2024 04:40:41 GMT server ctm x-amz-cf-pop FRA60-P10 etag W/668627c9000000191c8bc52d-25 x-cache Miss from cloudfront content-type application/x-javascript cache-control no-cache, no-store, must-revalidate alt-svc h3=":443"; ma=86400 x-amz-cf-id OXCeOSaN9Yzl-eGfUsjr3b3mPO8nmsoQWe4SSdvVH1GIBTPGIDkX0w==
GET H2	200	datadog-logs-us.js Show response www.datadoghq-browser-agent.com/	33 KB 12 KB	68ms 25ms	Script application/javascript	13.33.218.24 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.datadoghq-browser-agent.com/datadog-logs-us.js Requested by Host: dv36c15u2wg3n.cloudfront.net URL: https://dv36c15u2wg3n.cloudfront.net/assets/application-ca3c2a02e127d1cb14ad84411e182600148d57bd949cf649693013a9f0a5ae51.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.218.24 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-218-24.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 6ef43fd8aa0d64cceb10d6c478c94ef2e4049f165ac5edae88854cea85333230 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:12 GMT content-encoding gzip via 1.1 43244f77affffa1d8942dd025413b8d8.cloudfront.net (CloudFront) last-modified Tue, 27 Jul 2021 15:01:21 GMT server AmazonS3 x-amz-cf-pop FRA60-P10 age 30 etag W/"db11d410d4863029081228535272ffd9" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=14400, s-maxage=60 timing-allow-origin * x-amz-cf-id fwd73u9xRAJjpOOuXURPXZjL1hYzexJZP6i_HVxbI59fC1JOknlbPg==
GET H2	200	ctm_logo-94ab75d892f0afc03be5c04a2cfbbe34c983f26a072a2610fbd962432f5144d2.svg dv36c15u2wg3n.cloudfront.net/assets/	5 KB 2 KB	24ms 23ms	Image image/svg+xml	2600:9000:2070:9c00:15:b5c8:e0c0:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dv36c15u2wg3n.cloudfront.net/assets/ctm_logo-94ab75d892f0afc03be5c04a2cfbbe34c983f26a072a2610fbd962432f5144d2.svg Requested by Host: calls.refundsplus.com URL: https://calls.refundsplus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2070:9c00:15:b5c8:e0c0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software openresty / Resource Hash d1cb5c3a93fddd70a5e0bc9112de72c3cdb3643987f073ec4685b713efce0c4d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 30 Mar 2024 16:01:22 GMT content-encoding gzip via 1.1 ea1aadbeedf1001a86f79fc729fb39e0.cloudfront.net (CloudFront), 1.1 2b782f5f082f9e98adf8c50f24b6bb6c.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10, HAM50-C3 age 8253559 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Thu, 20 Jan 2022 17:58:23 GMT server openresty etag W/"61e9a2bf-154f" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=315360000 x-amz-cf-id kAv2DP18V7Eh7JiUCk67F71q6Kfty7tZ39s7pmLWE2Ki9wLFBXfOZw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v40/	47 KB 48 KB	29ms 8ms	Font font/woff2	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700|Open+Sans+Condensed:300,600,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://calls.refundsplus.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 27 Jun 2024 22:09:26 GMT x-content-type-options nosniff age 541875 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 48236 x-xss-protection 0 last-modified Thu, 14 Dec 2023 02:08:40 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 27 Jun 2025 22:09:26 GMT
GET H2	200	pixels Show response calls.refundsplus.com/ad/ Frame BE1A	641 B 812 B	114ms 113ms	Document text/html	54.208.72.118 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://calls.refundsplus.com/ad/pixels?act=login&ctr=agencies Requested by Host: dv36c15u2wg3n.cloudfront.net URL: https://dv36c15u2wg3n.cloudfront.net/assets/application-ca3c2a02e127d1cb14ad84411e182600148d57bd949cf649693013a9f0a5ae51.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.208.72.118 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-208-72-118.compute-1.amazonaws.com Software openresty / Resource Hash 47babbbb82c5d7121917f6f86aebea409a9577b6e8b70f221b41fa0ce41f5150 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains max-age=15768000 X-Frame-Options ALLOWALL Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://calls.refundsplus.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control max-age=0, private, must-revalidate content-encoding gzip content-type text/html; charset=utf-8 date Thu, 04 Jul 2024 04:40:41 GMT etag W/"47babbbb82c5d7121917f6f86aebea40" server openresty strict-transport-security max-age=63072000; includeSubDomains max-age=15768000 vary Accept-Encoding x-frame-options ALLOWALL x-request-id fc7d6673-5412-4535-96ba-9ba41f74a6b4 x-runtime 0.009568
POST H2	204	collect region1.analytics.google.com/g/	0 0	86ms 29ms	Fetch text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-7N866XL9CB&gtm=45je4730v896552113za200&_p=1720068041873&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1003450455.1720068042&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1720068041&sct=1&seg=0&dl=https%3A%2F%2Fcalls.refundsplus.com%2F&dt=CallTrackingMetrics&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=791&_z=fetch Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-7N866XL9CB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 04 Jul 2024 04:40:41 GMT server Golfe2 content-type text/plain access-control-allow-origin https://calls.refundsplus.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 249 B	113ms 42ms	Ping text/plain	2a00:1450:400c:c00::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-7N866XL9CB&cid=1003450455.1720068042&gtm=45je4730v896552113za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-7N866XL9CB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 04 Jul 2024 04:40:42 GMT server Golfe2 content-type text/plain access-control-allow-origin https://calls.refundsplus.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	65ms 32ms	Image image/gif	142.250.186.131 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7N866XL9CB&cid=1003450455.1720068042&gtm=45je4730v896552113za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1575079524 Requested by Host: calls.refundsplus.com URL: https://calls.refundsplus.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.131 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 04 Jul 2024 04:40:41 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	p.js Show response app.calltrackingmetrics.com/	72 B 459 B	49ms 49ms	Script application/x-javascript	2600:9000:2359:ae00:9:a353:8080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.calltrackingmetrics.com/p.js?sid=668627c9000000191c8bc52d&p=56327.1.888.898.0513&&c=DE&r=BY Requested by Host: app.calltrackingmetrics.com URL: https://app.calltrackingmetrics.com/t.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2359:ae00:9:a353:8080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software ctm / Resource Hash a2c2ed07cfcaa269dd5125e3b59227463fc4f923a7852d5b93cfcc5cd101e972 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:41 GMT content-encoding gzip via 1.1 fe1df26b55e8c12763613686df86f7f2.cloudfront.net (CloudFront) server ctm x-amz-cf-pop FRA60-P10 x-cache Miss from cloudfront content-type application/x-javascript cache-control no-cache, no-store, must-revalidate alt-svc h3=":443"; ma=86400 x-amz-cf-id p0cdQQgIvA1gqsrj3YeavcbdSUGs45xOkYqKNcO1OWeZ3vw0R7-kRQ==
GET H2	200	4098477.js Show response js.hs-scripts.com/ Frame BE1A	2 KB 1 KB	179ms 148ms	Script application/javascript	2606:4700::6810:8cd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/4098477.js Requested by Host: calls.refundsplus.com URL: https://calls.refundsplus.com/ad/pixels?act=login&ctr=agencies Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cabca966e8ae1bf9a8d16158930f20499bfb6b9b47b1f6779a9ee122e8dc6203 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id e6e20876-a5df-4f6d-9f8a-52ebca5c0106 x-envoy-upstream-service-time 29 content-length 629 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e6e20876-a5df-4f6d-9f8a-52ebca5c0106 last-modified Thu, 04 Jul 2024 03:27:23 GMT server cloudflare vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://calls.refundsplus.com x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-7dd59b876-dc7gx access-control-allow-credentials true cache-control public, max-age=90 accept-ranges bytes cf-ray 89dc704eda639f4c-FRA expires Thu, 04 Jul 2024 04:42:12 GMT
GET H3	200	conversion.js Show response www.googleadservices.com/pagead/ Frame BE1A	56 KB 21 KB	70ms 47ms	Script text/javascript	142.250.185.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion.js Requested by Host: calls.refundsplus.com URL: https://calls.refundsplus.com/ad/pixels?act=login&ctr=agencies Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f2.1e100.net Software cafe / Resource Hash 61fc5ca42d7f0ea205e3e8d5a8580f654d9a453830a7da18aa1e2993459ad097 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:42 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 21079 x-xss-protection 0 server cafe etag 11454628927440005578 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Thu, 04 Jul 2024 04:40:42 GMT
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/980215619/ Frame BE1A	43 B 61 B	37ms 19ms	Script text/javascript	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/980215619/?random=1720068042098&cv=9&fst=1720068042098&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=1&url=https%3A%2F%2Fcalls.refundsplus.com%2F&ref=https%3A%2F%2Fcalls.refundsplus.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software cafe / Resource Hash 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 04 Jul 2024 04:40:42 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 37 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	banner.js Show response js.hs-banner.com/v2/4098477/ Frame BE1A	76 KB 28 KB	54ms 34ms	Script text/javascript	2606:4700:4400::6812:22e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/4098477/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/4098477.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 22b3e7e404e1e3bf47029903425bfc405ee33156d2e348b99658870405bbd62d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:42 GMT x-amz-version-id f1g6HgTkWGk9WVev3EyBPyb_nYVdAhK2 content-encoding gzip cf-cache-status HIT x-amz-request-id Z41XFF72KP1NRDRC x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id a0dc6e48-5886-4d54-ad49-2b48025c545a age 155 x-envoy-upstream-service-time 66 x-amz-id-2 8CgiasM7oFmdCw/muQgJ8ucdf8FxH+X0WMPf/xibUyZxCpw1aYx3AeTXejcT/bIkt1oxBhw5Qqxxl04Vmh+l9E5VrUsX0NJJeDrNU8FIt3A= x-evy-trace-listener listener_https x-request-id a0dc6e48-5886-4d54-ad49-2b48025c545a x-evy-trace-route-configuration listener_https/all last-modified Mon, 15 Apr 2024 14:19:52 GMT server cloudflare etag W/"5018895f648c4cab3e1302ab4b7c8e33" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://app.calltrackingmetrics.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-gnznr vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 89dc704fee9e3687-FRA expires Thu, 04 Jul 2024 04:43:07 GMT
GET H2	200	leadflows.js Show response js.hsleadflows.net/ Frame BE1A	551 KB 92 KB	165ms 144ms	Script application/javascript	2606:4700::6812:8d11 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/4098477.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8d11 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Origin https://calls.refundsplus.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js&cfRay=89dc704fe84a5b80-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"be45bdb720f44c8db4ee42bc228ff2a8" vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=86400, max-age=0 x-hs-target-asset lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js date Thu, 04 Jul 2024 04:40:42 GMT x-amz-version-id HLkmxotJV8gQ_mnvhNwLT9fnVmh1uWjb x-content-type-options nosniff cf-cache-status MISS via 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront) x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 743da38a-9bfb-48b5-8051-ad9f458ab359 x-cache RefreshHit from cloudfront cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 36 x-evy-trace-route-configuration listener_https/all x-request-id 743da38a-9bfb-48b5-8051-ad9f458ab359 last-modified Thu, 30 May 2024 10:22:15 UTC server cloudflare access-control-max-age 3000 x-hs-cache-status MISS x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-sb5bh cf-ray 89dc704fe84a5b80-FRA x-amz-cf-id lcRAVve0SIbq7sjZp_XH22svI8fXunlUz_usJnZS6lujW6iiIL2fEQ==
GET H2	200	fb.js Show response js.hsadspixel.net/ Frame BE1A	6 KB 4 KB	37ms 17ms	Script application/javascript	2606:4700::6811:80ac CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/4098477.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c114a5641b9988aecb7a00c47bd1d37d912883ff4ef9c3b9fe6ad21603ab1066 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:42 GMT x-amz-version-id 7Zz_oLsqoY3yHsxt9nM5YRwsj1MKwqFV content-encoding gzip x-content-type-options nosniff via 1.1 c0b0d7167cc2eb52d8d154aa7fc03a0a.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 21 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.565/bundles/pixels-release.js&cfRay=89dc6fcb6bc59bdc-FRA x-cache Hit from cloudfront x-hubspot-correlation-id 24ab3613-e924-4444-85a4-e8de3f859389 cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 24ab3613-e924-4444-85a4-e8de3f859389 last-modified Tue, 18 Jun 2024 12:46:30 UTC server cloudflare etag W/"b233ea75981268a81228cd819e8fd5eb" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status MISS x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-kt4hg cf-ray 89dc704fe8b59bfb-FRA x-amz-cf-id cltN9VPr_GSXMMyd_a039ysMNn1V4T-fhRQDiJJFR-9vkMLzymTGLg== x-hs-target-asset adsscriptloaderstatic/static-1.565/bundles/pixels-release.js
GET H2	200	4098477.js Show response js.hs-analytics.net/analytics/1720068000000/ Frame BE1A	68 KB 24 KB	48ms 30ms	Script text/javascript	2606:4700::6811:afc9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1720068000000/4098477.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/4098477.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6365e843164c1d11c49a0aa5c4779c43e04c705a81ca41898db9fc9d08f6a94b Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:42 GMT x-amz-version-id null content-encoding gzip cf-cache-status HIT x-amz-request-id V8T0TCQBDB8V958S x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id a6150e3f-e0e3-4c46-8cc5-058e1040a677 age 19 x-envoy-upstream-service-time 23 x-amz-id-2 3nFRdYYgVG+eMbwZ4CtkruDsgyO5JfRGBnV4F8CguaoU1g71HQ4OTOOQd6YZm/MOw3Aar9Xp0FY= x-evy-trace-listener listener_https x-request-id a6150e3f-e0e3-4c46-8cc5-058e1040a677 x-evy-trace-route-configuration listener_https/all last-modified Fri, 21 Jun 2024 21:04:16 GMT server cloudflare etag W/"685fb7a78dfb9af06c8be8840fa76e2d" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-762px cache-control max-age=300,public access-control-allow-credentials false cf-ray 89dc704fe9165d5d-FRA expires Thu, 04 Jul 2024 04:45:23 GMT
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ Frame BE1A	123 B 1 KB	168ms 139ms	XHR application/json	2606:4700::6812:f46c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=4098477 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:f46c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d6eacb27d385ac04a0ef89e67010cda6350be77b3b43df933d64cf5f51fbdd5e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:42 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 50e2aec3-8409-4435-96fc-93b2e5982ffd content-encoding br x-envoy-upstream-service-time 2 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 50e2aec3-8409-4435-96fc-93b2e5982ffd server cloudflare vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://calls.refundsplus.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-7dd59b876-54mmz access-control-max-age 180 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JS8jKsWyoFDTSUlJbYmQO7lLw0UUOdGULBLzZAWl1SakC9bWY9f7SkMjkdW2rigpAFVqm9h3J7GlkdxvTqJct%2FrAneJApRQ%2FIqlZJ9hf8MKGw6ahYsQYS%2Biti6wq7YLBMZ2gG4sbCgA1fye%2B"}],"group":"cf-nel","max_age":604800} cf-ray 89dc70505ecb3722-FRA access-control-allow-headers *
GET H2	200	__ptq.gif track.hubspot.com/ Frame BE1A	45 B 1 KB	180ms 141ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=4098477&r=https%3A%2F%2Fcalls.refundsplus.com%2F&pu=https%3A%2F%2Fcalls.refundsplus.com%2Fad%2Fpixels%3Fact%3Dlogin%26ctr%3Dagencies&cts=1720068042398&vi=e5b116814651764bea0e314bc4652bfe&nc=true&u=255911700.e5b116814651764bea0e314bc4652bfe.1720068042396.1720068042396.1720068042396.1&b=255911700.1.1720068042396&cc=15 Requested by Host: calls.refundsplus.com URL: https://calls.refundsplus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:42 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id eb6bf426-76fb-454f-bc48-30e0a3883adc p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 8 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id eb6bf426-76fb-454f-bc48-30e0a3883adc server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C1rh2AmoodlPmXCpwgYV%2BzsoaNvQmGBh8GP4VGq69TIJzXJZB2%2FGRx%2FdNwxKyezA5PLbbpo4LtX5xaWTkKuwc%2BVbF8JDfuZrfM2cbzMVnu%2FtOlERjFNOF%2Fgg5NCYYxZ6b6%2FlO8e0ma3ASm3CesI2"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-b5qjn x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 89dc70514fb71c15-FRA x-robots-tag none
GET H3	200	icon-generic-32x32-b49a05c96a71f751c2024c6e30615ea75055410ec6dbaa67c0fbae201be19aff.png dv36c15u2wg3n.cloudfront.net/assets/	527 B 909 B	36ms 36ms	Other image/png	54.230.182.131 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dv36c15u2wg3n.cloudfront.net/assets/icon-generic-32x32-b49a05c96a71f751c2024c6e30615ea75055410ec6dbaa67c0fbae201be19aff.png Protocol H3 Security QUIC, , AES_128_GCM Server 54.230.182.131 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-230-182-131.ham50.r.cloudfront.net Software openresty / Resource Hash c631764f9c230be633124fc1c742e2274ff896f945bf508500d08c2c0186f94a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 21 Jun 2024 18:10:55 GMT via 1.1 6af229f397d391cfa25045f944cba714.cloudfront.net (CloudFront), 1.1 9a017d15c75b3a14dee95340cd7042ca.cloudfront.net (CloudFront) last-modified Wed, 15 May 2024 18:57:14 GMT server openresty age 1074587 x-amz-cf-pop FRA60-P10, HAM50-C3 etag "6645058a-20f" x-cache Hit from cloudfront content-type image/png cache-control max-age=315360000, public accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 527 x-amz-cf-id mipJBkz2zGuEHvGq25Uvqf94U7W2IJ_ePUQb6dp4VqNlieMo3ECoOQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/ Frame BE1A	222 KB 59 KB	37ms 8ms	Script application/x-javascript	2a03:2880:f084:d:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 04 Jul 2024 04:40:42 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 58293 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=9, rtx=0, c=12, mss=1297, tbw=2768, tp=-1, tpl=-1, uplat=0, ullat=-1 pragma public x-fb-debug f+adhdTrNJ6JrTis4Kty/7yFCG1VquZP7yuaAKQAS9kmWKdZ7pguI15ZMmDi4Wjhg9bhbc8Ub5+h5NPej6ACOA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	1234416419926653 Show response connect.facebook.net/signals/config/ Frame BE1A	60 KB 13 KB	91ms 91ms	Script application/x-javascript	2a03:2880:f084:d:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1234416419926653?v=2.9.160&r=stable&domain=calls.refundsplus.com&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 96cf637f303bce2db661d484ad4c3f20df7a3f082eb382796771b8cd8a1b4770 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 04 Jul 2024 04:40:42 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=13, rtx=0, c=65, mss=1297, tbw=63815, tp=-1, tpl=-1, uplat=82, ullat=0 pragma public x-fb-debug KJ8RUFUT1If/7uzyHwIprheNe4wEylVZPhD5u6Ho36wYVRfIr7Ik4wBy2o/cfmc0Rw4u84HrHgTXymNI6Yy07w== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/ Frame BE1A	178 B 1 KB	156ms 129ms	XHR application/json	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=4098477&utk=e5b116814651764bea0e314bc4652bfe&__hstc=255911700.e5b116814651764bea0e314bc4652bfe.1720068042396.1720068042396.1720068042396.1&__hssc=255911700.1.1720068042396&referrer=https%3A%2F%2Fcalls.refundsplus.com%2F&currentUrl=https%3A%2F%2Fcalls.refundsplus.com%2Fad%2Fpixels%3Fact%3Dlogin%26ctr%3Dagencies Requested by Host: js.hsleadflows.net URL: https://js.hsleadflows.net/leadflows.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3918809315b0339ccfcf86504d4a05c0f1857f6142e4b8bf49bbfee8a988451d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Jul 2024 04:40:42 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 157ea979-878e-4c05-93e8-b52045ef892c content-encoding br x-envoy-upstream-service-time 9 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 157ea979-878e-4c05-93e8-b52045ef892c server cloudflare vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://calls.refundsplus.com x-evy-trace-virtual-host all cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-776cb5686f-gqvsp access-control-max-age 180 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tM0jZz2RIoqTDoTsmSh%2BmxTlVtvsouVeTxMcfD2eeLzv9bmgEwps6nxpBaioQESdxGlmVZA2Mfcb1SDALmSd7DWCQNCDJ2uSta8wI1U5Aa%2FJDCIDmFRHfwdgpnTeCDpA%2FKwqXqpImJoQ4S3mQjYa"}],"group":"cf-nel","max_age":604800} x-robots-tag none access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 89dc7051cacf2c6e-FRA
GET H2	200	/ www.facebook.com/tr/ Frame BE1A	0 274 B	45ms 18ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1234416419926653&ev=PageView&dl=https%3A%2F%2Fcalls.refundsplus.com%2Fad%2Fpixels%3Fact%3Dlogin%26ctr%3Dagencies&rl=https%3A%2F%2Fcalls.refundsplus.com%2F&if=true&ts=1720068042599&sw=1600&sh=1200&ud[external_id]=e5b116814651764bea0e314bc4652bfe&v=2.9.160&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1720068042591.85837196526917788&cdl=API_unavailable&it=1720068042489&coo=false&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=10, rtx=0, c=10, mss=1297, tbw=2796, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Thu, 04 Jul 2024 04:40:42 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame BE1A	67 B 3 KB	213ms 186ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1234416419926653&ev=PageView&dl=https%3A%2F%2Fcalls.refundsplus.com%2Fad%2Fpixels%3Fact%3Dlogin%26ctr%3Dagencies&rl=https%3A%2F%2Fcalls.refundsplus.com%2F&if=true&ts=1720068042599&sw=1600&sh=1200&ud[external_id]=e5b116814651764bea0e314bc4652bfe&v=2.9.160&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1720068042591.85837196526917788&cdl=API_unavailable&it=1720068042489&coo=false&rqm=FGET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers attribution-reporting-register-trigger {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x5461fa1fa327f4b4","source_keys":["1","2"]},{"key_piece":"0xc931656f5d99354f","source_keys":["1","2"]}],"aggregatable_values":{"1":1}} content-encoding zstd x-content-type-options nosniff content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; strict-transport-security max-age=15552000; preload document-policy force-load-at-top date Thu, 04 Jul 2024 04:40:42 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387635988811784679", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=10, rtx=0, c=12, mss=1297, tbw=3114, tp=-1, tpl=-1, uplat=170, ullat=0 pragma no-cache x-fb-debug UXsoJEmB0jvzdmFcg+sBUzQ41LerfyaMpZG0V9QS5M0G6KZiCDAZDrmUYErgMBd7EnPhdpIzPYd/Sm59xb9erQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387635988811784679"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT
POST H3	201	x.json Show response app.calltrackingmetrics.com/	0 287 B	16ms 16ms	XHR text/plain	13.35.58.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.calltrackingmetrics.com/x.json Requested by Host: app.calltrackingmetrics.com URL: https://app.calltrackingmetrics.com/t.js Protocol H3 Security QUIC, , AES_128_GCM Server 13.35.58.65 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-35-58-65.fra60.r.cloudfront.net Software ctm / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://calls.refundsplus.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-type application/json Response headers date Thu, 04 Jul 2024 04:40:42 GMT via 1.1 35cfa6fbcb341fd2ae15e24a43e2f57a.cloudfront.net (CloudFront) server ctm x-amz-cf-pop FRA60-P10 access-control-max-age 2592000 access-control-allow-methods POST, OPTIONS content-type text/plain access-control-allow-origin * x-cache Miss from cloudfront cache-control no-cache, no-store, must-revalidate alt-svc h3=":443"; ma=86400 access-control-allow-headers Content-Type x-amz-cf-id L5HiutfSeH6GUitBQJFNUoWZim8LN56bLL_FEafaQhno-jK0rMA8RQ==
OPTIONS H3	201	x.json app.calltrackingmetrics.com/ Frame	0 0	53ms 35ms	Preflight text/plain	13.35.58.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.calltrackingmetrics.com/x.json Protocol H3 Security QUIC, , AES_128_GCM Server 13.35.58.65 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-35-58-65.fra60.r.cloudfront.net Software ctm / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://calls.refundsplus.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers access-control-allow-headers Content-Type access-control-allow-methods POST, OPTIONS access-control-allow-origin * access-control-max-age 2592000 alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate content-type text/plain date Thu, 04 Jul 2024 04:40:42 GMT server ctm via 1.1 35cfa6fbcb341fd2ae15e24a43e2f57a.cloudfront.net (CloudFront) x-amz-cf-id v8rMRmF2XxCAFLPzk4dWyotsbX5KUPFi8WxX2iJe3APA3OO6nH1WHQ== x-amz-cf-pop FRA60-P10 x-cache Miss from cloudfront