Submitted URL: http://speedcubeshop.loopreturns.com/
Effective URL: https://speedcubeshop.loopreturns.com/
Submission: On November 15 via api from US — Scanned from DE

Summary

This website contacted 13 IPs in 3 countries across 10 domains to perform 24 HTTP transactions. The main IP is 52.39.206.222, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is speedcubeshop.loopreturns.com.
TLS certificate: Issued by R3 on October 3rd 2023. Valid for: 3 months.
This is the only time speedcubeshop.loopreturns.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1287
q.stripe.com — Cisco Umbrella Rank: 7148
m.stripe.com — Cisco Umbrella Rank: 1249
142 KB
4 cloudfront.net
d1nnh0c8uc313v.cloudfront.net
561 KB
4 loopreturns.com
speedcubeshop.loopreturns.com
api.loopreturns.com — Cisco Umbrella Rank: 146118
118 KB
2 shopify.com
cdn.shopify.com — Cisco Umbrella Rank: 2433
43 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1354
18 KB
1 gorgias.chat
config.gorgias.chat — Cisco Umbrella Rank: 11157
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
1 gstatic.com
www.gstatic.com
189 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
89 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
24 10
Domain Requested by
4 d1nnh0c8uc313v.cloudfront.net speedcubeshop.loopreturns.com
3 q.stripe.com speedcubeshop.loopreturns.com
3 js.stripe.com speedcubeshop.loopreturns.com
js.stripe.com
2 cdn.shopify.com d1nnh0c8uc313v.cloudfront.net
2 m.stripe.network js.stripe.com
m.stripe.network
2 api.loopreturns.com d1nnh0c8uc313v.cloudfront.net
2 speedcubeshop.loopreturns.com 1 redirects
1 config.gorgias.chat d1nnh0c8uc313v.cloudfront.net
1 fonts.googleapis.com d1nnh0c8uc313v.cloudfront.net
1 m.stripe.com m.stripe.network
1 www.gstatic.com www.google.com
1 www.googletagmanager.com speedcubeshop.loopreturns.com
1 www.google.com speedcubeshop.loopreturns.com
24 13

This site contains links to these domains. Also see Links.

Domain
speedcubeshop.com
www.loopreturns.com
Subject Issuer Validity Valid
*.loop.gift
R3
2023-10-03 -
2024-01-01
3 months crt.sh
www.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2023-10-10 -
2024-09-19
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2023-10-30 -
2024-01-25
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-10-09 -
2024-01-18
3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1
2023-10-05 -
2024-01-18
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
gorgias.chat
Cloudflare Inc ECC CA-3
2023-10-05 -
2024-01-03
3 months crt.sh
cdn.shopify.com
E1
2023-11-08 -
2024-02-06
3 months crt.sh

This page contains 3 frames:

Primary Page: https://speedcubeshop.loopreturns.com/
Frame ID: 169935308B2EE012D336A449D9281BA5
Requests: 16 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Frame ID: A14522789D3DB6EE8C0FF2CE6A16D097
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: C5E83A5FDE6325B47072A7A5C3C369B1
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

SpeedCubeShop ReturnsLoop Returns | The returns solution for Shopify's top brands

Page URL History Show full URLs

  1. http://speedcubeshop.loopreturns.com/ HTTP 301
    https://speedcubeshop.loopreturns.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

24
Requests

96 %
HTTPS

58 %
IPv6

10
Domains

13
Subdomains

13
IPs

3
Countries

1162 kB
Transfer

4109 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://speedcubeshop.loopreturns.com/ HTTP 301
    https://speedcubeshop.loopreturns.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
speedcubeshop.loopreturns.com/
Redirect Chain
  • http://speedcubeshop.loopreturns.com/
  • https://speedcubeshop.loopreturns.com/
3 KB
1 KB
Document
General
Full URL
https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.39.206.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-39-206-222.us-west-2.compute.amazonaws.com
Software
openresty/1.21.4.2 /
Resource Hash
c742a0597160114104d949438c2477f570086855f572376c85f0624d053f2cb7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
frame-ancestors 'self' *.loopreturns.com *.myshopify.com
content-type
text/html; charset=utf-8
date
Wed, 15 Nov 2023 22:57:31 GMT
etag
W/"655538f4-a27"
last-modified
Wed, 15 Nov 2023 21:32:36 GMT
server
openresty/1.21.4.2
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

Connection
keep-alive
Content-Length
175
Content-Type
text/html
Date
Wed, 15 Nov 2023 22:57:30 GMT
Location
https://speedcubeshop.loopreturns.com/
Server
openresty/1.21.4.2
api.js
www.google.com/recaptcha/
1 KB
1 KB
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7434307d32a6a0078240769f36e53e9e910a662c73b6195d6f8e0195df78e759
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://speedcubeshop.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:57:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 15 Nov 2023 22:57:31 GMT
index.58c8f203.js
d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/
808 KB
188 KB
Script
General
Full URL
https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.58c8f203.js
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:ee00:5:931b:16c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5843e27635736bca12585f26bb4a8ec731dc4302a14835fadfc34e0712b96fa7

Request headers

Referer
https://speedcubeshop.loopreturns.com/
Origin
https://speedcubeshop.loopreturns.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:10:18 GMT
x-amz-version-id
xgct4dv21VNbX93jHRBh_pWZ0B4cClUX
content-encoding
gzip
via
1.1 b031f43146c9801101822eabdc464390.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
age
2834
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 15 Nov 2023 21:32:40 GMT
server
AmazonS3
etag
W/"d9523bbe9d6c85324471ea63bc51f3f9"
access-control-max-age
0
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
x-amz-cf-id
74Gd-6tEdCs-1RTwOygRjf7yYaoH-Dw9VCPNjgv0w4Vn6v37pgBLCQ==
vendor.dd2ce448.js
d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/
888 KB
294 KB
Script
General
Full URL
https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.dd2ce448.js
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:ee00:5:931b:16c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
91159a9143dcfacd85de82bb4c8e731fd47c8403d2c3b8afbe560282a36489a0

Request headers

Referer
https://speedcubeshop.loopreturns.com/
Origin
https://speedcubeshop.loopreturns.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-version-id
aY8bFFVTWn.AFpFqEG9cxgvrb6yMCfyv
content-encoding
gzip
via
1.1 b031f43146c9801101822eabdc464390.cloudfront.net (CloudFront)
date
Wed, 15 Nov 2023 22:47:27 GMT
x-amz-cf-pop
PRG50-C1
age
822
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 13 Nov 2023 17:59:59 GMT
server
AmazonS3
etag
W/"3116a05b60e5cbebef513f3e613f4fab"
access-control-max-age
0
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
x-amz-cf-id
JnQsrGqDfKdMy14xU0BwpEaTyOSg_YMGtvzqyAaMu7RCsNMksJJTPw==
index.426fbb41.css
d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/
845 KB
78 KB
Stylesheet
General
Full URL
https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.426fbb41.css
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:ee00:5:931b:16c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
426fbb4194ff3be77fa9704a7c73b209d09eb037a02b3b3aaf1a5b5d59f44dd2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://speedcubeshop.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-version-id
KMsk7.BcPDfcIhBcc.HHTKNNhK8gN.UT
content-encoding
gzip
via
1.1 93fcd07b66eaf26b036f14e2ec9d73ea.cloudfront.net (CloudFront)
date
Wed, 15 Nov 2023 22:10:18 GMT
last-modified
Wed, 15 Nov 2023 20:07:30 GMT
server
AmazonS3
x-amz-cf-pop
PRG50-C1
age
2834
x-amz-server-side-encryption
AES256
etag
W/"2fa43b8e512280d20a1170327630bde0"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/css
x-amz-cf-id
pA3wZFz95C2z5P9gQwa2jCG5tpV05itokB6QbPkwR14xeKIN_keh5w==
js
www.googletagmanager.com/gtag/
267 KB
89 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-XHPC1ZBWV3
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
20749b3ff1b3a7e5701e1d26b7ed20f39a9b18bb36be9f06e7388365368257bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://speedcubeshop.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:57:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
90862
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 15 Nov 2023 22:57:31 GMT
/
js.stripe.com/v3/
554 KB
137 KB
Script
General
Full URL
https://js.stripe.com/v3/
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.169.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-169-47.cdg52.r.cloudfront.net
Software
Cloudfront /
Resource Hash
8993ec592770046dffe4b2e898b5d1c4ff45f4f5c325fb8f5aa18a1460afc33c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://speedcubeshop.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:56:37 GMT
content-encoding
br
via
1.1 127aaaaca740f298a4c887357ec047b4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
55
x-amz-cf-pop
CDG52-P2
x-cache
Hit from cloudfront
last-modified
Wed, 15 Nov 2023 21:34:25 GMT
server
Cloudfront
etag
W/"7e2d8ce1c1fa7e5522a435622aaaba4e"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
43DbgdSSpHTZmI2LjjhQYniP2DShtRJLf6iI3Dml5zMQqZCpWuV8iA==
recaptcha__de.js
www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/
470 KB
189 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7da2c78aebbd6e2db645e5b97424ed43196e116ef824980565996bdc513550a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://speedcubeshop.loopreturns.com/
Origin
https://speedcubeshop.loopreturns.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 10:19:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
45503
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
192495
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 03:03:27 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 14 Nov 2024 10:19:08 GMT
init
api.loopreturns.com/api/v1/
18 KB
19 KB
XHR
General
Full URL
https://api.loopreturns.com/api/v1/init
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.dd2ce448.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.39.206.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-39-206-222.us-west-2.compute.amazonaws.com
Software
openresty/1.21.4.2 /
Resource Hash
7e34736b8aa348866d9dec6e8174a3c94dcbbeeaff3e0ededb227a1ca382f40a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://speedcubeshop.loopreturns.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:57:32 GMT
content-security-policy
frame-ancestors 'self' *.loopreturns.com *.myshopify.com
x-content-type-options
nosniff, nosniff
x-loop-request-id
85c13f2e-421e-4166-af69-f81b2f397b90
x-xss-protection
1; mode=block
server
openresty/1.21.4.2
x-frame-options
SAMEORIGIN, SAMEORIGIN
access-control-allow-methods
DELETE, GET, PATCH, POST, PUT, OPTIONS
content-type
application/json
access-control-allow-origin
https://speedcubeshop.loopreturns.com
access-control-expose-headers
Version
cache-control
no-cache, private
access-control-allow-credentials
true
x-ratelimit-limit
300
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-Authorization, X-CSRF-TOKEN, x-datadog-trace-id, x-datadog-parent-id, x-datadog-origin, x-datadog-sampling-priority, x-datadog-sampled
x-ratelimit-remaining
299
version
0
m-outer-27c67c0d52761104439bb051c7856ab1.html
js.stripe.com/v3/ Frame A145
200 B
1 KB
Document
General
Full URL
https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.169.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-169-47.cdg52.r.cloudfront.net
Software
Cloudfront /
Resource Hash
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://speedcubeshop.loopreturns.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2497
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 15 Nov 2023 22:15:54 GMT
etag
"27c67c0d52761104439bb051c7856ab1"
last-modified
Mon, 13 Nov 2023 21:03:31 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 127aaaaca740f298a4c887357ec047b4.cloudfront.net (CloudFront)
x-amz-cf-id
f3dtKwprEElh4WNqEx1HivYDzMIZLKlU3vKCt4xyRhWSsfjgq5Y5tA==
x-amz-cf-pop
CDG52-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
5d7e08e8-566e-4724-830a-769dadac5f41
https://speedcubeshop.loopreturns.com/
25 KB
0
Other
General
Full URL
blob:https://speedcubeshop.loopreturns.com/5d7e08e8-566e-4724-830a-769dadac5f41
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cd5819d43e3435224cb1a53e3fd1bca7380a32f3ab91d35aa8b388beb4baffd1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Length
25814
Content-Type
m-outer-6576085ca35ee42f2f484cda6763e4aa.js
js.stripe.com/v3/fingerprinted/js/ Frame A145
631 B
1 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.169.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-169-47.cdg52.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:30:18 GMT
via
1.1 127aaaaca740f298a4c887357ec047b4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
age
1634
x-amz-cf-pop
CDG52-P2
x-cache
Hit from cloudfront
content-length
631
last-modified
Fri, 10 Nov 2023 21:04:40 GMT
server
Cloudfront
etag
"70cacf09ae81711ac6dcbc5ee59750c4"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
ydxOYHcdYu2hssd9KG7g_U4cAVIuN7_jpHv6XWEfD3NMQiShUlFMOg==
csp-report
q.stripe.com/ Frame A145
0
715 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 15 Nov 2023 22:57:32 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1700089052307317
x-envoy-upstream-service-time
4
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
3
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1700089052306589
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame A145
0
715 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 15 Nov 2023 22:57:32 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1700089052308893
x-envoy-upstream-service-time
8
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
4
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1700089052306622
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
inner.html
m.stripe.network/ Frame C5E8
930 B
2 KB
Document
General
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:2000:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
161
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 15 Nov 2023 22:54:51 GMT
etag
"06bfcd88af438673a8bf9b845a11aa6e"
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
x-amz-cf-id
qkfDLoUFlODLjXqwOpXLjhoNQkbxtdGBehHzdAcyejaK7LGK_jeOaQ==
x-amz-cf-pop
FRA56-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
csp-report
q.stripe.com/ Frame C5E8
0
490 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: speedcubeshop.loopreturns.com
URL: https://speedcubeshop.loopreturns.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 15 Nov 2023 22:57:32 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1700089052307695
x-envoy-upstream-service-time
4
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-server-envoy-upstream-service-time-ms
1
x-stripe-client-envoy-start-time-us
1700089052306690
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
expires
0
out-4.5.43.js
m.stripe.network/ Frame C5E8
87 KB
16 KB
Script
General
Full URL
https://m.stripe.network/out-4.5.43.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:2000:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:53:51 GMT
content-encoding
gzip
via
1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
age
221
x-content-type-options
nosniff
etag
W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop
FRA56-C1
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
067CTLC_NejEmyH2MQpp0JLsjmE5k_Vd6G2sEvz3MI3Cq1feCpmQBQ==
6
m.stripe.com/ Frame C5E8
156 B
668 B
XHR
General
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.37.229.91 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-37-229-91.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
a71950c2ba7486ee5f735360a704da4a7f0fb1a5cf598931ee6bc4adf32c9907
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
green
date
Wed, 15 Nov 2023 22:57:32 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1700089052490780
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
3
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1700089052490339
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
css
fonts.googleapis.com/
0
0
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Helvetica%7CHelvetica
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.dd2ce448.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://speedcubeshop.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

reason-groups
api.loopreturns.com/api/v1/2472/
96 KB
97 KB
XHR
General
Full URL
https://api.loopreturns.com/api/v1/2472/reason-groups
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.dd2ce448.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.39.206.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-39-206-222.us-west-2.compute.amazonaws.com
Software
openresty/1.21.4.2 /
Resource Hash
8091237a81af17a273e04bb03e05f45f140179976575adddf4dd5eb6d01044d3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://speedcubeshop.loopreturns.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:57:33 GMT
content-security-policy
frame-ancestors 'self' *.loopreturns.com *.myshopify.com
x-content-type-options
nosniff, nosniff
x-loop-request-id
b774290a-243a-4977-ad42-b3fac4a5b190
x-xss-protection
1; mode=block
server
openresty/1.21.4.2
x-frame-options
SAMEORIGIN, SAMEORIGIN
access-control-allow-methods
DELETE, GET, PATCH, POST, PUT, OPTIONS
content-type
application/json
access-control-allow-origin
https://speedcubeshop.loopreturns.com
access-control-expose-headers
Version
cache-control
no-cache, private
access-control-allow-credentials
true
x-ratelimit-limit
300
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-Authorization, X-CSRF-TOKEN, x-datadog-trace-id, x-datadog-parent-id, x-datadog-origin, x-datadog-sampling-priority, x-datadog-sampled
x-ratelimit-remaining
298
version
0
gorgias-chat-bundle-loader.js
config.gorgias.chat/
3 KB
2 KB
Script
General
Full URL
https://config.gorgias.chat/gorgias-chat-bundle-loader.js?applicationId=1399
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.58c8f203.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:135f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
650d58c3893852eaff783e4e8129293a1cfca247b0f3b5a256f9637142b09659
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://speedcubeshop.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:57:32 GMT
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 google
x-permitted-cross-domain-policies
none
cf-cache-status
HIT
age
13850
x-dns-prefetch-control
off
content-encoding
br
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"c6b-H1gHly/pn/9vM2VGl1AFBjYc+xE"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
vary
Accept-Encoding
cf-ray
826b18040fdf5c92-FRA
Modern-Abstract-Simple-Landscape.jpg
cdn.shopify.com/s/files/1/0978/8602/files/
25 KB
26 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/0978/8602/files/Modern-Abstract-Simple-Landscape.jpg?v=1665683801
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.426fbb41.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
3c0c4633dadbe34a9b9728def9d5cf217ddc0b380ecb8b0309b47fcb82bdf702
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d1nnh0c8uc313v.cloudfront.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:57:32 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
source-type
image/jpeg
server-timing
imagery;dur=281.035, imageryFetch;dur=116.351, imageryProcess;dur=91.550;desc="image", cfRequestDuration;dur=16.000032
source-length
29956
content-length
25728
x-xss-protection
1; mode=block
x-request-id
c5938548-3291-46ed-9909-2edf497f1ac4
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 09 Nov 2023 15:02:41 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2FIhJzzFyhZvZZ6WmLZQuD6bJgND6jwPxEnZiqhb24XlcxXaeZ1ZICMX%2BRYOwyoI2ypr8UZmq2%2BGtAxxmY8nPRU9aGHNWQetx1W50sDm5qtPgmygTq6OCBXJO3dzSDBLzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0978/8602/files/Modern-Abstract-Simple-Landscape.jpg>; rel="canonical"
cf-ray
826b18040beb9000-FRA
SCS-Legacy-Bright-Green-Moible-Header-Retina_7fa20b15-44d4-4268-b6ff-6dee28ed009f.png
cdn.shopify.com/s/files/1/0978/8602/files/
16 KB
17 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/0978/8602/files/SCS-Legacy-Bright-Green-Moible-Header-Retina_7fa20b15-44d4-4268-b6ff-6dee28ed009f.png?v=1631646895
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
13f6e78cecf45de760fcafc0f61f4830b79e6762a93f043d487a33c86c790848
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://speedcubeshop.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 22:57:32 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
source-type
image/png
server-timing
imagery;dur=141.737, imageryFetch;dur=87.293, imageryProcess;dur=53.593;desc="image", cfRequestDuration;dur=33.999920
source-length
16734
content-length
16845
x-xss-protection
1; mode=block
x-request-id
7432f829-c8f9-49c8-8c9d-b344b017cc9a
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 13 Nov 2023 04:21:29 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xa%2Fv3mGlO%2BVe%2FObxCWPWhHVMW638EGvoWM088ztdXnUUCmg54UYgqnR5XC9Zcb9AFUHcbJUQxiXtjpDIGvK3gUiAnC9siBymvValMfqjlw6KoB5OU7oT2KgTmDNHZEYlfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0978/8602/files/SCS-Legacy-Bright-Green-Moible-Header-Retina_7fa20b15-44d4-4268-b6ff-6dee28ed009f.png>; rel="canonical"
cf-ray
826b18040bec9000-FRA
close.svg
d1nnh0c8uc313v.cloudfront.net/customer-portal/img/icons/
652 B
1 KB
Image
General
Full URL
https://d1nnh0c8uc313v.cloudfront.net/customer-portal/img/icons/close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:ee00:5:931b:16c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
91c4e52fb442a8db49f6288f4e0c59376f0f8c9675bc8e847154e576dd57944b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://speedcubeshop.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-version-id
Gh4gqiIpP_ri5IPs1pVlowUSm70Ig6wc
date
Wed, 15 Nov 2023 22:57:32 GMT
via
1.1 93fcd07b66eaf26b036f14e2ec9d73ea.cloudfront.net (CloudFront)
last-modified
Mon, 13 Nov 2023 20:47:49 GMT
server
AmazonS3
x-amz-cf-pop
PRG50-C1
age
2891
x-amz-server-side-encryption
AES256
etag
"765baec03ebf4eba6af7248b4b6e190d"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
image/svg+xml
accept-ranges
bytes
content-length
652
x-amz-cf-id
8JHpnIkhLn8weYuX3QA-8gd-V-bb3105RZeYGOlKYnNJTSXkc9FktQ==

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| webpackChunkStripeJSouter function| noop function| Stripe object| google_tag_manager object| google_tag_data object| dataLayer object| DD_RUM function| applyFocusVisiblePolyfill boolean| __VUE__ boolean| __vite_is_modern_browser object| recaptcha object| GorgiasChat object| gorgiasChatPendingEvents object| GorgiasBridge object| gorgiasChat

4 Cookies

Domain/Path Name / Value
m.stripe.com/ Name: m
Value: c7a5314f-39ea-49c6-9f2a-08ba1b42c46a1ba261
.speedcubeshop.loopreturns.com/ Name: __stripe_mid
Value: a655b0c6-a94f-493b-b94b-240324931cac7b4880
.speedcubeshop.loopreturns.com/ Name: __stripe_sid
Value: e8f85fb1-bf5f-461f-8b87-6436b47b46e3789e83
speedcubeshop.loopreturns.com/ Name: _dd_s
Value: rum=1&id=03f83608-f89f-4815-b21a-e246b18232f4&created=1700089051789&expire=1700089951789

2 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
network error URL: https://fonts.googleapis.com/css?family=Helvetica%7CHelvetica
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.loopreturns.com
cdn.shopify.com
config.gorgias.chat
d1nnh0c8uc313v.cloudfront.net
fonts.googleapis.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
speedcubeshop.loopreturns.com
www.google.com
www.googletagmanager.com
www.gstatic.com
23.227.60.200
2600:9000:206f:2000:19:7d10:bd80:93a1
2600:9000:2127:ee00:5:931b:16c0:21
2606:4700::6812:135f
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2008
2a00:1450:4001:827::2004
2a00:1450:4001:829::200a
52.222.169.47
52.37.229.91
52.39.206.222
54.187.119.242
13f6e78cecf45de760fcafc0f61f4830b79e6762a93f043d487a33c86c790848
20749b3ff1b3a7e5701e1d26b7ed20f39a9b18bb36be9f06e7388365368257bb
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
3c0c4633dadbe34a9b9728def9d5cf217ddc0b380ecb8b0309b47fcb82bdf702
426fbb4194ff3be77fa9704a7c73b209d09eb037a02b3b3aaf1a5b5d59f44dd2
5843e27635736bca12585f26bb4a8ec731dc4302a14835fadfc34e0712b96fa7
650d58c3893852eaff783e4e8129293a1cfca247b0f3b5a256f9637142b09659
7434307d32a6a0078240769f36e53e9e910a662c73b6195d6f8e0195df78e759
7da2c78aebbd6e2db645e5b97424ed43196e116ef824980565996bdc513550a5
7e34736b8aa348866d9dec6e8174a3c94dcbbeeaff3e0ededb227a1ca382f40a
8091237a81af17a273e04bb03e05f45f140179976575adddf4dd5eb6d01044d3
8993ec592770046dffe4b2e898b5d1c4ff45f4f5c325fb8f5aa18a1460afc33c
91159a9143dcfacd85de82bb4c8e731fd47c8403d2c3b8afbe560282a36489a0
91c4e52fb442a8db49f6288f4e0c59376f0f8c9675bc8e847154e576dd57944b
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
a71950c2ba7486ee5f735360a704da4a7f0fb1a5cf598931ee6bc4adf32c9907
c742a0597160114104d949438c2477f570086855f572376c85f0624d053f2cb7
cd5819d43e3435224cb1a53e3fd1bca7380a32f3ab91d35aa8b388beb4baffd1
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947