www.obtainrefund.com Open in urlscan Pro
2606:4700:3033::6815:2a06 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://obtainrefund.com/
Effective URL:
https://www.obtainrefund.com/loader1655503907616
Submission: On June 22 via api (June 22nd 2022, 11:39:42 am UTC) from GB — Scanned from GB

Summary HTTP 201 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 35 IPs in 4 countries across 31 domains to perform 201 HTTP transactions. The main IP is 2606:4700:3033::6815:2a06, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.obtainrefund.com.
TLS certificate: Issued by E1 on June 20th 2022. Valid for: 3 months.

This is the only time www.obtainrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 6	2606:4700:303... 2606:4700:3033::6815:2a06	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3037::ac43:c5e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	2606:4700:303... 2606:4700:3033::6815:459e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
5	161.35.152.125 161.35.152.125	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2606:4700:440... 2606:4700:440e::ac40:9c1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	34.226.127.56 34.226.127.56	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4 49	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	143.204.101.210 143.204.101.210	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
14	23.36.163.228 23.36.163.228	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7 17	2606:4700:20:... 2606:4700:20::681a:76b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:dc2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f2d8:401... 2607:f2d8:4010:8::2	18450 (WEBNX) (WEBNX)
1	2606:4700:20:... 2606:4700:20::681a:b55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
5 10	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2016	15169 (GOOGLE) (GOOGLE)
6	2606:4700:20:... 2606:4700:20::ac43:4766	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:10c2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1690	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.25.208.228 52.25.208.228	16509 (AMAZON-02) (AMAZON-02)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
201	35

6 2606:4700:3033::6815:2a06 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

obtainrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.obtainrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:c5e1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.obtainrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2606:4700:3033::6815:459e (United States)

ASN13335 (CLOUDFLARENET, US)

www.getgovrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 161.35.152.125 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

app.socialproofy.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::ac40:9c1a (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.226.127.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-127-56.compute-1.amazonaws.com

181867.tracking.hyros.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
181867.t.hyros.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.210 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-210.fra50.r.cloudfront.net

d26b395fwzu5fz.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 23.36.163.228 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-228.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:20::681a:76b (United States) 7 redirects

ASN13335 (CLOUDFLARENET, US)

apps.elfsight.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.elfsight.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
files.elfsight.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:dc2 (United States)

ASN13335 (CLOUDFLARENET, US)

app.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f2d8:4010:8::2 (United States)

ASN18450 (WEBNX, US)

api64.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:b55 (United States)

ASN13335 (CLOUDFLARENET, US)

www.iplocate.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

img.icons8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::ac43:4766 (United States)

ASN13335 (CLOUDFLARENET, US)

files.elfsightcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:10c2 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1690 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-dcbfd.nitrocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.25.208.228 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-208-228.us-west-2.compute.amazonaws.com

api.keen.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	youtube.com 4 redirects www.youtube.com — Cisco Umbrella Rank: 100	3 MB
22	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67 jnn-pa.googleapis.com — Cisco Umbrella Rank: 324	153 KB
22	getgovrefund.com www.getgovrefund.com	2 MB
17	elfsight.com 7 redirects apps.elfsight.com — Cisco Umbrella Rank: 17117 static.elfsight.com — Cisco Umbrella Rank: 17207 files.elfsight.com — Cisco Umbrella Rank: 77679	939 KB
16	doubleclick.net 5 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 125 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 static.doubleclick.net — Cisco Umbrella Rank: 411	3 KB
14	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 1066	84 KB
7	obtainrefund.com 4 redirects obtainrefund.com www.obtainrefund.com	30 KB
6	elfsightcdn.com files.elfsightcdn.com — Cisco Umbrella Rank: 73708	120 KB
5	hyros.com 181867.tracking.hyros.com 181867.t.hyros.com	23 KB
5	socialproofy.io app.socialproofy.io	37 KB
4	google.com www.google.com — Cisco Umbrella Rank: 9	42 KB
4	clickfunnels.com app.clickfunnels.com — Cisco Umbrella Rank: 37719 assets.clickfunnels.com — Cisco Umbrella Rank: 64865	3 KB
3	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 122	125 KB
3	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 236	5 KB
3	gstatic.com fonts.gstatic.com	63 KB
3	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1083	92 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 91	387 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 158	109 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 291	715 B
1	keen.io api.keen.io — Cisco Umbrella Rank: 16084	402 B
1	nitrocdn.com cdn-dcbfd.nitrocdn.com	19 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 438	14 KB
1	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 2724	501 B
1	icons8.com img.icons8.com — Cisco Umbrella Rank: 34439	22 KB
1	iplocate.io www.iplocate.io — Cisco Umbrella Rank: 45929	1 KB
1	ipify.org api64.ipify.org — Cisco Umbrella Rank: 12756	240 B
1	cloudfront.net d26b395fwzu5fz.cloudfront.net	9 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 96	50 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1332	5 KB
0	addevent.com Failed track.addevent.com Failed
201	31

	Domain	Requested by
49	www.youtube.com	4 redirects www.obtainrefund.com www.youtube.com www.getgovrefund.com
22	www.getgovrefund.com	www.obtainrefund.com www.getgovrefund.com
20	jnn-pa.googleapis.com	www.youtube.com
14	analytics.tiktok.com	www.obtainrefund.com analytics.tiktok.com
10	googleads.g.doubleclick.net	5 redirects www.youtube.com
8	static.elfsight.com	www.obtainrefund.com apps.elfsight.com static.elfsight.com
6	files.elfsightcdn.com	www.obtainrefund.com
6	files.elfsight.com	6 redirects
5	static.doubleclick.net	www.youtube.com
5	app.socialproofy.io	www.obtainrefund.com app.socialproofy.io
5	www.obtainrefund.com	2 redirects www.obtainrefund.com static.cloudflareinsights.com
4	www.google.com	www.obtainrefund.com www.youtube.com
4	181867.t.hyros.com	181867.tracking.hyros.com
3	i.ytimg.com	www.youtube.com
3	yt3.ggpht.com	www.youtube.com
3	app.clickfunnels.com	www.getgovrefund.com
3	apps.elfsight.com	1 redirects apps.elfsight.com
3	fonts.gstatic.com	fonts.googleapis.com
3	use.fontawesome.com	www.obtainrefund.com use.fontawesome.com
2	www.facebook.com	www.obtainrefund.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	www.obtainrefund.com connect.facebook.net
2	fonts.googleapis.com	www.obtainrefund.com
2	obtainrefund.com	2 redirects
1	bam.nr-data.net	js-agent.newrelic.com
1	api.keen.io	d26b395fwzu5fz.cloudfront.net
1	cdn-dcbfd.nitrocdn.com
1	assets.clickfunnels.com
1	js-agent.newrelic.com	www.obtainrefund.com
1	www.google.co.uk	www.obtainrefund.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	img.icons8.com	www.obtainrefund.com
1	www.iplocate.io	app.socialproofy.io
1	api64.ipify.org	app.socialproofy.io
1	d26b395fwzu5fz.cloudfront.net	www.getgovrefund.com
1	www.googletagmanager.com	www.obtainrefund.com
1	181867.tracking.hyros.com	www.obtainrefund.com
1	static.cloudflareinsights.com	www.obtainrefund.com
0	track.addevent.com Failed	www.obtainrefund.com
201	39

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.kitemedia.com
www.clickfunnels.com

Subject Issuer	Validity	Valid
*.obtainrefund.com E1	`2022-06-20` - `2022-09-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-20` - `2023-06-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
app.socialproofy.io R3	`2022-05-30` - `2022-08-28`	3 months	crt.sh
tracking.hyros.com Amazon	`2022-05-02` - `2023-05-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-03-31` - `2022-06-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
t.hyros.com Amazon	`2022-03-23` - `2023-04-21`	a year	crt.sh
*.tiktok.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-13` - `2023-01-13`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2022-02-07` - `2023-03-10`	a year	crt.sh
1004834818.rsc.cdn77.org R3	`2022-05-14` - `2022-08-12`	3 months	crt.sh
elfsight.com Cloudflare Inc ECC CA-3	`2022-04-30` - `2023-04-30`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
nitrocdn.com Cloudflare Inc ECC CA-3	`2022-05-05` - `2022-08-03`	3 months	crt.sh
keen.io Amazon	`2022-06-02` - `2023-07-01`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://www.obtainrefund.com/loader1655503907616
Frame ID: 7C82BFC738D8C34B9BCAD8E33E8C8BE1
Requests: 99 HTTP requests in this frame

Frame: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: C61494FAABF7BEEB677FF97338E4F227
Requests: 5 HTTP requests in this frame

Frame: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 94B04CB99C702C51AABA142C36D7118B
Requests: 5 HTTP requests in this frame

Frame: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 8CC0F83C14368F45796C5525DDA8F187
Requests: 5 HTTP requests in this frame

Frame: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 9E8872A789AB8C5A4522D6124E6DF2EC
Requests: 5 HTTP requests in this frame

Frame: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 9AD02ADAFDD1F5BEFF7063E4E3EABE45
Requests: 5 HTTP requests in this frame

Frame: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 0E483C621AACA01CE55CAC87B4823AB5
Requests: 11 HTTP requests in this frame

Frame: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 76390DA2816E9B1589F93C38B1D83E4F
Requests: 11 HTTP requests in this frame

Frame: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 7792906D58D5CBB4E2CC03FF95BB9AEB
Requests: 16 HTTP requests in this frame

Frame: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 4BECD139E483FF9C6DEBDAFE206B945B
Requests: 16 HTTP requests in this frame

Frame: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 0EADD4EF3D883F2493D27D60C9BEAF53
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Apply To Get Paid

Page URL History Show full URLs

http://obtainrefund.com/ HTTP 301
https://obtainrefund.com/ HTTP 302
http://www.obtainrefund.com/ HTTP 301
https://www.obtainrefund.com/ HTTP 302
https://www.obtainrefund.com/loader1655503907616 Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

ClickFunnels (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

<meta property="cf:app_domain" content="app\.clickfunnels\.com"

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

201
Requests

84 %
HTTPS

80 %
IPv6

31
Domains

39
Subdomains

35
IPs

4
Countries

7896 kB
Transfer

23175 kB
Size

31
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/garrett.kite
Title: Michael Mishkin

Search URL Search Domain Scan URL

URL: https://www.kitemedia.com/

Search URL Search Domain Scan URL

URL: https://www.clickfunnels.com/?cf_affiliate_id=3833141&aff_sub2=badge

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://obtainrefund.com/ HTTP 301
https://obtainrefund.com/ HTTP 302
http://www.obtainrefund.com/ HTTP 301
https://www.obtainrefund.com/ HTTP 302
https://www.obtainrefund.com/loader1655503907616 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://www.youtube.com/embed/https://www.youtube.com/watch?v=8KUHpd8T6S8?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent HTTP 303
https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Request Chain 17

https://www.youtube.com/embed/https://www.youtube.com/watch?v=8KUHpd8T6S8?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent HTTP 303
https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Request Chain 56

https://www.youtube.com/embed/https://www.youtube.com/watch?v=8KUHpd8T6S8?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent HTTP 303
https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Request Chain 57

https://www.youtube.com/embed/https://www.youtube.com/watch?v=8KUHpd8T6S8?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent HTTP 303
https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Request Chain 61

https://apps.elfsight.com/p/platform.js HTTP 301
https://static.elfsight.com/platform/platform.js

Request Chain 113

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 115

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 117

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 119

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 124

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 155

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/bf48a538-cb3b-4b8b-9c69-6f82625a64ae/g.png HTTP 301
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/bf48a538-cb3b-4b8b-9c69-6f82625a64ae/g.png

Request Chain 156

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/9234efb4-d6db-48a6-b648-c9b909936855/g.png HTTP 301
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/9234efb4-d6db-48a6-b648-c9b909936855/g.png

Request Chain 157

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/52271d41-7403-4075-8a9b-5a1ef0f68bc5/g.png HTTP 301
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/52271d41-7403-4075-8a9b-5a1ef0f68bc5/g.png

Request Chain 158

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/a58b550a-22ad-47c1-aa3b-4312c0a4f309/g.png HTTP 301
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/a58b550a-22ad-47c1-aa3b-4312c0a4f309/g.png

Request Chain 159

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/ecba1d0c-76be-464d-bb17-6e56ab337371/g.png HTTP 301
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/ecba1d0c-76be-464d-bb17-6e56ab337371/g.png

Request Chain 160

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/18522918-d78e-4518-b6e6-44e3e1b737bd/g.png HTTP 301
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/18522918-d78e-4518-b6e6-44e3e1b737bd/g.png

201 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request loader1655503907616 Show response
www.obtainrefund.com/
Redirect Chain

http://obtainrefund.com/
https://obtainrefund.com/
http://www.obtainrefund.com/
https://www.obtainrefund.com/
https://www.obtainrefund.com/loader1655503907616

233 KB
26 KB

264ms
263ms

Document
text/html

2606:4700:3033::6815:2a06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:2a06 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

90d7a7425bb272ec13bb4b71191347eb3f5f64b8bb2b06a41c0922230d3114a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=60, public, s-maxage=60, r-maxage=10
cf-cache-status: DYNAMIC
cf-ray: 71f4b41bb9348898-LHR
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 22 Jun 2022 11:39:28 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Fri, 17 Jun 2022 22:11:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIArlJm%2F0fvskCgW9fnXUKQJ3Suz264AwQ8sRlwYKubtzUdAoKz0L5iEZS8zSG%2B8usPukjb1MGRdCCoxWvp4qYH4ta1d6YOhN1%2BU3xA2YF6p%2FbNGvJNlVETjtKOvwysSXAEyagWxQCRtjyK4Cjad172xvg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
status: 200 OK
strict-transport-security: max-age=0
vary: Accept-Encoding
x-content-digest: f1d65714c2a13af844b83bdc644b40b22aefebd6
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: stale, valid, store
x-request-id: 173c6993821ba537230959208cd2784e
x-runtime: 0.513452

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin: *
access-control-request-method: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 71f4b4098adc8898-LHR
content-type: text/html; charset=utf-8
date: Wed, 22 Jun 2022 11:39:27 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://www.obtainrefund.com/loader1655503907616
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qxp1fyj%2FmtXK3NXdZcwrzAdC4ZUlau86HUgpEwFa70%2BX9ecZTP%2BFQh3zcjPQyM707Ii3qz7xjcvLYUqNP7l8%2BT34yhpeqH%2Fh%2F327slSO%2BxDhK2H7xyXXLByhBCtwUGw8Tz6S3Z5aIuLNNs2Fd39k%2BBr7Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
status: 302 Found
strict-transport-security: max-age=0
vary: Accept-Encoding
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 2ae78bcb610b890d48e56b93e8e8f670
x-runtime: 0.157448

GET
H2 200 lander.css
www.getgovrefund.com/assets/ 425 KB
70 KB 356ms
109ms Stylesheet
text/css 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getgovrefund.com/assets/lander.css

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 16 Jun 2022 16:52:53 GMT
server: cloudflare
etag: W/"62ab5fe5-6a514"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8HzFgzFzRWugjfFtu8VekWp4l3jfTqkAiDdf36%2Bwq2EKkvIik37Z0%2FpiQAQF5eqWHibzy3NaGkXZ2wxntllc9HlD55c7YG7ojRAZQxOAY2j%2BQk1STpOOW1arw6S6Yq1mJxd0r5nmSS2XhVc3SXh%2F8JEDtw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 71f4b41f0cb2889e-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Wed, 22 Jun 2022 11:59:28 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.9.0/css/ 55 KB
12 KB 164ms
44ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20664990
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F0PHW7H6699FG8TW
x-amz-id-2: vC8KBN503iyWKZzHxfJc5rs99Ocw4DSTaifdaL1SsWTbuhhIHZc4Cm+BPlh6dJ7ueugjQrc5cWE=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoD%2B16VbroF2tJIUWbwIFWgfoU3vs7AG4ddfshs%2BPPIoFhYoSYEQQQxQRLMaug%2BxddwWFeowQjw1aHxUH%2BvlFLdDb0WVQ6zb77Hced%2FaluzcAyF9MFvaNAgrWpMtZS2JPEXfoz5H0SKYD5D%2B8MK6fWeq"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 71f4b41e3d7e730c-LHR

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ 26 KB
5 KB 156ms
36ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20664990
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F0PPGVAN5CXAHSGM
x-amz-id-2: HpuDfuJOnoRBIn1oGWh6kpnFISyPAhBcUuSh2sgaSOixf+diILYpFUsoF1uDkiR93wgKGECAn7k=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"e140a7d32f343530f016095df3cc2ae4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aH%2FDWs40DdJ%2BCRu6WBnQDVztorketjtvT1OSA0D7Rt2o%2Fm%2F5D7ffKIoYmWhJe6hw9DSYGuHszEKyChks56Qw3731A8J%2FiX7CsbSySw6gfOG8%2BF0b7tiuyrEm0mzCTtkzuSyC6qi%2FMaAB9dmSFmm8odAb"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 71f4b41e4d83730c-LHR

GET
H2 200 css
fonts.googleapis.com/ 47 KB
3 KB 162ms
46ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e65a71a904111d41178f5a2c687b716af13794ec91b174872ffd00e65ae9f620

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 22 Jun 2022 11:03:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 22 Jun 2022 11:39:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 Jun 2022 11:39:28 GMT

GET
H2 200 application.js Show response
www.getgovrefund.com/assets/userevents/ 5 KB
2 KB 118ms
29ms Script
application/x-javascript 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getgovrefund.com/assets/userevents/application.js

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

004e3565fa58bd4ff0cbf31deb5451508a5ec7d46c4480f9bfa23326f187a158

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: STALE
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51702
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 16 Jun 2022 16:52:53 GMT
server: cloudflare
etag: W/"62ab5fe5-1353"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZociTIblkA%2Fz%2FcIfH2HJy0RNEmhRGjnxubpK4c7loMb2wNSHSU415Mf6Mz2vVg5YBZIm5kSC87oO%2B4rgwcWXdLOe4YNQ%2B0HnJIAoKhow6e7eTKgbT1XbpwlIPnXiNmCJ9dZCI24uvfWYf8fSXPMmeUaucA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 71f4b420785c889e-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Tue, 21 Jun 2022 21:37:46 GMT

GET
H/1.1 200
OK 7mg32bigdn5z8j0pneczhscgcjcffj5o Show response
app.socialproofy.io/pixel/ 19 KB
4 KB 1001ms
80ms Script
application/javascript 161.35.152.125
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://app.socialproofy.io/pixel/7mg32bigdn5z8j0pneczhscgcjcffj5o

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

161.35.152.125 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

b2b016e22165a64762518d5324d61e243cf652c2b067c62fb7fc8a678e5493dd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1;mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Pragma: cache
Date: Wed, 22 Jun 2022 11:39:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache/2.4.41 (Ubuntu)
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: max-age=0
Content-Security-Policy: frame-ancestors 'self';
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 4066
X-XSS-Protection: 1;mode=block
Keep-Alive: timeout=5, max=100
Expires: Wed, 22 Jun 2022 11:39:29 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
818 B 166ms
50ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%7CMontserrat%7COpen+Sans%7CMontserrat%7COpen+Sans%7CHelvetica+Neue+Helvetica+Arial+sans-serif%7COpen+Sans%7COpen+Sans%7C

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8e001feddfc438a6ac7179aa1afe43b51cc3981e25c3aba03b952d6ddb07be42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 22 Jun 2022 11:39:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 22 Jun 2022 11:39:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 Jun 2022 11:39:28 GMT

GET
H2 200 email-decode.min.js Show response
www.obtainrefund.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 34ms
32ms Script
application/javascript 2606:4700:3033::6815:2a06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.obtainrefund.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:2a06 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/loader1655503907616
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 14 Jun 2022 16:43:30 GMT
server: cloudflare
etag: W/"62a8bab2-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DIyBSZm%2B3LoNu0EczFdPej1ldtySxNzXq%2Bea96yJSnLvbRt0dDvNEPPb4%2B4iw0PsSI6xVov1ekbb21JlAZVfwV3yJkAwsdIMTRQlY%2BwiMQaGQDG9h9D2bQYcWcER6bdc%2BtCnIDVMfw9cWIi6sxRb1sDcxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 71f4b41d8c7f8898-LHR
vary: Accept-Encoding
expires: Fri, 24 Jun 2022 11:39:28 GMT

GET
H2 200 lander.js Show response
www.getgovrefund.com/assets/ 2 MB
650 KB 394ms
148ms Script
application/x-javascript 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getgovrefund.com/assets/lander.js

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db3efa583abcb290e22a5bc94420009484fce12acc02d3c7563a02568d462dce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 16 Jun 2022 17:06:12 GMT
server: cloudflare
etag: W/"62ab6304-238a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L2JFsxcTcVIsiIYR0eo9cFE2oDgWCbH3mrtJpeP09UZHi5IiRaMJ0y6XuqsRhfrX3SaMYRcAfe2Z1WxnWhmy9mkVhheyhs3k3ZvMqCtzlbpEVyOONFwTcVVGTZ8LkCEvhinAALhwp72WvA3vvG8Cgwv2Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 71f4b41f0cb6889e-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Wed, 22 Jun 2022 11:59:28 GMT

GET
H2 200 ClickfunnelsTag.png
www.getgovrefund.com/hosted/images/3d/392630953c4119a324492bb1c05778/ 9 KB
9 KB 209ms
145ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/3d/392630953c4119a324492bb1c05778/ClickfunnelsTag.png
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59a24fd9ceda194298ccf0b352fa9acd789bf3fb4c69c01bcdcab44c584d0219

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P2
cf-polished: origSize=9030
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8895
last-modified: Fri, 03 Jan 2020 17:41:49 GMT
server: cloudflare
etag: "a633777156a5ffeb58c92d3d59fa4e34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Gf%2F5FpkbadcJL154riqqrC%2B82VKAIYGFkSzGZlQHAyrdku3din9A8UdYHrcIkyjfaVolQzGqZuZ9K3%2FHdr%2Fkd80rr0v0YjgeuWfXk8ybrpb%2B4j1XzYxdP703SMnxvUQXPj2AEqQKJvzlosZnxIlFaoRxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b420b8b0889e-LHR
cf-bgj: imgq:85,h2pri

GET
H2 200 pushcrew.js Show response
www.getgovrefund.com/assets/ 637 B
680 B 171ms
109ms Script
application/x-javascript 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getgovrefund.com/assets/pushcrew.js

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 16 Jun 2022 16:52:52 GMT
server: cloudflare
etag: W/"62ab5fe4-27d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pkj8k%2BjIe3kVObsc41g1zZUcL9611sTpL4OYQfwhBJlF9LjD6ZaonbIoPhl6shj9JUbZQ1vRUDbF7rAcGVnHojHaTZzK%2FE%2FCPurSQJGuxbbT6rTSEnI6QTg5jW%2F0O39dYiXKzFJH81CQel9T0aqYEIajkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 71f4b420b8b2889e-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Wed, 22 Jun 2022 11:59:28 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 189ms
68ms Script
text/javascript 2606:4700:440e::ac40:9c1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::ac40:9c1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://www.obtainrefund.com/
Origin: https://www.obtainrefund.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 71f4b4211a037190-LHR

GET
H2 200 universal-script Show response
181867.tracking.hyros.com/v1/lst/ 22 KB
23 KB 529ms
241ms Script
text/plain 34.226.127.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://181867.tracking.hyros.com/v1/lst/universal-script?ph=b2b74813eb029744cc57f6bea4748169d2f21356c1a1547e9a5627945ca55475&tag=!tracking
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.127.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-226-127-56.compute-1.amazonaws.com
Software: /
Resource Hash: 00329e11f30377dda9733fa6015d3f5f361af943e01b08def237051e36cbe82d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:29 GMT
access-control-allow-credentials: true
access-control-expose-headers: Session-ID
access-control-max-age: 86400
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
content-type: text/plain;charset=utf-8

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 130 KB
50 KB 271ms
59ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N99VKRS

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

082a7c31c15e095710a5e3474d1f85120bad2de5e66962f5f298ca42d38c67a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50730
x-xss-protection: 0
last-modified: Wed, 22 Jun 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 22 Jun 2022 11:39:28 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
26 KB 274ms
62ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26344
x-xss-protection: 0
pragma: public
x-fb-debug: PNi6FpetVr0p0q1DgWxQmA6LiJK5eN9YkHtQDQSv5s8G51PWOrSMEjzJHxEOtBpDFpv9cy3XVJdMkF3xv+Au4g==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Wed, 22 Jun 2022 11:39:28 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

watch
www.youtube.com/embed/https:/www.youtube.com/ Frame C614
Redirect Chain

https://www.youtube.com/embed/https://www.youtube.com/watch?v=8KUHpd8T6S8?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

38 KB
0

361ms
118ms

Document
text/html

2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:29 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
content-type: application/binary
date: Wed, 22 Jun 2022 11:39:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
server: ESF
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

watch
www.youtube.com/embed/https:/www.youtube.com/ Frame 94B0
Redirect Chain

https://www.youtube.com/embed/https://www.youtube.com/watch?v=8KUHpd8T6S8?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

38 KB
0

251ms
94ms

Document
text/html

2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:29 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
content-type: application/binary
date: Wed, 22 Jun 2022 11:39:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
server: ESF
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 8OIhavsSG-U
www.youtube.com/embed/ Frame 8CC0 63 KB
0 295ms
118ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4HGrUdx9muM
www.youtube.com/embed/ Frame 9E88 64 KB
0 308ms
135ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pk2AIau9g6o
www.youtube.com/embed/ Frame 9AD0 62 KB
0 432ms
269ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 grey-bloom.png
www.getgovrefund.com/hosted/images/images/ 81 KB
82 KB 156ms
148ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/images/grey-bloom.png
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 338dc283832b2caf28fab0ec8c88bc6c35974594a172f7c671996578a64f6f41

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR3-C1
cf-polished: status=not_needed
cf-bgj: imgq:100,h2pri
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 82747
last-modified: Thu, 31 Aug 2017 17:33:10 GMT
server: cloudflare
etag: "e2ac4c661221b7de653ea862fd6af0cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VfX5Vc4OqKrseHffxvt1qaZ83IZnXjEHkDleH3F2TDcButxsuzKHDuHwqKQUtYDKK9yszO0k0PPXkf9CbZKURbp14%2B3vkXGhJadrdf5mIhU24Q1hgsN3tD22AYwZVbVjbI5wdjBtv1SFrqQnEMDMeu8o7A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b420b9e9774a-LHR
expires: Sat, 23 Jul 2022 11:39:28 GMT

GET
H3 200 Royal-2-.jpg
www.getgovrefund.com/hosted/images/e9/2315da96704a5d8cfb3c51e6308019/ 7 KB
8 KB 232ms
221ms Image
image/jpeg 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/e9/2315da96704a5d8cfb3c51e6308019/Royal-2-.jpg
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53a7bd59f44877ce484b2dc54d3568d1461e0a858985f962940bcd2ae7edf48e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7573
last-modified: Tue, 07 Jun 2022 07:07:29 GMT
server: cloudflare
etag: "b5040396c3c178f7a070b05f2255b1d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MS3OghQUo0UZVZYuTIAKG8GflJi8ZvUmZ1rIuuEG7Q3F%2BpBl22N0vXVSQF4yhcaJHGCsUMjqprFKwokanCTMPjd1nJofLyiuhSyZ9O%2BwTT9O4n4Hc0Nml6H8JoivjTcTRLjiorGJlyBOTMj1jRNUcGcL%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b420b9f5774a-LHR

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
fonts.gstatic.com/s/opensans/v29/ 39 KB
39 KB 218ms
61ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9edf922182d605a48239fee4eddab22abc367aa35aec6e4a60ce62a21e3e4dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.obtainrefund.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Mon, 20 Jun 2022 16:22:44 GMT
x-content-type-options: nosniff
age: 155804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39536
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 16:22:44 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVIUx6EQ.woff2
fonts.gstatic.com/s/opensans/v29/ 11 KB
11 KB 277ms
120ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVIUx6EQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%7CMontserrat%7COpen+Sans%7CMontserrat%7COpen+Sans%7CHelvetica+Neue+Helvetica+Arial+sans-serif%7COpen+Sans%7COpen+Sans%7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73fe8ab9505321d8aa0052729376531073d9852ba61bfd4e673b02ae588f16e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.obtainrefund.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Mon, 20 Jun 2022 19:27:27 GMT
x-content-type-options: nosniff
age: 144721
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11536
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:27:27 GMT

GET
H3 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.9.0/webfonts/ 74 KB
74 KB 81ms
43ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0

Request headers

Referer: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Origin: https://www.obtainrefund.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:28 GMT
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51734
cf-ray: 71f4b420ee017525-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 75440
x-amz-id-2: Lgi7maf292dM7n/r4BCWQNMeeurHGFxsqRAQ3e1ygjldAMsMmBwyAleY5JrGZ6DKfqdFRSt0/38=
last-modified: Wed, 30 Jun 2021 15:48:27 GMT
server: cloudflare
etag: "b5cf8ae26748570d8fb95a47f46b69e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tzgmdnIM7T08m3Pj1nOHzR0axyjQnqOIe%2B5cBDCErO3QB5sG4QVfouw59mRAuYe9tgxP%2BKT%2Bn15RTqEJiXYbHXScYGDmirPNxDz2QCz32v9OUcHjs89dqAUd0DPM1WmDCmM4OH72bZj0%2BFDwtNpfQnJt"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: DE99J0363WT2G7NR
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
content-type: font/woff2

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXp-obK4.woff2
fonts.gstatic.com/s/montserrat/v24/ 12 KB
12 KB 277ms
121ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v24/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXp-obK4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f779f16d083a24d19f51f3a86b8b0b5c7d6ec5f335f645a16cc17802a33f58e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.obtainrefund.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Tue, 21 Jun 2022 17:08:12 GMT
x-content-type-options: nosniff
age: 66676
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12680
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 14:37:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Jun 2023 17:08:12 GMT

GET
H/1.1 200
OK keen-tracking-1.0.3.min.js Show response
d26b395fwzu5fz.cloudfront.net/ 27 KB
9 KB 196ms
39ms Script
application/javascript 143.204.101.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d26b395fwzu5fz.cloudfront.net/keen-tracking-1.0.3.min.js
Requested by: Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/lander.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.210 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-210.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c8fbd44351b2040cbd911e73aa17794cfd00261d0f10a6881fd48ca8a1d880b3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Tue, 08 Feb 2022 22:51:18 GMT
Content-Encoding: gzip
Age: 11537292
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 8994
Last-Modified: Thu, 31 Mar 2016 04:24:33 GMT
Server: AmazonS3
ETag: "a6acb97120359c326c8f7775a5514f5d"
Content-Type: application/javascript
Via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront)
Cache-Control: max-age=31536000000, public
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: 39SgE-4CTJc24ReGuPTd08GPZLp5dePwaHdg_ViCocGV3Wzi1YfCHw==
Expires: Fri, 31 Mar 2017 04:24:29 GMT

GET
H3 200 450946546174186 Show response
connect.facebook.net/signals/config/ 288 KB
83 KB 253ms
175ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/450946546174186?v=2.9.62&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f5e45088670523f0b75ebf2c1c3ee0077c83acd790623dce6d312137c7300485

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: K6qrQlclQ00ybMZ2bJ/CkIXF/IVhZj6tl7kvxCW/BVcdDbIBRoVjMhEqjmE6qPoOiY0YsL141ZHlNVhN4wR9CA==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 22 Jun 2022 11:39:30 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1655897970040
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET www-player.css
www.youtube.com/s/player/f05de49d/ Frame 8CC0 0
0

GET www-embed-player.js
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame 8CC0 0
0

GET base.js
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 8CC0 0
0

GET fetch-polyfill.js
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame 8CC0 0
0

GET www-player.css
www.youtube.com/s/player/f05de49d/ Frame 9E88 0
0

GET www-embed-player.js
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame 9E88 0
0

GET base.js
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 9E88 0
0

GET fetch-polyfill.js
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame 9E88 0
0

GET www-player.css
www.youtube.com/s/player/f05de49d/ Frame 9AD0 0
0

GET www-embed-player.js
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame 9AD0 0
0

GET base.js
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 9AD0 0
0

GET fetch-polyfill.js
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame 9AD0 0
0

GET www-player.css
www.youtube.com/s/player/f05de49d/ Frame 94B0 0
0

GET www-embed-player.js
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame 94B0 0
0

GET base.js
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 94B0 0
0

GET fetch-polyfill.js
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame 94B0 0
0

GET
H3 200 vendor.js Show response
www.getgovrefund.com/ 18 KB
6 KB 312ms
282ms Script
application/javascript 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getgovrefund.com/vendor.js

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:30 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 200 OK
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
strict-transport-security: max-age=0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: 17c4f4c6144d349ca15750cdacb8b183
x-runtime: 0.016559
x-content-digest: 581e49c9b7bdd06dab54c00931f4256b223e620e
server: cloudflare
x-frame-options: ALLOWALL
etag: W/"7422e50efbaea439fda7ef3b0eb54ee1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sm35THBWnIjdQKNAOypLuuWBFGQNseK6LYI0RbvzQMJdF48CPNGR0m9satXtT4HUZIlA4tFOUkugHCiU%2B1AomA9MI2QixW5%2F3xvl%2BEYpIm8zjk9EvUR9%2FAH4aPNMQiRa55GWHs4D3MxJYAQAc8mSf9H0xQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 71f4b428285c774a-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: stale, valid, store

GET /
track.addevent.com/atc/ 0
0

GET
H2 200 gusid Show response
181867.t.hyros.com/v1/lst/ 0
502 B 350ms
130ms XHR
text/plain 34.226.127.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://181867.t.hyros.com/v1/lst/gusid?
Requested by: Host: 181867.tracking.hyros.com
URL: https://181867.tracking.hyros.com/v1/lst/universal-script?ph=b2b74813eb029744cc57f6bea4748169d2f21356c1a1547e9a5627945ca55475&tag=!tracking
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.127.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-226-127-56.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
Product-ID: 181867

Response headers

date: Wed, 22 Jun 2022 11:39:31 GMT
session-id: HB-ET_38027fb6bc9329180636c8183c8a58ba855a2aa46a1e43bac5c9dc9703bc6fab
etag: HB-ET_38027fb6bc9329180636c8183c8a58ba855a2aa46a1e43bac5c9dc9703bc6fab
access-control-max-age: 86400
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
access-control-allow-origin: https://www.obtainrefund.com
access-control-expose-headers: Session-ID
access-control-allow-credentials: true
content-length: 0

GET www-player.css
www.youtube.com/s/player/f05de49d/ Frame C614 0
0

GET www-embed-player.js
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame C614 0
0

GET base.js
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame C614 0
0

GET fetch-polyfill.js
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame C614 0
0

OPTIONS
H2 200 gusid
181867.t.hyros.com/v1/lst/ Frame 0
0 771ms
91ms Preflight
application/vnd.sun.wadl+xml 34.226.127.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://181867.t.hyros.com/v1/lst/gusid?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.127.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-226-127-56.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: product-id
Access-Control-Request-Method: GET
Origin: https://www.obtainrefund.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: product-id
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
access-control-allow-origin: https://www.obtainrefund.com
access-control-expose-headers: Session-ID
access-control-max-age: 86400
allow: HEAD,GET,OPTIONS
content-length: 1432
content-type: application/vnd.sun.wadl+xml;charset=utf-8
date: Wed, 22 Jun 2022 11:39:30 GMT
last-modified: Wed, 22 Jun 2022 11:39:30 UTC

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 515ms
34ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N99VKRS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 3023
date: Wed, 22 Jun 2022 10:49:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 22 Jun 2022 12:49:07 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 160 KB
45 KB 737ms
258ms Script
application/javascript 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 4af0bd53f6c36a13e7604282e9f8826269ca96297eb838c4f4d9ad00200a7fc8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

x-akamai-request-id: 7c4a3d2f.144a699b
date: Wed, 22 Jun 2022 11:39:31 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-220-104-142.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-parent-response-time: 156,23.36.161.200
server-timing: cdn-cache; desc=MISS, edge; dur=203, origin; dur=6, inner; dur=4
content-length: 45266
pragma: no-cache
server: nginx
x-tt-logid: 2022062211393001000400300500600300400CEE5F0
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 6,23.220.104.142
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab76a5d4f79a29cfb20ca214a2e050938a8c9ed042ab93c72680b93da5a64aa1e06236591572f0e075105a500cee6f499e43111f7b3d29091488b70934f658b6768d4592a2e5028f3ac14c69ab3844013540c24e2a963259e588e086c5a6d5ada49
expires: Wed, 22 Jun 2022 11:39:31 GMT

GET
H3 200 iframe_api Show response
www.youtube.com/ 980 B
513 B 269ms
127ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/lander.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8f8e518cd706f3f6c743f964efa6f5cf3a4f2ea5b589694dec8ed2295b4f2bb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Wed, 22 Jun 2022 11:39:30 GMT

GET
H3

200

watch Show response
www.youtube.com/embed/https:/www.youtube.com/ Frame 0E48
Redirect Chain

https://www.youtube.com/embed/https://www.youtube.com/watch?v=8KUHpd8T6S8?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

38 KB
11 KB

151ms
150ms

Document
text/html

2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/lander.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

58ed3737f69e1b9cfe69c9c53bbba51aba83371d7915a913cdea13b4dbd97a60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
content-type: application/binary
date: Wed, 22 Jun 2022 11:39:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
server: ESF
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H3

200

watch Show response
www.youtube.com/embed/https:/www.youtube.com/ Frame 7639
Redirect Chain

https://www.youtube.com/embed/https://www.youtube.com/watch?v=8KUHpd8T6S8?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

38 KB
11 KB

142ms
141ms

Document
text/html

2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/lander.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ad2b8a299805727100878cdbe8d9e5537d76264126104cad5aeb66feca1097e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
content-type: application/binary
date: Wed, 22 Jun 2022 11:39:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
server: ESF
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H3 200 8OIhavsSG-U Show response
www.youtube.com/embed/ Frame 7792 63 KB
26 KB 108ms
89ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/lander.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

720adb3aeb05b911763b568e8ef447c3e8e7f67372ae73348e397d59f9208eb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4HGrUdx9muM Show response
www.youtube.com/embed/ Frame 4BEC 63 KB
26 KB 124ms
109ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/lander.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4d6d945c544478dcbb43c105d1ecfa43d513f1348f67b00c2e36c1204f65c078

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pk2AIau9g6o Show response
www.youtube.com/embed/ Frame 0EAD 63 KB
26 KB 198ms
188ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/lander.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e433af82f0adb8dd42f6169837cac493b72f668d83918edf6c951fa54fd01a8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.obtainrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Wed, 22 Jun 2022 11:39:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

platform.js Show response
static.elfsight.com/platform/
Redirect Chain

https://apps.elfsight.com/p/platform.js
https://static.elfsight.com/platform/platform.js

46 KB
16 KB

47ms
45ms

Script
application/javascript

2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/platform/platform.js

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9145719c44c79da1f24c6ee1ae3fbf7df31af11e5fa9f300494d22ab183a2521

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:32 GMT
content-encoding: br
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131
cf-polished: origSize=47171
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: tx0000000000000ebf2dfb9-0062a999e3-2768dd76-sfo2a
x-hw: 1655282147.dop083.lo4.t,1655282147.cds284.lo4.shn,1655282147.dop083.lo4.t,1655282147.cds240.lo4.pr
last-modified: Thu, 19 May 2022 08:04:21 GMT
server: cloudflare
cache-control: max-age=3600
etag: W/"fa975eef0c5f850cdaf2e30512297706"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OOP%2Fn1to2rp3%2BHpKyZZrFLleElEppFCuUR%2FMmOfuuhsizvSqdHp63g550KVNbKE%2Bh%2FsSwDvmAm%2FjjETvIJJXMKYFNnjDXFFrH4QehCwu3pq8s4D%2FqMlQm3Pi4%2BglNGBBMchb4XFcz%2BXimkiBD2rYfRY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-rgw-object-type: Normal
cf-ray: 71f4b4358b3571f3-LHR
cf-bgj: minify

Redirect headers

date: Wed, 22 Jun 2022 11:39:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ToWRklkZtsOu%2BBYCB%2Frbp2rzX5KCbm5iXfCpP35iv2gq7N0OV3u8i%2BA0tkcbof2%2BEVf0Myi2tuGvx983Ug2fqf9LviUvGQItOO8cl9XOgmM8FGVlMgf2LCHeteHIp9yRoqQ9uxsb2AuPBSVkQ8WK"}],"group":"cf-nel","max_age":604800}
location: https://static.elfsight.com/platform/platform.js
cache-control: max-age=3600
strict-transport-security: max-age=0
cf-ray: 71f4b42eeeb471f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Jun 2022 12:39:31 GMT

GET
H2 202 / Show response
app.clickfunnels.com/userevents/ 0
307 B 693ms
435ms XHR
text/html 2606:4700::6810:dc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/userevents/?funnel_id=eE5CNlB0NXZKTCtzUENBdXpDYWtWdz09LS1qenBZeWVCVEloY3VoREJoYXE0VUFBPT0%3D--72845e4269089eaf288f100a30cb0758bcf14e3d&page_id=cGlqeDZTRjFoTHl1ZjdKZm0yczVLQT09LS05bkwxdno3WG9ZU0JaN1pqRUtITmNBPT0%3D--e2aaa95598fc18a1629e952d2dc7a641cc5054a4&funnel_step_id=dGRTVytGRHR3RXZKTjVOUUZLUXVIZz09LS1RQ1JBTGRLQTBiVFJhbDhzZm0vQTNBPT0%3D--4c7e12a1b7eb2b5dc385edefc954272c55819b1a&user_id=alFtdEFRY1pwNkdBc0hSZndFZnpnZz09LS11MHFkNDZlUC92a1c1STRuakpVa0pBPT0%3D--b47042ea480f006acf9a84cf65bf49ffc6574585&account_id=WmY4ZExmb01WZ1Fnd3J3WC9BMm5mQT09LS1UQ2hRMDZGMmlqKzRuM1lka1ZnU2FBPT0%3D--b39406b256526a40b1c168e6934c0b5bf7acdeb7&page_code=NTUwNDkwNTY%3D&mode_id=1&time_zone=America%2FLos_Angeles&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::PageviewsCreatedSummary&nonce=f39afe6d-6a78-45de-b401-a7e9a5ced49c&url=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/userevents/application.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:dc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:31 GMT
access-control-request-method: *
cf-cache-status: BYPASS
access-control-allow-origin: *
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 202 Accepted
strict-transport-security: max-age=0
x-request-id: b96ebae37f6dd3daa341d6afee42a1d7
x-runtime: 0.033573
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
pragma: no-cache
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 71f4b42fdb307566-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H2 202 / Show response
app.clickfunnels.com/userevents/ 0
812 B 462ms
209ms XHR
text/html 2606:4700::6810:dc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/userevents/?funnel_id=eE5CNlB0NXZKTCtzUENBdXpDYWtWdz09LS1qenBZeWVCVEloY3VoREJoYXE0VUFBPT0%3D--72845e4269089eaf288f100a30cb0758bcf14e3d&page_id=cGlqeDZTRjFoTHl1ZjdKZm0yczVLQT09LS05bkwxdno3WG9ZU0JaN1pqRUtITmNBPT0%3D--e2aaa95598fc18a1629e952d2dc7a641cc5054a4&funnel_step_id=dGRTVytGRHR3RXZKTjVOUUZLUXVIZz09LS1RQ1JBTGRLQTBiVFJhbDhzZm0vQTNBPT0%3D--4c7e12a1b7eb2b5dc385edefc954272c55819b1a&user_id=alFtdEFRY1pwNkdBc0hSZndFZnpnZz09LS11MHFkNDZlUC92a1c1STRuakpVa0pBPT0%3D--b47042ea480f006acf9a84cf65bf49ffc6574585&account_id=WmY4ZExmb01WZ1Fnd3J3WC9BMm5mQT09LS1UQ2hRMDZGMmlqKzRuM1lka1ZnU2FBPT0%3D--b39406b256526a40b1c168e6934c0b5bf7acdeb7&page_code=NTUwNDkwNTY%3D&mode_id=1&time_zone=America%2FLos_Angeles&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniquePageviewsCreatedSummary&nonce=fbb0463c-cee8-44cf-a168-8ad08dfb8792&url=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/userevents/application.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:dc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:31 GMT
access-control-request-method: *
cf-cache-status: BYPASS
access-control-allow-origin: *
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 202 Accepted
strict-transport-security: max-age=0
x-request-id: 4c3af864ff615c2ba411f2e3fbab54a7
x-runtime: 0.036507
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
pragma: no-cache
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 71f4b42fdb317566-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H2 202 / Show response
app.clickfunnels.com/userevents/ 0
308 B 461ms
215ms XHR
text/html 2606:4700::6810:dc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/userevents/?funnel_id=eE5CNlB0NXZKTCtzUENBdXpDYWtWdz09LS1qenBZeWVCVEloY3VoREJoYXE0VUFBPT0%3D--72845e4269089eaf288f100a30cb0758bcf14e3d&page_id=cGlqeDZTRjFoTHl1ZjdKZm0yczVLQT09LS05bkwxdno3WG9ZU0JaN1pqRUtITmNBPT0%3D--e2aaa95598fc18a1629e952d2dc7a641cc5054a4&funnel_step_id=dGRTVytGRHR3RXZKTjVOUUZLUXVIZz09LS1RQ1JBTGRLQTBiVFJhbDhzZm0vQTNBPT0%3D--4c7e12a1b7eb2b5dc385edefc954272c55819b1a&user_id=alFtdEFRY1pwNkdBc0hSZndFZnpnZz09LS11MHFkNDZlUC92a1c1STRuakpVa0pBPT0%3D--b47042ea480f006acf9a84cf65bf49ffc6574585&account_id=WmY4ZExmb01WZ1Fnd3J3WC9BMm5mQT09LS1UQ2hRMDZGMmlqKzRuM1lka1ZnU2FBPT0%3D--b39406b256526a40b1c168e6934c0b5bf7acdeb7&page_code=NTUwNDkwNTY%3D&mode_id=1&time_zone=America%2FLos_Angeles&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniqueVisitorsCreatedSummary&nonce=5f34f2e3-a74e-4f6a-aca6-982f909b1666&url=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/assets/userevents/application.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:dc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:31 GMT
access-control-request-method: *
cf-cache-status: BYPASS
access-control-allow-origin: *
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 202 Accepted
strict-transport-security: max-age=0
x-request-id: 6c12c887d1ad9f18eb4b52811bbad04e
x-runtime: 0.036197
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
pragma: no-cache
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 71f4b42fdb327566-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H/1.1 200
OK pixel.css
app.socialproofy.io/themes/s00p/assets/css/ 161 KB
16 KB 76ms
75ms Stylesheet
text/css 161.35.152.125
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://app.socialproofy.io/themes/s00p/assets/css/pixel.css?v=509000

Requested by

Host: app.socialproofy.io
URL: https://app.socialproofy.io/pixel/7mg32bigdn5z8j0pneczhscgcjcffj5o

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

161.35.152.125 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

1a1b94c3b3348dacc1d16a7fe3087b8c7df813e4914e9a3fa5bf4d26169f9693

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1;mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Wed, 22 Jun 2022 11:39:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 16 May 2022 13:47:43 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "28428-5df2144b35d62-gzip"
X-Frame-Options: sameorigin
Content-Type: text/css
Content-Security-Policy: frame-ancestors 'self';
Connection: Keep-Alive
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 15403
X-XSS-Protection: 1;mode=block
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK / Show response
api64.ipify.org/ 19 B
240 B 442ms
140ms XHR
text/plain 2607:f2d8:4010:8::2
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api64.ipify.org/
Requested by: Host: app.socialproofy.io
URL: https://app.socialproofy.io/pixel/7mg32bigdn5z8j0pneczhscgcjcffj5o
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2607:f2d8:4010:8::2 , United States, ASN18450 (WEBNX, US),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash: 7204fcfe93e81338175bc13572c314dab97c6f6fcb9f627a5499e539656297c6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.obtainrefund.com
Date: Wed, 22 Jun 2022 11:39:31 GMT
Server: nginx/1.21.6
Connection: keep-alive
Content-Length: 19
Vary: Origin
Content-Type: text/plain

GET
H2 200 2a02:8c8:c10:30::14 Show response
www.iplocate.io/api/lookup/ 307 B
1 KB 483ms
191ms XHR
application/json 2606:4700:20::681a:b55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.iplocate.io/api/lookup/2a02:8c8:c10:30::14

Requested by

Host: app.socialproofy.io
URL: https://app.socialproofy.io/pixel/7mg32bigdn5z8j0pneczhscgcjcffj5o

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:b55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d572c032baaaae22839d0f29b03934c2f4bbc98c8cfaa88f8135d4e274115441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
cf-ray: 71f4b4340f7f8e26-LHR
x-ratelimit-limit: 1000
access-control-max-age: 7200
access-control-allow-methods: GET, OPTIONS
x-xss-protection: 1; mode=block
x-request-id: 979fc980-c33a-46b0-bb23-a2cec1b65511
x-runtime: 0.007253
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"d572c032baaaae22839d0f29b03934c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BMsKx25B%2BMJ1zsIU8O4D8RTPMNzdMrs%2BR08uv9dswLXcgWDDDQbK0HgSXN97kF69EtqpPUmq1rtOTatvSxmsdhxnciWTCQrfqBE%2FVD7gFwrVpTLhSURYF2%2BdgtbWi21xaZibqAUk8D04URW%2FAg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-download-options: noopen
access-control-allow-origin: *
access-control-expose-headers: x-ratelimit-limit, x-ratelimit-reset, x-ratelimit-remaining
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 2022-06-23 00:00:00 +0000
x-ratelimit-remaining: 999
content-type: application/json; charset=utf-8
x-ratelimit-client-id: 2a02:8c8:c10:30::14

POST
H/1.1 200
OK 7mg32bigdn5z8j0pneczhscgcjcffj5o
app.socialproofy.io/pixel-track/ 0
0 49ms
49ms Ping
text/html 161.35.152.125
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://app.socialproofy.io/pixel-track/7mg32bigdn5z8j0pneczhscgcjcffj5o
Requested by: Host: app.socialproofy.io
URL: https://app.socialproofy.io/pixel/7mg32bigdn5z8j0pneczhscgcjcffj5o
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.152.125 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 pc Show response
181867.t.hyros.com/v1/lst/ 117 B
372 B 139ms
116ms XHR
application/json 34.226.127.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://181867.t.hyros.com/v1/lst/pc?ref_url=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616&u_agent=Mozilla%2F5.0+%28Linux%3B+Android+11%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F86.0.4240.185+Mobile+Safari%2F537.36
Requested by: Host: 181867.tracking.hyros.com
URL: https://181867.tracking.hyros.com/v1/lst/universal-script?ph=b2b74813eb029744cc57f6bea4748169d2f21356c1a1547e9a5627945ca55475&tag=!tracking
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.127.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-226-127-56.compute-1.amazonaws.com
Software: /
Resource Hash: 6aa451a660722e461198ce196fc50e082f21ce0b6f3de61248b9610a2f010c65

Request headers

Session-ID: HB-ET_38027fb6bc9329180636c8183c8a58ba855a2aa46a1e43bac5c9dc9703bc6fab
Product-ID: 181867
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
Access-Control-Allow-Headers: *

Response headers

date: Wed, 22 Jun 2022 11:39:32 GMT
access-control-max-age: 86400
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.obtainrefund.com
access-control-expose-headers: Session-ID
access-control-allow-credentials: true
content-length: 117

GET
H3 200 www-player.css
www.youtube.com/s/player/f05de49d/ Frame 7792 338 KB
46 KB 38ms
38ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ef8240733673f0a3033c41dc341b2257b546bebf39e6e4303ee907366d78a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 01:23:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47576
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 01:23:47 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame 7792 304 KB
94 KB 156ms
156ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55912cfc0ebd0cfdaea7cb26393660daf8c0d03029368e5113f70453fd915ac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 07:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96086
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 07:27:15 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 7792 2 MB
533 KB 170ms
169ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0936e323adeda3d6bda1d6310feef803410334d4aebe9698cc39ae4142bf991a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 545904
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:41 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame 7792 9 KB
3 KB 180ms
179ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Tue, 21 Jun 2022 15:42:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 21 Jun 2023 15:42:25 GMT

GET
H3 200 www-player.css
www.youtube.com/s/player/f05de49d/ Frame 4BEC 338 KB
46 KB 47ms
46ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ef8240733673f0a3033c41dc341b2257b546bebf39e6e4303ee907366d78a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 01:23:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47576
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 01:23:47 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame 4BEC 304 KB
94 KB 181ms
180ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55912cfc0ebd0cfdaea7cb26393660daf8c0d03029368e5113f70453fd915ac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 07:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96086
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 07:27:15 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 4BEC 2 MB
533 KB 192ms
192ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0936e323adeda3d6bda1d6310feef803410334d4aebe9698cc39ae4142bf991a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 545904
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:41 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame 4BEC 9 KB
3 KB 196ms
196ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Tue, 21 Jun 2022 15:42:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 21 Jun 2023 15:42:25 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 174ms
42ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=450946546174186&ev=PageView&dl=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616&rl=&if=false&ts=1655897972165&sw=1600&sh=1200&v=2.9.62&r=stable&ec=0&o=30&fbp=fb.1.1655897972160.1637897288&it=1655897969789&coo=false&rqm=GET

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:32 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Wed, 22 Jun 2022 11:39:32 GMT

GET
H3 200 www-player.css
www.youtube.com/s/player/f05de49d/ Frame 7639 338 KB
46 KB 62ms
61ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ef8240733673f0a3033c41dc341b2257b546bebf39e6e4303ee907366d78a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 01:23:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47576
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 01:23:47 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame 7639 304 KB
94 KB 153ms
153ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55912cfc0ebd0cfdaea7cb26393660daf8c0d03029368e5113f70453fd915ac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 07:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96086
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 07:27:15 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 7639 2 MB
533 KB 164ms
164ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0936e323adeda3d6bda1d6310feef803410334d4aebe9698cc39ae4142bf991a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 545904
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:41 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame 7639 9 KB
3 KB 173ms
173ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Tue, 21 Jun 2022 15:42:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 21 Jun 2023 15:42:25 GMT

GET
H3 200 www-player.css
www.youtube.com/s/player/f05de49d/ Frame 0E48 338 KB
46 KB 60ms
58ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ef8240733673f0a3033c41dc341b2257b546bebf39e6e4303ee907366d78a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 01:23:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47576
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 01:23:47 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame 0E48 304 KB
94 KB 172ms
171ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55912cfc0ebd0cfdaea7cb26393660daf8c0d03029368e5113f70453fd915ac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 07:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96086
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 07:27:15 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 0E48 2 MB
533 KB 226ms
225ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0936e323adeda3d6bda1d6310feef803410334d4aebe9698cc39ae4142bf991a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 545904
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:41 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame 0E48 9 KB
3 KB 228ms
227ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Tue, 21 Jun 2022 15:42:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 21 Jun 2023 15:42:25 GMT

GET
H2 200 identify.js Show response
analytics.tiktok.com/i18n/pixel/ 114 KB
31 KB 581ms
576ms Script
application/javascript 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/identify.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a15ae2b3cda8819a955675b8cb16528a5fa66ad1179944d22e106cfa6442082d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

x-akamai-request-id: 2fa05ae.144a83fc
date: Wed, 22 Jun 2022 11:39:32 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-220-104-149.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-parent-response-time: 523,23.36.161.200
server-timing: cdn-cache; desc=MISS, edge; dur=436, origin; dur=92, inner; dur=3
content-length: 30853
pragma: no-cache
server: nginx
x-tt-logid: 2022062211393201000200300500600300913342144
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 92,23.220.104.149
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab76a5d4f79a29cfb20ca214a2e050938a82549b4254d3be3a3507412f0d49f39dc059aeba47fd7697d37b5cd6f84f775fd8520830749fba5c127deea04e7118697e277f64d63e9f94ea64188b33b22ffdb18263570ec613038772c98919f49ba1b
expires: Wed, 22 Jun 2022 11:39:32 GMT

OPTIONS
H2 200 pc
181867.t.hyros.com/v1/lst/ Frame 0
0 102ms
102ms Preflight
application/vnd.sun.wadl+xml 34.226.127.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://181867.t.hyros.com/v1/lst/pc?ref_url=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616&u_agent=Mozilla%2F5.0+%28Linux%3B+Android+11%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F86.0.4240.185+Mobile+Safari%2F537.36
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.127.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-226-127-56.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: access-control-allow-headers,access-control-allow-origin,content-type,product-id,session-id
Access-Control-Request-Method: GET
Origin: https://www.obtainrefund.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: access-control-allow-headers,access-control-allow-origin,content-type,product-id,session-id
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
access-control-allow-origin: https://www.obtainrefund.com
access-control-expose-headers: Session-ID
access-control-max-age: 86400
allow: HEAD,GET,OPTIONS
content-length: 4064
content-type: application/vnd.sun.wadl+xml;charset=utf-8
date: Wed, 22 Jun 2022 11:39:32 GMT
last-modified: Wed, 22 Jun 2022 11:39:32 UTC

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
718 B 231ms
218ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 2b921e3.144a880e
date: Wed, 22 Jun 2022 11:39:32 GMT
x-cache-remote: TCP_MISS from a23-220-104-155.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-parent-response-time: 160,23.36.161.200
server-timing: cdn-cache; desc=MISS, edge; dur=115, origin; dur=53, inner; dur=13
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2022062211393201000200300500600301007BB98EA
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 53,23.220.104.155
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab76a5d4f79a29cfb20ca214a2e050938a88e403ebb446cde990ad48b20b9e1bf5a562c9479c4883b292021bf448d642be955d38b322a2f5573a18f475d668f79c073f48167e2ea64832aba3ce271b0e38fec422d87484ebc2368608dc5c86acf82
expires: Wed, 22 Jun 2022 11:39:32 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
575 B 318ms
308ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 22 Jun 2022 11:39:32 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 2022062211393201000200600500500600304707D41053
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 241,23.36.161.200
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab7c5e05ee0dc42bcf4d014937d0cd4914862c10bec18676f678eb870453e1122963d13f16c4288ff59776ae4a46bfeab331a4806d0a1c30104c37b9022abdb7c98541e8d01f48afa08dcf1a1d1a13ca2a5
server-timing: inner; dur=13, cdn-cache; desc=MISS, edge; dur=0, origin; dur=241
x-akamai-request-id: 144a8891
content-length: 0
expires: Wed, 22 Jun 2022 11:39:32 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
718 B 378ms
368ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 2b92479.144a88e9
date: Wed, 22 Jun 2022 11:39:32 GMT
x-cache-remote: TCP_MISS from a23-220-104-155.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-parent-response-time: 256,23.36.161.200
server-timing: cdn-cache; desc=MISS, edge; dur=103, origin; dur=156, inner; dur=53
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2022062211393201000400500600303408D4740E
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 156,23.220.104.155
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab76a5d4f79a29cfb20ca214a2e050938a88e403ebb446cde990ad48b20b9e1bf5adac85f21327d1cd04b94d91de347df2c7cadae6101693a9af05d5cccf5e771d47500b598916cd66a64b6bb3c1cff5467b3b21c0c108dfbb73cdd6e7bb9b4c7fa
expires: Wed, 22 Jun 2022 11:39:32 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
580 B 546ms
537ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 22 Jun 2022 11:39:32 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 20220622113932010004004025004005006003004019FECC2
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 423,23.36.161.200
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab7c5e05ee0dc42bcf4d014937d0cd4914869db2078f651b5aa8b532ac513e8819c3dc840d54b986c1273817c825ce48f90010e9e432b1c6cffe2afb8a3ac42cc3b0b73ad2e3a570a2f0a324da262473539
server-timing: inner; dur=249, cdn-cache; desc=MISS, edge; dur=1, origin; dur=423
x-akamai-request-id: 144a8962
content-length: 0
expires: Wed, 22 Jun 2022 11:39:32 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
575 B 315ms
306ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 22 Jun 2022 11:39:32 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 202206221139320100020030020050060030110107CC5B
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 166,23.36.161.200
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab7c5e05ee0dc42bcf4d014937d0cd49148edf88af484bc57c95dcc45e0283eace70e42ca084d2a2e40696b32ce57f329aa2f11ee7fd346504df8351209b70b05cc2deec7c114028ffea9db8ddd4e9e9e6e
server-timing: inner; dur=6, cdn-cache; desc=MISS, edge; dur=1, origin; dur=165
x-akamai-request-id: 144a89dd
content-length: 0
expires: Wed, 22 Jun 2022 11:39:32 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
715 B 304ms
295ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 7c142f0.144a8a47
date: Wed, 22 Jun 2022 11:39:32 GMT
x-cache-remote: TCP_MISS from a104-78-78-44.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-parent-response-time: 133,23.36.161.200
server-timing: cdn-cache; desc=MISS, edge; dur=91, origin; dur=42, inner; dur=7
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2022062211393201000200300500600300307488C96
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 42,104.78.78.44
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab72bb49c150a86066346e6ba552c253a854482243412599ea4a68bdfa79b01cb5524f97e42ce27479e40a6915ddcbec58f63eaf2f356b655160472143c54152ab93063e73098123cb55bcb01d217bd1c58961c89de8e1616d904a22fb38d5c30d6
expires: Wed, 22 Jun 2022 11:39:32 GMT

GET
H2 200 config.js Show response
analytics.tiktok.com/i18n/pixel/ 872 B
1 KB 290ms
289ms Script
application/javascript 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/config.js?sdkid=C8SCEDTV1H48C4QE840G&hostname=www.obtainrefund.com
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 4b3af1b97a6b7273ec4dc9198048be638f349eec0418c5aea0b7ec5c86844ec4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

x-akamai-request-id: 262916e.144a8a82
date: Wed, 22 Jun 2022 11:39:32 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-220-104-144.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-parent-response-time: 113,23.36.161.200
server-timing: cdn-cache; desc=MISS, edge; dur=91, origin; dur=23, inner; dur=19
content-length: 349
pragma: no-cache
server: nginx
x-tt-logid: 202206221139320100040030077350020630CAA3B56
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 23,23.220.104.144
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab76a5d4f79a29cfb20ca214a2e050938a8a3563cbb92d62c592a6d5ed04dec1101ea92322613ee72fb2760ba9d77c588bf3fd56f4de3acb1a31ff37aa890d6ecd2b26382f5c4a2b3b8c49ec531852c8e5131772452665e7df4116afba3ec1a1cac
expires: Wed, 22 Jun 2022 11:39:32 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
574 B 534ms
532ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 22 Jun 2022 11:39:32 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 2022062211393201000400500600302500D01D49
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 337,23.36.161.200
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab7c5e05ee0dc42bcf4d014937d0cd491485717ae9819d3bc2b99eda960863382c8bb45e880a34e807e822eb3ad92b0f507953444ac49d97e98435a6adc2186b6fb94e4737eb104019127270143710fb1ce
server-timing: inner; dur=211, cdn-cache; desc=MISS, edge; dur=0, origin; dur=337
x-akamai-request-id: 144a8afc
content-length: 0
expires: Wed, 22 Jun 2022 11:39:32 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
720 B 513ms
513ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 22e4cd3.144a8b28
date: Wed, 22 Jun 2022 11:39:32 GMT
x-cache-remote: TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-parent-response-time: 302,23.36.161.200
server-timing: cdn-cache; desc=MISS, edge; dur=97, origin; dur=205, inner; dur=145
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202206221139320100020060050050060030560502A9C9
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 206,23.220.104.133
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab76a5d4f79a29cfb20ca214a2e050938a8b8cc3574d3002b3808a1c9c75704ccdd618518aa81c24b6dbe63522effd40715197f2d2e222cf63053d8d89bc88b24dfe8e7de8036aba6eb10c74ed4a233dfe354a8499daa38710284dce22898b2caf1
expires: Wed, 22 Jun 2022 11:39:32 GMT

GET
H2 200 world.png
img.icons8.com/fluency/344/ 21 KB
22 KB 385ms
263ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/fluency/344/world.png

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

5e089cb4811fae2d388bf1580ada7ca720b17f813302cccc7f1c071a743e0015

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 22 Jun 2022 11:39:32 GMT
icon-size: 344
x-content-type-options: nosniff
memory-svg-cache: false
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: MISS
strict-transport-security: max-age=15724800; includeSubDomains
x-dns-prefetch-control: off
content-length: 21666
x-xss-protection: 1; mode=block
x-77-nzt: AZySIRCGkijB
x-accel-expires: @1656200372
not-found-platform: false
last-modified: Tue, 21 Jun 2022 23:26:12 GMT
server: CDN77-Turbo
x-77-nzt-ray: QqfZgzjrTE8
x-download-options: noopen
x-77-cache: MISS
content-type: image/png
memory-cache: false
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: Gb2G79ATZk4x
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20220614104927457

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/f05de49d/www-widgetapi.vflset/ 157 KB
51 KB 1018ms
1017ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3322e4697d424c705cfe921a4086dbb13982e9265276ced4e8a002ba6da78bed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:03:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2179
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52281
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 11:03:13 GMT

GET
H3 200 www-player.css
www.youtube.com/s/player/f05de49d/ Frame 0EAD 338 KB
46 KB 39ms
37ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ef8240733673f0a3033c41dc341b2257b546bebf39e6e4303ee907366d78a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 01:23:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47576
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 01:23:47 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/f05de49d/www-embed-player.vflset/ Frame 0EAD 304 KB
94 KB 114ms
113ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55912cfc0ebd0cfdaea7cb26393660daf8c0d03029368e5113f70453fd915ac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 07:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96086
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 22 Jun 2023 07:27:15 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 0EAD 2 MB
533 KB 120ms
119ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0936e323adeda3d6bda1d6310feef803410334d4aebe9698cc39ae4142bf991a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 545904
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:41 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/ Frame 0EAD 9 KB
3 KB 139ms
138ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Tue, 21 Jun 2022 15:42:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 21 Jun 2023 15:42:25 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 127ms
49ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=306320900&t=pageview&_s=1&dl=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616&ul=en-us&de=UTF-8&dt=Apply%20To%20Get%20Paid&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1061863051&gjid=1148806098&cid=2081019228.1655897973&tid=UA-219285256-1&_gid=1817947005.1655897973&_r=1&gtm=2wg6f0N99VKRS&z=598863316

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Jun 2022 11:39:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.obtainrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
apps.elfsight.com/p/boot/ 9 KB
4 KB 1069ms
1034ms XHR
application/json 2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.elfsight.com/p/boot/?w=f48b140e-2073-4857-9e6c-d0f1fabc7a6b%2Cb555d0af-2bb7-4028-b73f-99e9dfd111ec

Requested by

Host: apps.elfsight.com
URL: https://apps.elfsight.com/p/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

660b938fae9c2a827ff143338ae6058bf9fd1d6f42b9fbb45f29d925945808b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:33 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET
strict-transport-security: max-age=0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vM5KXAA7qFBjcUagwMnZI0RvnZA8EGD%2FJZkh4hEKskPXe3ZVHMxVkZE2N3xW%2FRbh7FBbMePs2uWBAsHBOQVmlLMhJ5mRziFe%2B9gLXVRj2aSptxJ0xuXrxIWevhlw9qNKypsCjsn7cuwumJnm1O9Z"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.obtainrefund.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-apo-via: origin,host
cf-ray: 71f4b4394e4106b2-LHR
access-control-allow-headers: DNT, Referer, Content-Type, Set-Cookie, x-csrf-token, x-socket-id

GET
H3 200 /
www.facebook.com/tr/ 44 B
90 B 101ms
46ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=450946546174186&ev=Microdata&dl=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616&rl=&if=false&ts=1655897972682&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Apply%20To%20Get%20Paid%20%22%2C%22meta%3Adescription%22%3A%22%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Aimage%22%3A%22%22%2C%22og%3Atitle%22%3A%22Apply%20To%20Get%20Paid%20%22%2C%22og%3Adescription%22%3A%22%22%2C%22og%3Aurl%22%3A%22http%3A%2F%2Fwww.getgovrefund.com%2Floader1655503907616%22%2C%22og%3Atype%22%3A%22website%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.62&r=stable&ec=1&o=30&fbp=fb.1.1655897972160.1637897288&it=1655897969789&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:32 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Wed, 22 Jun 2022 11:39:32 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
449 B 101ms
32ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-219285256-1&cid=2081019228.1655897973&jid=1061863051&gjid=1148806098&_gid=1817947005.1655897973&_u=YEBAAEAAAAAAAC~&z=2042441220

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 22 Jun 2022 11:39:32 GMT
content-type: text/plain
access-control-allow-origin: https://www.obtainrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
721 B 442ms
439ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 2fa121c.144a8d84
date: Wed, 22 Jun 2022 11:39:33 GMT
x-cache-remote: TCP_MISS from a23-220-104-149.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-parent-response-time: 395,23.36.161.200
server-timing: cdn-cache; desc=MISS, edge; dur=92, origin; dur=304, inner; dur=294
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202206221139320100020030050060030091334217D
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 304,23.220.104.149
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab76a5d4f79a29cfb20ca214a2e050938a82549b4254d3be3a3507412f0d49f39dc059aeba47fd7697d37b5cd6f84f775fd6de6842452b975cca436016c993c3b709f33128d88d3e4da12f482ab31f660d734e68a5699b5f46719dd11b99a5ddb7e
expires: Wed, 22 Jun 2022 11:39:33 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
575 B 140ms
136ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 22 Jun 2022 11:39:32 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 20220622113932010004003007735002063048920DB
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 97,23.36.161.200
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab7c5e05ee0dc42bcf4d014937d0cd49148eec1f08ab485735a7b49c08f4fd2d6db2b5d7e725762cfa140cd4504363b1ecc2994337e4b3f8f5868c6c6d9c3e171b3a12b5c84476f8baa46a98719c4e2e47d
server-timing: inner; dur=10, cdn-cache; desc=MISS, edge; dur=0, origin; dur=97
x-akamai-request-id: 144a8d9c
content-length: 0
expires: Wed, 22 Jun 2022 11:39:32 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
716 B 159ms
158ms Ping
application/octet-stream 23.36.163.228
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SCEDTV1H48C4QE840G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-228.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 28436cb.144a8eba
date: Wed, 22 Jun 2022 11:39:32 GMT
x-cache-remote: TCP_MISS from a23-220-104-145.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-200.deploy.akamaitechnologies.com (AkamaiGHost/10.8.2-41758951) (-)
x-parent-response-time: 121,23.36.161.200
server-timing: cdn-cache; desc=MISS, edge; dur=89, origin; dur=32, inner; dur=30
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202206221139320100020030050060030030503A0BE
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 32,23.220.104.145
x-tt-trace-host: 01f4ed9df232cdcc7a0f3c9fa2fefe8ab76a5d4f79a29cfb20ca214a2e050938a847c3ab4f9318664f0e1d0088fdbbfeeed42019264dcb2f0c2acc44d07563bdf9ee8115467e8b0b605c39d02a06f3636efdc519887049b7e5cc9d78a2cc98ff889f0c039c60f9d5491adcbd4353050eda
expires: Wed, 22 Jun 2022 11:39:32 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 170ms
65ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-219285256-1&cid=2081019228.1655897973&jid=1061863051&_u=YEBAAEAAAAAAAC~&z=1048153863

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jun 2022 11:39:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
501 B 430ms
326ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-219285256-1&cid=2081019228.1655897973&jid=1061863051&_u=YEBAAEAAAAAAAC~&z=1048153863

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jun 2022 11:39:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 7792
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

147ms
71ms

XHR
application/json

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aec7c2a0b955757314772857dbd2e74f10b0317e66c08fca34ee56b67ff3b303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 22 Jun 2022 11:39:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 7792 29 B
587 B 140ms
35ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:34:42 GMT
x-content-type-options: nosniff
age: 291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Jun 2022 11:49:42 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 4BEC
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

146ms
70ms

XHR
application/json

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc80b92fcaf5587aaaded8e71db5825b90cb3ce0cda7219e74207d41a1668dd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 22 Jun 2022 11:39:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 4BEC 29 B
89 B 115ms
37ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:34:42 GMT
x-content-type-options: nosniff
age: 291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Jun 2022 11:49:42 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 0E48
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

142ms
66ms

XHR
application/json

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3d64271421bb356946bc2fa112e73b664685affe9c3075f12258236382f5f37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 22 Jun 2022 11:39:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 0E48 29 B
89 B 99ms
38ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:34:42 GMT
x-content-type-options: nosniff
age: 291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Jun 2022 11:49:42 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 0EAD
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

123ms
46ms

XHR
application/json

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

12c34d64299db9def1b2b3774b6b73994b0ffc936e7aab1503eaf030a2cae958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 22 Jun 2022 11:39:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 0EAD 29 B
89 B 86ms
40ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:34:42 GMT
x-content-type-options: nosniff
age: 291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Jun 2022 11:49:42 GMT

GET
H3 200 / Show response
apps.elfsight.com/p/boot/ 14 KB
6 KB 3038ms
3037ms XHR
application/json 2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.elfsight.com/p/boot/?w=f48b140e-2073-4857-9e6c-d0f1fabc7a6b%2Cb555d0af-2bb7-4028-b73f-99e9dfd111ec%2C0dc6f59d-227a-4f1a-b4b7-30b125dc11a4%2C3471ae86-9e70-4860-82e1-9b591648a303

Requested by

Host: apps.elfsight.com
URL: https://apps.elfsight.com/p/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9006a85a0d93c0864f1e1f73a15c78ec3af339e761f025caf66918efcc9803bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET
strict-transport-security: max-age=0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gatmhP1bZ1B2usssub%2Fg5QS%2FTxtPQOG0WMYDxgLhAxJfcenajmiTy5c%2BzU%2Bmy4hpF9Fmf6fIRGKYQRy8Kiw%2BGBvi4ql39XJTuZ1qDGherl06bhNqeLWGG6Sdw3CrKAa8wPNdj0LI0Qy6Ax%2FtPYJJ"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.obtainrefund.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-apo-via: origin,host
cf-ray: 71f4b4407fc606b2-LHR
access-control-allow-headers: DNT, Referer, Content-Type, Set-Cookie, x-csrf-token, x-socket-id

GET
H3 200 testimonialsSlider.js Show response
static.elfsight.com/apps/testimonials-slider/release/5100a1408b1ce9f70b59d0c95b95103c59b3d96b/app/ 207 KB
57 KB 46ms
46ms Script
application/javascript 2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/apps/testimonials-slider/release/5100a1408b1ce9f70b59d0c95b95103c59b3d96b/app/testimonialsSlider.js

Requested by

Host: apps.elfsight.com
URL: https://apps.elfsight.com/p/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae6293c8e6c5db845d03dff6a3ffa88c018513a43b8e67c522b949ed0cadb65e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:33 GMT
content-encoding: br
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 615822
cf-polished: origSize=211474
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: tx00000000000007aef5d64-0062a999e7-2937b2ed-sfo2a
x-hw: 1655282151.dop223.lo4.t,1655282151.cds232.lo4.shn,1655282151.dop223.lo4.t,1655282151.cds277.lo4.pr
last-modified: Tue, 14 Jun 2022 11:29:46 GMT
server: cloudflare
cache-control: max-age=31536000
etag: W/"291aeb7e2a5109b5aa5469ba412f13c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QijlE%2FKijKqFXG2cA2t6%2B7j1cyyTWyHLyHgJSfrCwXICCJn%2B2MW8jHTpJmcALzMw%2BCJPZ2EoGMMQK0oxdxUJxGNksLqHR8xqa7ngK3KwpE47ySn8K7g8MIC0i07oWCNCZROS9sidMRrdNs1o9FFLQrI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-rgw-object-type: Normal
cf-ray: 71f4b4407fc906b2-LHR
cf-bgj: minify

GET
H3 200 numberCounter.js Show response
static.elfsight.com/apps/number-counter/release/8f32ad9c-3352-4425-9101-c1e4f547bd60/app/ 2 MB
493 KB 85ms
85ms Script
application/javascript 2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/apps/number-counter/release/8f32ad9c-3352-4425-9101-c1e4f547bd60/app/numberCounter.js

Requested by

Host: apps.elfsight.com
URL: https://apps.elfsight.com/p/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

111a2946b3856768f13a53e977daf3dfbc912df4f95fd3c14d538f9ab7df4d7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:33 GMT
content-encoding: br
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 615810
cf-polished: origSize=1859955
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: tx0000000000000ebf311d9-0062a999f3-2768dd76-sfo2a
x-hw: 1655282163.dop039.lo4.t,1655282163.cds321.lo4.shn,1655282163.dop039.lo4.t,1655282163.cds258.lo4.pr
last-modified: Wed, 23 Feb 2022 13:34:42 GMT
server: cloudflare
cache-control: max-age=31536000
etag: W/"b6a4eb85041f566bdfcb3bdfb2a16792"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7MsjLeaafIT2jnfwrZZwLg9DKBqR9mo54kcykD0vTVOE%2B89i4AJ3VXXyvzdQfgkLRYJGlZpi%2FjBakbKgTBH8eEScVRpTM2CXLm67gCmRKD91Ge0fQQrlIBGTAqNHWjNWadXxpSTBHJaSRuw8sxsvrV4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-rgw-object-type: Normal
cf-ray: 71f4b4407fca06b2-LHR
cf-bgj: minify

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 7639
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

145ms
69ms

XHR
application/json

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e1c9f584ab25a8fb6cbe35fbd0e9b2eca00e1cdf7ff5a625af9f72214e21585

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 22 Jun 2022 11:39:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 7639 29 B
89 B 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:34:42 GMT
x-content-type-options: nosniff
age: 291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Jun 2022 11:49:42 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 136ms
46ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:33 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 7792 64 KB
30 KB 156ms
77ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bd7b7ce70d1c9a141a91abe41eaa1694a84ee5abdf36211b7d40cafda3f3b7f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 30480
x-xss-protection: 0

GET
H3 200 AssZ1dBZzHwqCeIzw_pgMoTk12eQHgNcIiCZ_K935bs.js Show response
www.google.com/js/th/ Frame 7792 36 KB
14 KB 148ms
41ms Script
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/AssZ1dBZzHwqCeIzw_pgMoTk12eQHgNcIiCZ_K935bs.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02cb19d5d059cc7c2a09e233c3fa603284e4d767901e035c222099fcaf77e5bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:35:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13998
x-xss-protection: 0
last-modified: Fri, 10 Jun 2022 11:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Jun 2023 11:35:04 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 7792 27 KB
8 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aea68df31c22fedd60b0fb27d60d19fd575df18f96627ddb0480d8f44b11d43d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499970
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8054
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:43 GMT

GET
DATA 200
OK truncated
/ Frame 7792 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLTUlwVlSlg11kP6aXgu47vqSLjbxR0os6N6bRhUylz312kGEEkhzJ47CmdYzBuS=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 7792 1 KB
2 KB 148ms
37ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLTUlwVlSlg11kP6aXgu47vqSLjbxR0os6N6bRhUylz312kGEEkhzJ47CmdYzBuS=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

707e900c3868b792025699e6d7584616c08c4ae747f72fe9de24c87aca4c4b91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:23:20 GMT
x-content-type-options: nosniff
server: fife
age: 974
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1440
x-xss-protection: 0
expires: Thu, 23 Jun 2022 11:23:20 GMT

GET
H2 200 sddefault.jpg
i.ytimg.com/vi/8OIhavsSG-U/ Frame 7792 42 KB
43 KB 213ms
102ms Image
image/jpeg 2a00:1450:4001:811::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/8OIhavsSG-U/sddefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae148d29d201d6e176a05cf0539d31d5fc42dacdf38b58e14de90c4ecd2975b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43042
x-xss-protection: 0
server: sffe
etag: "1653519872"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 22 Jun 2022 13:39:34 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 48ms
48ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:34 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 4BEC 64 KB
30 KB 100ms
56ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ad62c505758842d183b2f383851a5d9d2208aaf444077e45860d669be22ead28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 30474
x-xss-protection: 0

GET
H3 200 AssZ1dBZzHwqCeIzw_pgMoTk12eQHgNcIiCZ_K935bs.js Show response
www.google.com/js/th/ Frame 4BEC 36 KB
14 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/AssZ1dBZzHwqCeIzw_pgMoTk12eQHgNcIiCZ_K935bs.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02cb19d5d059cc7c2a09e233c3fa603284e4d767901e035c222099fcaf77e5bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:35:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13998
x-xss-protection: 0
last-modified: Fri, 10 Jun 2022 11:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Jun 2023 11:35:04 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 4BEC 27 KB
8 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aea68df31c22fedd60b0fb27d60d19fd575df18f96627ddb0480d8f44b11d43d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8054
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:43 GMT

OPTIONS
H3 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 50ms
49ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:34 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0E48 64 KB
30 KB 57ms
57ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf37505b8393edb026ba22b187b962e0848a8a9cf20bda450da852ec2da8d11a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 30451
x-xss-protection: 0

GET
H3 200 embed.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 0E48 27 KB
8 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aea68df31c22fedd60b0fb27d60d19fd575df18f96627ddb0480d8f44b11d43d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8054
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:43 GMT

GET
DATA 200
OK truncated
/ Frame 4BEC 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 AKedOLTUlwVlSlg11kP6aXgu47vqSLjbxR0os6N6bRhUylz312kGEEkhzJ47CmdYzBuS=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 4BEC 1 KB
1 KB 126ms
47ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLTUlwVlSlg11kP6aXgu47vqSLjbxR0os6N6bRhUylz312kGEEkhzJ47CmdYzBuS=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

707e900c3868b792025699e6d7584616c08c4ae747f72fe9de24c87aca4c4b91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:23:20 GMT
x-content-type-options: nosniff
server: fife
age: 974
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1440
x-xss-protection: 0
expires: Thu, 23 Jun 2022 11:23:20 GMT

GET
H3 200 sddefault.jpg
i.ytimg.com/vi/4HGrUdx9muM/ Frame 4BEC 46 KB
46 KB 172ms
96ms Image
image/jpeg 2a00:1450:4001:811::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/4HGrUdx9muM/sddefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2279726a8248e3b3cb0bf6b121ad724f402016d584fc3e80cf52db224b5571e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46928
x-xss-protection: 0
server: sffe
etag: "1653519817"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 22 Jun 2022 13:39:34 GMT

OPTIONS
H3 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 47ms
46ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:34 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0EAD 64 KB
30 KB 57ms
56ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

001ddaac7c39ee8ab2242885bdca890fc6aee2f4d953837c96ed85a7b31ae5d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 30329
x-xss-protection: 0

GET
H3 200 AssZ1dBZzHwqCeIzw_pgMoTk12eQHgNcIiCZ_K935bs.js Show response
www.google.com/js/th/ Frame 0EAD 36 KB
14 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/AssZ1dBZzHwqCeIzw_pgMoTk12eQHgNcIiCZ_K935bs.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02cb19d5d059cc7c2a09e233c3fa603284e4d767901e035c222099fcaf77e5bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:35:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13998
x-xss-protection: 0
last-modified: Fri, 10 Jun 2022 11:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Jun 2023 11:35:04 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 0EAD 27 KB
8 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aea68df31c22fedd60b0fb27d60d19fd575df18f96627ddb0480d8f44b11d43d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8054
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:43 GMT

OPTIONS
H3 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 46ms
45ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:34 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 7639 64 KB
30 KB 54ms
53ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d864d5a8d4d42225fbab083f7afd1d719a2bbfd7962c0c797450025a131934d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 30369
x-xss-protection: 0

GET
H3 200 embed.js Show response
www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/ Frame 7639 27 KB
8 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aea68df31c22fedd60b0fb27d60d19fd575df18f96627ddb0480d8f44b11d43d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 16:46:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 499971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8054
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 00:19:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Jun 2023 16:46:43 GMT

GET
DATA 200
OK truncated
/ Frame 0EAD 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 AKedOLTUlwVlSlg11kP6aXgu47vqSLjbxR0os6N6bRhUylz312kGEEkhzJ47CmdYzBuS=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 0EAD 1 KB
1 KB 37ms
37ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLTUlwVlSlg11kP6aXgu47vqSLjbxR0os6N6bRhUylz312kGEEkhzJ47CmdYzBuS=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

707e900c3868b792025699e6d7584616c08c4ae747f72fe9de24c87aca4c4b91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:23:20 GMT
x-content-type-options: nosniff
server: fife
age: 974
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1440
x-xss-protection: 0
expires: Thu, 23 Jun 2022 11:23:20 GMT

GET
H3 200 sddefault.jpg
i.ytimg.com/vi/pk2AIau9g6o/ Frame 0EAD 36 KB
36 KB 154ms
153ms Image
image/jpeg 2a00:1450:4001:811::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/pk2AIau9g6o/sddefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03e3e595557954b00776edad5e3fe1f2275c07a31d349683f8e91c33d5e95beb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:34 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37064
x-xss-protection: 0
server: sffe
etag: "1653519849"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 22 Jun 2022 13:39:34 GMT

POST
H/1.1 200
OK 7mg32bigdn5z8j0pneczhscgcjcffj5o
app.socialproofy.io/pixel-track/ 0
0 165ms
79ms Ping
text/html 161.35.152.125
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://app.socialproofy.io/pixel-track/7mg32bigdn5z8j0pneczhscgcjcffj5o
Requested by: Host: app.socialproofy.io
URL: https://app.socialproofy.io/pixel/7mg32bigdn5z8j0pneczhscgcjcffj5o
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.152.125 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.obtainrefund.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
DATA 200
OK truncated
/ 835 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f3dbe12fbbb9218bdc602fa9e4a86c73ca87c403128e2afccc69e6615d2546b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

g.png
files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/bf48a538-cb3b-4b8b-9c69-6f82625a64ae/
Redirect Chain

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/bf48a538-cb3b-4b8b-9c69-6f82625a64ae/g.png
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/bf48a538-cb3b-4b8b-9c69-6f82625a64ae/g.png

19 KB
20 KB

639ms
497ms

Image
image/png

2606:4700:20::ac43:4766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/bf48a538-cb3b-4b8b-9c69-6f82625a64ae/g.png

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Server

2606:4700:20::ac43:4766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8edb2dab855419b307f2822fd2df3671ba5598dc2e7869e51b50c47749536b37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx00000000000001c5508b8-0062b2355d-18c98378-nyc3a
content-length: 19867
x-hw: 1655846237.dop240.lo4.t,1655846237.cds320.lo4.shn,1655846237.dop240.lo4.t,1655846237.cds216.lo4.p
last-modified: Fri, 17 Jun 2022 11:46:12 GMT
server: cloudflare
cache-control: max-age=14400
etag: "0eb8078198b32ac9d48f60dc38d16bc3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ekTEbv6qYOfSMInD6NBDYSHJNQxit7LVkOAah8qZCVttTOkdLh7mFg78kO4hDYJuk0YcgBlhIOuCGS4oKbQVCga39gWrqaazvhaMDm9xn7Y87K%2FVPKOPBCZmBzmCrdelL37qyI52p7H0KVHfRYEqRpcCyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-rgw-object-type: Normal
accept-ranges: bytes
cf-ray: 71f4b44ae93176ef-LHR

Redirect headers

date: Wed, 22 Jun 2022 11:39:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NrFau6AQYHxWxrZV1bjlg4WhQIzflxQx0g1G5gpFFiiS%2FH5C%2BIrvBYtdocL95ZeFvH%2Fu%2BffmAgnARgfDFZ4gHL1KEhruGRWRQS3rlxAgHGAyZlZkxJsC7qxp91RoGuZUZnlMA6xA%2Bwu4MEe%2B8%2BS2aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/bf48a538-cb3b-4b8b-9c69-6f82625a64ae/g.png
cache-control: max-age=3600
strict-transport-security: max-age=0
cf-ray: 71f4b448bd8571f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Jun 2022 12:39:35 GMT

GET
H2

200

g.png
files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/9234efb4-d6db-48a6-b648-c9b909936855/
Redirect Chain

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/9234efb4-d6db-48a6-b648-c9b909936855/g.png
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/9234efb4-d6db-48a6-b648-c9b909936855/g.png

19 KB
20 KB

550ms
405ms

Image
image/png

2606:4700:20::ac43:4766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/9234efb4-d6db-48a6-b648-c9b909936855/g.png

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Server

2606:4700:20::ac43:4766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8edb2dab855419b307f2822fd2df3671ba5598dc2e7869e51b50c47749536b37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx00000000000001ca6b1f7-0062b2ff77-18c98378-nyc3a
content-length: 19867
x-hw: 1655897975.dop228.lo4.t,1655897975.cds080.lo4.shn,1655897975.dop228.lo4.t,1655897975.cds262.lo4.pr
last-modified: Fri, 17 Jun 2022 11:47:05 GMT
server: cloudflare
cache-control: max-age=14400
etag: "0eb8078198b32ac9d48f60dc38d16bc3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSu4xkGMSenKg3pvsAMV8gAc4mcouju8FZaoQL0F1eyqQkGDjcsJ1A2r%2F9nKVm0AjTfYAuVf4KDxxwlQpDCd888HBDljCR0Gx2i%2F3RwN%2B%2BV3Hc9i%2BzwXyOXJQwCY2bl83c%2BFWA1tAZFoEEfo%2B65sTVNhCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-rgw-object-type: Normal
accept-ranges: bytes
cf-ray: 71f4b44ae92d76ef-LHR

Redirect headers

date: Wed, 22 Jun 2022 11:39:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itmAqnLxeafLbkJkyQpQ9igUr7oO%2FIp%2F0Vqkzs7omv7n2bP2YH5MtcwR%2FMViGF950HkCw2pBvyIVkGV7rN6u62ql5mZVRZjs6LBxEa3WAUJt62ao%2BO%2FE%2B080SRIgDZC%2Fqo3rWZyZCFPeqjVHAgApGA%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/9234efb4-d6db-48a6-b648-c9b909936855/g.png
cache-control: max-age=3600
strict-transport-security: max-age=0
cf-ray: 71f4b448bd8471f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Jun 2022 12:39:35 GMT

GET
H2

200

g.png
files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/52271d41-7403-4075-8a9b-5a1ef0f68bc5/
Redirect Chain

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/52271d41-7403-4075-8a9b-5a1ef0f68bc5/g.png
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/52271d41-7403-4075-8a9b-5a1ef0f68bc5/g.png

19 KB
20 KB

309ms
162ms

Image
image/png

2606:4700:20::ac43:4766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/52271d41-7403-4075-8a9b-5a1ef0f68bc5/g.png

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Server

2606:4700:20::ac43:4766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8edb2dab855419b307f2822fd2df3671ba5598dc2e7869e51b50c47749536b37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx00000000000001ca6b1e2-0062b2ff77-18c98378-nyc3a
content-length: 19867
x-hw: 1655897975.dop212.lo4.t,1655897975.cds270.lo4.shn,1655897975.dop212.lo4.t,1655897975.cds265.lo4.pr
last-modified: Fri, 17 Jun 2022 11:47:48 GMT
server: cloudflare
cache-control: max-age=14400
etag: "0eb8078198b32ac9d48f60dc38d16bc3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oJnmA38DjFmLfloOMYAafrre56FVOqlrDbgcI7kEbt28OMbqruf2CzRj3KYMIatgDRWaWg6pGZP5q2O%2BoRajUrVAzbCfRvTwgecbzK5beplpIkiFsGYDTh5oq5gFzREP3ruHCCC07qkPb6WOa2TqH2exUw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-rgw-object-type: Normal
accept-ranges: bytes
cf-ray: 71f4b44ae92b76ef-LHR

Redirect headers

date: Wed, 22 Jun 2022 11:39:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2Brruutf3nBovpHAj9tcMdWZ%2Fvj%2FHGwT4HFwEH8UJDSsNmRKmo48ziuBl6wcvZRYeNGG4RuKlt0fIHtyx3ccgBbtUYx4x2VDoLUg1IDdwVDlmdJmJ%2BZbSIJiei%2FAUEv88eGP9kpmyTk4TwfPU05DvA%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/52271d41-7403-4075-8a9b-5a1ef0f68bc5/g.png
cache-control: max-age=3600
strict-transport-security: max-age=0
cf-ray: 71f4b448bd8371f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Jun 2022 12:39:35 GMT

GET
H2

200

g.png
files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/a58b550a-22ad-47c1-aa3b-4312c0a4f309/
Redirect Chain

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/a58b550a-22ad-47c1-aa3b-4312c0a4f309/g.png
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/a58b550a-22ad-47c1-aa3b-4312c0a4f309/g.png

19 KB
20 KB

549ms
401ms

Image
image/png

2606:4700:20::ac43:4766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/a58b550a-22ad-47c1-aa3b-4312c0a4f309/g.png

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Server

2606:4700:20::ac43:4766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8edb2dab855419b307f2822fd2df3671ba5598dc2e7869e51b50c47749536b37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx00000000000001c55e438-0062b2355d-18e691e5-nyc3a
content-length: 19867
x-hw: 1655846237.dop205.lo4.t,1655846237.cds204.lo4.shn,1655846237.dop205.lo4.t,1655846237.cds281.lo4.c
last-modified: Fri, 17 Jun 2022 11:48:33 GMT
server: cloudflare
cache-control: max-age=14400
etag: "0eb8078198b32ac9d48f60dc38d16bc3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FbH%2B1E9UvO54vj%2BcnuyNLJkaY92sDfGXHmImkKhJY7Kj7%2FIaKRoWSyZuiW2PhpgyUTi1rpfPJMBLXSXCAntf4w3b7hJCjCUCZ59MUqmgLsokskFxyIkJnAXalywnOFnTdhsqxbJbAvRgNSO9LdsWmK9Zug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-rgw-object-type: Normal
accept-ranges: bytes
cf-ray: 71f4b44ae92a76ef-LHR

Redirect headers

date: Wed, 22 Jun 2022 11:39:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BedpnyZ23yHf86ARd%2BHOac%2BALftC14YWB53%2FZM8uQ4D8ptvvUPLEDg3GyW952sje5AHZwrEaj2TeuwiOnjo4yDSRDhkaDI9VGGjI%2BuZnVRgBR3ZxlZd%2BVezzWeTpCVPS2K8TpHhPylPcH8HnV9Uyw%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/a58b550a-22ad-47c1-aa3b-4312c0a4f309/g.png
cache-control: max-age=3600
strict-transport-security: max-age=0
cf-ray: 71f4b448bd7d71f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Jun 2022 12:39:35 GMT

GET
H2

200

g.png
files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/ecba1d0c-76be-464d-bb17-6e56ab337371/
Redirect Chain

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/ecba1d0c-76be-464d-bb17-6e56ab337371/g.png
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/ecba1d0c-76be-464d-bb17-6e56ab337371/g.png

19 KB
20 KB

644ms
500ms

Image
image/png

2606:4700:20::ac43:4766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/ecba1d0c-76be-464d-bb17-6e56ab337371/g.png

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Server

2606:4700:20::ac43:4766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8edb2dab855419b307f2822fd2df3671ba5598dc2e7869e51b50c47749536b37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx00000000000001c5508eb-0062b2355d-18c98378-nyc3a
content-length: 19867
x-hw: 1655846237.dop001.lo4.t,1655846237.cds085.lo4.shn,1655846237.dop001.lo4.t,1655846237.cds211.lo4.p
last-modified: Fri, 17 Jun 2022 11:49:03 GMT
server: cloudflare
cache-control: max-age=14400
etag: "0eb8078198b32ac9d48f60dc38d16bc3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D1gqK%2B1sKri5pt9RyFuvmvim8X0OnzWF6MhRv1pSgKD9H1tZJt1NNriW0%2Bc5VGojEY8MWt6a84tAkLy99k0Vywxk0vXra2rusVOugzufRQjTGZHh%2FvMD5Tl3syvZO%2BoWoB2YQttJb3P0CdwX6XEazetLBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-rgw-object-type: Normal
accept-ranges: bytes
cf-ray: 71f4b44ae92f76ef-LHR

Redirect headers

date: Wed, 22 Jun 2022 11:39:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a74Rwpr3zrYWH3fGMXzVa8xMjuAvdJ06ug%2BRPC6t52%2FsI%2BeAMmEWh7SW%2BswvBtEWRmiYcfSq9EUhTE6%2FGjt1QWYoDLJwZnQkM4TWSiBOWh0UTy9AwVdSD3O%2BOq4f6v1w97MVWrGsMd%2FB9WzSYAPX1A%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/ecba1d0c-76be-464d-bb17-6e56ab337371/g.png
cache-control: max-age=3600
strict-transport-security: max-age=0
cf-ray: 71f4b448bd8271f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Jun 2022 12:39:35 GMT

GET
H2

200

g.png
files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/18522918-d78e-4518-b6e6-44e3e1b737bd/
Redirect Chain

https://files.elfsight.com/storage/3f313698-cbba-424e-ae38-b83a450ac189/18522918-d78e-4518-b6e6-44e3e1b737bd/g.png
https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/18522918-d78e-4518-b6e6-44e3e1b737bd/g.png

19 KB
20 KB

306ms
158ms

Image
image/png

2606:4700:20::ac43:4766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/18522918-d78e-4518-b6e6-44e3e1b737bd/g.png

Requested by

Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616

Protocol

Server

2606:4700:20::ac43:4766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8edb2dab855419b307f2822fd2df3671ba5598dc2e7869e51b50c47749536b37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx00000000000001c56671c-0062b2355d-18e631c3-nyc3a
content-length: 19867
x-hw: 1655846237.dop236.lo4.t,1655846237.cds315.lo4.shn,1655846237.dop236.lo4.t,1655846237.cds232.lo4.p
last-modified: Fri, 17 Jun 2022 11:49:30 GMT
server: cloudflare
cache-control: max-age=14400
etag: "0eb8078198b32ac9d48f60dc38d16bc3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pRw6DokuWLaqmaHv0WVEwPlB6Be1PETCyWVOhFbuq%2Bi1u3b8FWyrMPs7CRmJ5LoXEQWTvtjRwaD3GI8FcUNlx8LsCyQstTxOoZ3o5b1axlPCM86pw5hv6U3L%2BsSSSdM08bNgQk6xbHxpgpAQpHSh0ysehg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-rgw-object-type: Normal
accept-ranges: bytes
cf-ray: 71f4b44ad92776ef-LHR

Redirect headers

date: Wed, 22 Jun 2022 11:39:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWruphmMlx5qxgx%2FhtHkq9R5%2BI0wUENmiwTZKH3%2BpLqQbqXNMDMjsHkAuk4cl2q%2FQtM2Ce%2B6Tq2jWdM8aI4U8TvxcvfY8%2ForeQx9xokYgHHRtFrOwFcLe%2Fn%2B2JQJI%2B5ecVGXiI0fbAJLHU8Dd53aiw%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://files.elfsightcdn.com/3f313698-cbba-424e-ae38-b83a450ac189/18522918-d78e-4518-b6e6-44e3e1b737bd/g.png
cache-control: max-age=3600
strict-transport-security: max-age=0
cf-ray: 71f4b448bd8071f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Jun 2022 12:39:35 GMT

GET
H3 200 app-number-counter-coin.svg Show response
static.elfsight.com/icons/ 1007 B
1 KB 90ms
54ms XHR
image/svg+xml 2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/icons/app-number-counter-coin.svg

Requested by

Host: static.elfsight.com
URL: https://static.elfsight.com/apps/number-counter/release/8f32ad9c-3352-4425-9101-c1e4f547bd60/app/numberCounter.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f9e9ae956ffab2981f954cf29a01f69353508687b3d7f9696dc502155b2a569

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51738
access-control-max-age: 0
access-control-allow-methods: GET
strict-transport-security: max-age=0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: tx00000000000010b248cf6-0062b2355d-2768dd76-sfo2a
x-hw: 1655846237.dop045.lo4.t,1655846237.cds273.lo4.shn,1655846237.dop045.lo4.t,1655846237.cds245.lo4.p
last-modified: Tue, 21 Jun 2022 12:53:50 GMT
server: cloudflare
cache-control: max-age=31536000
etag: W/"ad06adc529ae39fd1db888f13182b5a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FP04cGeapYhXVMqAaC%2BI00UCqdBQcz5Hx5BUHRy91Po%2BVCw27fUzuLypyuCF6pyhCJwh62cwBUSACch1WtUpr4fD5EXIQXCpko4Ol6TYnPsZPzlDUtsTilscswdSdqd6JpZ1oJi%2BsDavJkcycFCtPOs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-rgw-object-type: Normal
cf-ray: 71f4b4497cbf72b2-LHR

GET
H3 200 app-number-counter-businessman.svg Show response
static.elfsight.com/icons/ 1 KB
1 KB 89ms
56ms XHR
image/svg+xml 2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/icons/app-number-counter-businessman.svg

Requested by

Host: static.elfsight.com
URL: https://static.elfsight.com/apps/number-counter/release/8f32ad9c-3352-4425-9101-c1e4f547bd60/app/numberCounter.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b308c2e72a650f6c8d72eb987ef68bdaca8bcf99c1a5ccdfc3a7695f491aabb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51738
access-control-max-age: 0
access-control-allow-methods: GET
strict-transport-security: max-age=0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: tx00000000000010b248c96-0062b2355d-2768dd76-sfo2a
x-hw: 1655846237.dop071.lo4.t,1655846237.cds275.lo4.shn,1655846237.dop071.lo4.t,1655846237.cds317.lo4.p
last-modified: Tue, 21 Jun 2022 12:53:50 GMT
server: cloudflare
cache-control: max-age=31536000
etag: W/"f1b1b644fce5ef1aa39f774e5deaf18a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hSpMnF39esjUfKXJnTzydoaOyk4YyP%2FDw%2Fo9Bwkl%2Fv0%2BwRZbgtBpOejtr3FpTkeSYK1INM6GI7ieT8QEsx7xfkEYJqaZAqG5EZ2CDzM%2FBni2FRbx0LukmrFzr9WVcrAjC3uga3ld3u1%2Fqs%2FIzCwj9l0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-rgw-object-type: Normal
cf-ray: 71f4b4497cc372b2-LHR

GET
H3 200 app-number-counter-star.svg Show response
static.elfsight.com/icons/ 1 KB
1 KB 727ms
696ms XHR
image/svg+xml 2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/icons/app-number-counter-star.svg

Requested by

Host: static.elfsight.com
URL: https://static.elfsight.com/apps/number-counter/release/8f32ad9c-3352-4425-9101-c1e4f547bd60/app/numberCounter.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

513c0438d9473eb19067dacb24c48150066f9eb2e14c0e89121c789154915821

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
content-encoding: br
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx00000000000010df4dd05-0062b2ff77-2768dd76-sfo2a
access-control-allow-methods: GET
strict-transport-security: max-age=0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-hw: 1655897975.dop202.lo4.t,1655897975.cds065.lo4.shn,1655897975.dop202.lo4.t,1655897975.cds326.lo4.pr
last-modified: Tue, 21 Jun 2022 13:22:58 GMT
server: cloudflare
cache-control: max-age=31536000
etag: W/"8d0f7ce1406661a40196d9a3fc4ccd2b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QDOcgV9VcRb7cbJctfBxwNTuJ%2Bq5ofCBjjZQ1wyXXpdvVrFhm6HT0xwrrhdLwG2k6qxWexNB5lkp%2FUG5HcE8MJvLGwpBw%2Bq19XQ%2BuQKtL0HJ8P7n3q7Si3bqH0YaCTpw03kYM84Not6pqpmSHkmAap0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-rgw-object-type: Normal
cf-ray: 71f4b4497cb872b2-LHR

GET
H3 204 generate_204
www.youtube.com/ Frame 7792 0
9 B 38ms
38ms Image
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?soDevA
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
www.youtube.com/ Frame 4BEC 0
9 B 37ms
37ms Image
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?fKFk4w
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
www.youtube.com/ Frame 0EAD 0
9 B 37ms
37ms Image
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?Vymniw
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 7792 102 B
146 B 48ms
48ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

04f0d5dd02251a772b0f9f6c7ec09dd93ce9d028aff36bca3d7a5fe2984ece84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 122
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 46ms
45ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:35 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 4BEC 102 B
146 B 50ms
50ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0ba64c7fef83833da6fc68a25516b26ba3ae833cea3eff3a66c587ccad21261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 122
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 46ms
45ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:35 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 7639 102 B
146 B 52ms
51ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a4ea36e919353630714cb9b7e66ebd7afe115de0eadd593d57e43066ca0ed67b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 122
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 45ms
45ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:35 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0E48 102 B
146 B 49ms
49ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089016787c3335281a4f156ba36be3f3209a1a410a429508fa3bc5978bd1fca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 122
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 45ms
45ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:35 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0EAD 102 B
146 B 50ms
49ms XHR
application/json+protobuf 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c0300b01882cb7f6fe8aa7e6136aafde045545ec4a11ff62b876fdbd99601d03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 22 Jun 2022 11:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 122
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 46ms
46ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Wed, 22 Jun 2022 11:39:35 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 nr-1216.min.js Show response
js-agent.newrelic.com/ 38 KB
14 KB 84ms
24ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1216.min.js
Requested by: Host: www.obtainrefund.com
URL: https://www.obtainrefund.com/loader1655503907616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding: gzip
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-request-id: J3CZ71ZS80WGER7X
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 14391
x-amz-id-2: uC28ZawfAE2+AVUR4YdAQJPfJbbKbiVhUI41qKgLWbNVBPwFVoO6RbUSJwtsxcGQ817OVmMiuxc=
x-served-by: cache-lcy19266-LCY
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1655897976.070700,VS0,VE0
date: Wed, 22 Jun 2022 11:39:36 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2854

GET
H2 200 closemodal.png
assets.clickfunnels.com/images/ 672 B
1 KB 162ms
93ms Image
image/webp 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.clickfunnels.com/images/closemodal.png

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 482442
cf-polished: origFmt=png, origSize=788
content-disposition: inline; filename="closemodal.webp"
content-length: 672
last-modified: Thu, 16 Jun 2022 16:52:53 GMT
server: cloudflare
etag: "62ab5fe5-314"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: image/webp
access-control-allow-origin: *
expires: Sat, 23 Jul 2022 11:39:36 GMT
cache-control: public, max-age=2678400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 71f4b44e8ff7772c-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
cf-bgj: imgq:100,h2pri

GET
H2 200 AM_ERC-Today-FF.png
cdn-dcbfd.nitrocdn.com/ZzOnPBtZRRIFLSuWiLLcFavgUeJRsGtG/assets/static/optimized/rev-d129842/wp-content/uploads/2021/05/ 19 KB
19 KB 128ms
59ms Image
image/webp 2606:4700::6812:1690
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-dcbfd.nitrocdn.com/ZzOnPBtZRRIFLSuWiLLcFavgUeJRsGtG/assets/static/optimized/rev-d129842/wp-content/uploads/2021/05/AM_ERC-Today-FF.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1690 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efef3a663113ecada42bf9171a7fd2c557931a9996282750ff71dd65f1fb4230

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
last-modified: Wed, 06 Apr 2022 14:42:36 GMT
server: cloudflare
link: <https://erctoday.com/wp-content/uploads/2021/05/AM_ERC-Today-FF.png>; rel="canonical"
etag: "624da6dc-4c96"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
cf-ray: 71f4b44e8ca0750d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19484

GET
H3 200 badges.png
www.getgovrefund.com/hosted/images/c9/86d99470fd4038adcd5c3c85cc3a0c/ 10 KB
10 KB 37ms
36ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/c9/86d99470fd4038adcd5c3c85cc3a0c/badges.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58606f4379513af73e040faf239cccd6922dbffe97694e54cc8b0c9eed68a7ba

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51737
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9889
last-modified: Thu, 09 Jun 2022 05:11:06 GMT
server: cloudflare
etag: "c201812d58d006a34389cd2102eb0b7a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QjK%2BwCIc1QWs4YKTBWBysHETc1xa%2FlLii5cJuoIuOUOJZEX%2BKo%2BNwTQFzbQJpqZwtTE08UC0w%2BK50szy%2FKAbuqOJ778lYD8OBurK2zab8IlbW508HS474phIAP00Rk58U3Xk4Py7odQHsgSNbW%2B1SlVIyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: LHR50-P4
accept-ranges: bytes
cf-ray: 71f4b44e196f774a-LHR

GET
H3 200 made.png
www.getgovrefund.com/hosted/images/e2/5285be53ee444188ab44179445fe7f/ 933 B
1 KB 190ms
189ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/e2/5285be53ee444188ab44179445fe7f/made.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70117b7df4d30ca7415308c330038ce3e2fb4966b896364a49eb23bb60195bd8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 933
last-modified: Thu, 09 Jun 2022 03:24:27 GMT
server: cloudflare
etag: "144addfaf3e9def5739e82bf12723ee5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yUg%2BLIeGb0qZlzOMWXTQDdrux5U2A%2BnRp56LlPqwnbcHTODkOcw7IgZvVdHugpyXUGuhxaZCaYgOPBKcPAaird6SfdAUru1fgBEUDrTxtGTxVusn6RNcUSl5iECXNNSLO8QSBQ9fwMZlWWYiRBLcA6crjA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e1973774a-LHR

GET
H3 200 made2.png
www.getgovrefund.com/hosted/images/78/b7d3ae1359451c903ac69726e36877/ 338 B
931 B 190ms
189ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/78/b7d3ae1359451c903ac69726e36877/made2.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5419f36ed2e1124d8d3bce52f2cecf6dbfc73ea7bfbf32f264dfbffb7e0a57f5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 338
last-modified: Thu, 09 Jun 2022 06:17:21 GMT
server: cloudflare
etag: "62498276fbff7090e11ceac3d86a5c56"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fs474zSXwuXUbJcYB%2FbkL8dlHeol1ZqygSaqLgOnA3%2FZD%2BEiVqgYjbOcPERLuze8EKDq%2Fs5WnZI1wEv71YcrFVaTYuT%2BQX9oFfpWQiJN%2BPQ8m2Po2xiEwWVBf3iKR0gcZnut5fTVmFcWlFLCfaoJ8%2Fevaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e1974774a-LHR

GET
H3 200 s.png
www.getgovrefund.com/hosted/images/a9/054f77388c444989992b505afb077c/ 7 KB
7 KB 190ms
189ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/a9/054f77388c444989992b505afb077c/s.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91664196ef95d96d430466bed4343630d9dc3334e36a10f44740e662942ba688

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6921
last-modified: Fri, 17 Jun 2022 06:25:15 GMT
server: cloudflare
etag: "47f0328763bc4f33d15b8203939f6f7e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arvwsyeBIlcN2v7POlUZ2lbG8MIJmd5amkBKxaz66nSg6pEC%2BisD9Exhysm8QK1YNProlOywY0vezPLjLaYa5z7DqtLjvTdhZsQ3xV8OgS2qHp0dFWWlWQny3lGqUb6hL5My14BHBdWdPnlZh5oc%2FkUZDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e1976774a-LHR

GET
H3 200 shutterstock_1858874629-1-.jpg
www.getgovrefund.com/hosted/images/90/388389004543a58b87607ff0c579df/ 48 KB
49 KB 124ms
123ms Image
image/jpeg 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/90/388389004543a58b87607ff0c579df/shutterstock_1858874629-1-.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 959d378b770bbff625dc2121f23ec405b6338f14a7ee52cd229fcf7b3df19ee6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 49602
last-modified: Fri, 17 Jun 2022 11:32:13 GMT
server: cloudflare
etag: "417ccd72517de28f02daf14fd40e6254"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4rUBd5zbgd81o4vJJjz2JLHWum6vdO4CydZBxq%2Fx4KcQkKdFEXXX6WYDWhTnT4e1ghflVZknz9WdYN5kg9iji05pVEMW9%2BV6wrTk8Vd9mPR2EDFlikE57aCMiobcSX09tFNj%2FcRHcSxtdgksyvwNQM23%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e1977774a-LHR

GET
H3 200 shutterstock_496460356.jpg
www.getgovrefund.com/hosted/images/51/d673b7a8d0428787e0fab4c646a4a6/ 87 KB
87 KB 191ms
189ms Image
image/jpeg 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/51/d673b7a8d0428787e0fab4c646a4a6/shutterstock_496460356.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ffb52a2dc340242bde2a2c8f9d7a2865ddbb9d97228cc435466a006c137b43c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 88965
last-modified: Fri, 17 Jun 2022 11:34:09 GMT
server: cloudflare
etag: "67f05a81a3f552df82feb8e2aa963bdd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rpMknHuy3O6xy2irxv4ZxIYF1IOx6us99%2FEuKRphgxDeDxK0Z%2FZCwVMNlhTDox61828FjBVPEKF1FTU2Za4UkMmbyh0k51h9%2B6WnpD0m99XYthi%2BUo88GoHeNEN08F0mKRqlz%2Bgheq14EyJr7VMqia01YA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e1979774a-LHR

GET
H3 200 shutterstock_1708505686.jpg
www.getgovrefund.com/hosted/images/81/fc814cf1a348eab981bc93ee52be62/ 43 KB
44 KB 36ms
34ms Image
image/jpeg 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/81/fc814cf1a348eab981bc93ee52be62/shutterstock_1708505686.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 458d87324ee08b5249731c948809915f2eb58bad0bef20e4c0c2a0cb5c735289

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51736
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43990
last-modified: Fri, 17 Jun 2022 11:33:13 GMT
server: cloudflare
etag: "2db77a2165e0c64d6975b9b18e76ee24"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7D8zyl0sHuXKapNqBJC0ZAJCNM0H9y6QpsWFgl2JQLYfgX3KAQn7STsO6mRxssnhJW%2BLNykTc%2F9azA62uJeelJpV9zFzreFMsXZRYIvoJgk6790Llz4xFWJPvIiDp08pOVhui8kmLHGNObsP9e11nnO67Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: LHR50-P4
accept-ranges: bytes
cf-ray: 71f4b44e197a774a-LHR

GET
H3 200 shutterstock_1327965698.jpg
www.getgovrefund.com/hosted/images/cf/6120c2965a454fbb38c19bf7c9bf11/ 510 KB
511 KB 97ms
95ms Image
image/jpeg 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/cf/6120c2965a454fbb38c19bf7c9bf11/shutterstock_1327965698.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a3dfa1ad2ccefcae0d2c64051ec5f16d432412b644ee0adac5bf64b9d95cd40

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 522640
last-modified: Fri, 25 Feb 2022 03:44:28 GMT
server: cloudflare
etag: "8e53bc8a249681db26e307e99ea55ed9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BL6FOxxRoUaSiWyhhDA4A9VQg7B%2FFA1Xp2NJkhXh3cKu3KjbWj2U%2BnmsbeuyidOPTS1bcDwyNNjlQI7izL6hlLaaQXJUmNvTuC3lwqkkciO56t1DB50Y1tSyS6exume7%2FRriADQQjjxirpsrhhrvXoX4vg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e197c774a-LHR

GET
H3 200 rest.png
www.getgovrefund.com/hosted/images/fc/66d0ac85164297b6d0030054fa3bb1/ 171 KB
172 KB 255ms
254ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/fc/66d0ac85164297b6d0030054fa3bb1/rest.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13098227d934102c207371e23230977eca365e03bdb8bf0a18a362415459f5b0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 175030
last-modified: Fri, 17 Jun 2022 00:30:20 GMT
server: cloudflare
etag: "f4a3e5e04517b3d287eaded94617fedd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=imT1pjXijD7%2B9fsReRuISVZdYfX%2BD9Fs56x5MXennhi%2BXyMh9LN3jUjN6Fy%2Fq2i%2Bq7ybPLpvZARSPjX82f9RN7z3%2BZmPKWd6Z4nstKx9RTwKTU5URxTcc3GhcxIoYzKoe4Yi5ziq5zbRcOC4Ei1wSbr0yg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e197d774a-LHR

GET
H3 200 health.png
www.getgovrefund.com/hosted/images/ac/5bbc633bbd4bfb9b5323abbc5d8d09/ 120 KB
121 KB 287ms
285ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/ac/5bbc633bbd4bfb9b5323abbc5d8d09/health.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ecc7f1777308b5e9f8ff1a699b221f818b49e9c2216a313ca1a20b52fa00ebd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 123370
last-modified: Fri, 17 Jun 2022 00:30:20 GMT
server: cloudflare
etag: "e0ed7215f31237d836bb3ae89fa7b8f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hSPbd0xgSIZd0gXw0eSxCqxCvhk%2BVgFcOMyB4Sy9%2FK6Mr93W9C0T2d4lie39IOZEDDCjofhbBEff9IBF1bWJPWsoXaczUlE1G5AFZKxA5WxyEoHJ6bs%2BQCQZOvxpeOHoPF6eYVXHrJFSn7jAFrlrVtEi9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e197e774a-LHR

GET
H3 200 hvac.png
www.getgovrefund.com/hosted/images/2c/70a84564784ae69abd498877d2ac53/ 206 KB
206 KB 124ms
123ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/2c/70a84564784ae69abd498877d2ac53/hvac.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd9dc0b61ecd5cfdcba7ca7c4b75893d6ec619105cd744a4f7212436b9311887

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 210508
last-modified: Fri, 17 Jun 2022 00:30:20 GMT
server: cloudflare
etag: "2003dfbf07d8469ae29876e77c0d29fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZaLR2a8QtlPzKSxkzZPOK7fAp4b57e4uB8dvjO9QjU2vddPOZrD9PGmd7nyLNcPKhDi9yp47mpDN9cVa7%2FSeNpGqpr4xheMCnFPqTdPxN588xVx%2Bu1FJA%2Bli5XmwtzUgQqiflL0ae%2F8X2o651hyxn26xA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e1981774a-LHR

GET
H3 200 distri.png
www.getgovrefund.com/hosted/images/32/7dc1a8f6e64b9e917a93129409abb1/ 159 KB
160 KB 324ms
323ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/32/7dc1a8f6e64b9e917a93129409abb1/distri.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0926a707a5da667e7e5563f00733afddff54e8b2af0646b78b63d0a61bf11cb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 163118
last-modified: Fri, 17 Jun 2022 00:30:20 GMT
server: cloudflare
etag: "65ee54fc9ad8dc89f6ce14a7231f9d14"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=92e1ac5IEnCt4tycuRSzSHjrc7vSsMQb%2BAS8dRU7whpsUku1fDbebo0MzZuPutUuh02FRb97B68m6ddZyIWZk05ior2IFOYK8bw7THggoMkOwlCMOIAAPfdAZXKZmhSltp5hHp6S0kOr2B9CknkfLF2btQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e1982774a-LHR

GET
H3 200 m.png
www.getgovrefund.com/hosted/images/7d/c9d25c470145908504647cdda3634d/ 161 KB
162 KB 158ms
157ms Image
image/png 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getgovrefund.com/hosted/images/7d/c9d25c470145908504647cdda3634d/m.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cff6e290756f072e15b009ae0f1222c335dbca57b47bdd9a5b799c64f52dbecd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR50-P4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 165194
last-modified: Fri, 17 Jun 2022 06:33:33 GMT
server: cloudflare
etag: "0fe4fe4e803adddfece500b3b6dc916b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gUykU7iJUypvggBDRPhKZWyv3AjVb5wqTdVXA7nWrIR33%2FclSi3HC9OdAL05qYcnNSaIxZkljGFP5uxVm3AJNhrA%2Flbg9aOxP53L8mbu5nDF3qltXsFTJg%2FkBpi32AxD0jJbaARPy2E%2FN9yqLuvxrD%2BHHA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71f4b44e1983774a-LHR

GET
H/1.1 200
OK sp-font.js Show response
app.socialproofy.io/themes/s00p/assets/js/ 43 KB
17 KB 100ms
34ms Script
application/javascript 161.35.152.125
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://app.socialproofy.io/themes/s00p/assets/js/sp-font.js?v=509000

Requested by

Host: app.socialproofy.io
URL: https://app.socialproofy.io/pixel/7mg32bigdn5z8j0pneczhscgcjcffj5o

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

161.35.152.125 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

0fba49318f88c85bd057a1ec4de0609b675d80f808c762d8c4d3936ddbd365ca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1;mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Wed, 22 Jun 2022 11:39:36 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 19 Apr 2022 15:53:05 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "aa23-5dd03df611990-gzip"
X-Frame-Options: sameorigin
Content-Type: application/javascript
Content-Security-Policy: frame-ancestors 'self';
Connection: Keep-Alive
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 17186
X-XSS-Protection: 1;mode=block
Keep-Alive: timeout=5, max=100

GET
H3 200 background.png Show response
www.getgovrefund.com/images/ 118 B
937 B 284ms
251ms XHR
text/javascript 2606:4700:3033::6815:459e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getgovrefund.com/images/background.png?_unique=0.4765323330972575&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//www.obtainrefund.com/loader1655503907616&_title=Apply%20To%20Get%20Paid&_key=2usioix0&_page_key=6xuwbs19zksgulv3&_fid=12190097&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://www.obtainrefund.com/loader1655503907616&_referrer=

Requested by

Host: www.getgovrefund.com
URL: https://www.getgovrefund.com/vendor.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:459e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

4a7ab5278aaa40f12a11d5563a72b0a8897cb5b2ad427e52eb739a90f48ad532

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
access-control-request-method: *
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 200 OK
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
strict-transport-security: max-age=0
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: d7e4c37478ab4fe3cf3b4a6661aab90b
x-runtime: 0.026929
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NOcezakyPSNHn0%2B6VV1aW2TATZPhKeavUV4sHImave3HxYZPg9Hyxr21R5SpT2LluZ2yam5Dp9LfK2q949vc2JFSVol0tk%2FQsXD%2FOWWOgx8rKS%2FoSrheGavPMexCoeLOBGMHkzU%2Bu5FffHqj9PiWCG1bew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 71f4b44e6b4973ef-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H2 200 survey_data_collector Show response
api.keen.io/3.0/projects/58a35e6f8db53dfda8a87a67/events/ 50 B
402 B 512ms
165ms Script
application/json 52.25.208.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.keen.io/3.0/projects/58a35e6f8db53dfda8a87a67/events/survey_data_collector?api_key=E844E116CB12000A6B72AA691F8A2108E6BEBC97A05786370C6703C31E3A5FD4EDC7CC8012418A997621F11C2CFD95A9C1D64E6EF1850AFCC2B76E360F7BA3BC3BE6AEFCCFAAD87B19E1309B88378181E69436B7E01A38447184F2886A9D7AF9&data=eyJzdXJ2ZXlfaWQiOiI1NTA0OTA1Nl9zdXJ2ZXktNDgzNDUiLCJwaWQiOiJwYXJ0aWNpcGFudF84bTBqdWkiLCJ0eXBlIjoic3RhcnRlZCJ9&modified=1655897976136&jsonp=keenJSONPCallback1655897976136
Requested by: Host: d26b395fwzu5fz.cloudfront.net
URL: https://d26b395fwzu5fz.cloudfront.net/keen-tracking-1.0.3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.208.228 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-208-228.us-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.1 /
Resource Hash: 32a298077a3c567a0b7019fd9232cb4a9f7ed125ab47b6b9360229e8d5f25a68

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jun 2022 11:39:36 GMT
server: TornadoServer/4.5.1
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: private, no-cache, no-cache=Set-Cookie, max-age=0, s-maxage=0
access-control-allow-headers: origin, content-type, accept, authorization, user-agent, keen-compute-source, keen-sdk, X-Keen-Discoveries-Token
content-length: 50
disposition: inline
expires: Sat, 01 Jan 2000 01:01:01 GMT

POST
H2 200 rum Show response
www.obtainrefund.com/cdn-cgi/ 0
64 B 64ms
64ms XHR
text/plain 2606:4700:3033::6815:2a06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.obtainrefund.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:2a06 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.obtainrefund.com/loader1655503907616
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
content-type: application/json

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
x-content-type-options: nosniff
server: cloudflare
cf-ray: 71f4b44efab68898-LHR
x-frame-options: DENY

GET
H/1.1 200
OK NRJS-fc902efb332119fff33 Show response
bam.nr-data.net/1/ 49 B
715 B 226ms
164ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-fc902efb332119fff33?a=367981416&v=1216.487a282&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=12148&ck=1&ref=https://www.obtainrefund.com/loader1655503907616&ap=519&be=4107&fe=11764&dc=6172&perf=%7B%22timing%22:%7B%22of%22:1655897964232,%22n%22:0,%22f%22:3709,%22dn%22:3709,%22dne%22:3709,%22c%22:3709,%22ce%22:3709,%22rq%22:3710,%22rp%22:3973,%22rpe%22:3982,%22dl%22:3981,%22di%22:6132,%22ds%22:6173,%22de%22:6698,%22dc%22:11764,%22l%22:11764,%22le%22:11890%7D,%22navigation%22:%7B%7D%7D&fp=5210&fcp=5210&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Wed, 22 Jun 2022 11:39:36 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 71f4b450dfd0405d-LHR

GET
H3 200 faq.js Show response
static.elfsight.com/apps/faq/release/6194cebc-3d90-4bf1-9e98-29a9490dfcd2/app/ 319 KB
71 KB 44ms
44ms Script
application/javascript 2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/apps/faq/release/6194cebc-3d90-4bf1-9e98-29a9490dfcd2/app/faq.js

Requested by

Host: apps.elfsight.com
URL: https://apps.elfsight.com/p/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8f896dd3ca2e6b3350d0fc602c25e8562361739fc8c73d249afd752d1660ea5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
content-encoding: br
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 615781
cf-polished: origSize=327286
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: tx00000000000007aef635a-0062a999e9-2937b2ed-sfo2a
x-hw: 1655282195.dop253.lo4.t,1655282195.cds234.lo4.shn,1655282195.dop253.lo4.t,1655282195.cds270.lo4.c
last-modified: Thu, 02 Jun 2022 08:26:48 GMT
server: cloudflare
cache-control: max-age=31536000
etag: W/"9c51287fdd5d574690f3a5678649ee1e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YtpZlGIriEMKExJ%2B9T0dHMNF5ahXrntsvYr1d3W9vC0tO6mVhd5jXAezSuMAq59AEuuQew9YFpPb6jGXUQPqwqHZ3TxG8WQkXourjl%2F7Woav1CVJs4uuYKE4SGLw2GcVBp1Yz7HkEpjPHvaJprkdbbc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-rgw-object-type: Normal
cf-ray: 71f4b4537c2a06b2-LHR
cf-bgj: minify

GET
H3 200 countdownTimer.js Show response
static.elfsight.com/apps/countdown-timer/release/1e1fccdb-23d1-42e5-be25-82de7495634b/app/ 517 KB
286 KB 42ms
42ms Script
application/javascript 2606:4700:20::681a:76b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/apps/countdown-timer/release/1e1fccdb-23d1-42e5-be25-82de7495634b/app/countdownTimer.js

Requested by

Host: apps.elfsight.com
URL: https://apps.elfsight.com/p/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:76b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d03c15025cba7738e16f499bba77a0961bb692b0adf593544757d4f4e1d690b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.obtainrefund.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 22 Jun 2022 11:39:36 GMT
content-encoding: br
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 615811
cf-polished: origSize=529082
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: tx00000000000007aef5eb2-0062a999e8-2937b2ed-sfo2a
x-hw: 1655282165.dop038.lo4.t,1655282165.cds286.lo4.shn,1655282165.dop038.lo4.t,1655282165.cds207.lo4.c
last-modified: Mon, 06 Jun 2022 09:18:21 GMT
server: cloudflare
cache-control: max-age=31536000
etag: W/"f840ec58a4cb3d280eeee9e39c21a97a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VD4JurTViB7Pd14pz%2F4iefXDQrAmgEJqdsQiCnimCENcZzyRQoxTix9wQGlyD3b%2FODUrnrH1xen%2B94%2Bp7pX8CVFNARBv7ErA2ccj6n4L9O5hI1nWgpBxeYwJpMxwkwFxZ3hBM%2BFu4medLyymuc%2BsSxk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-rgw-object-type: Normal
cf-ray: 71f4b4537c2e06b2-LHR
cf-bgj: minify

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 7792 28 B
56 B 51ms
50ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/8OIhavsSG-U?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
X-YouTube-Client-Version: 1.20220615.02.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgszcjRwSTJKaTRNRSjy_suVBg%3D%3D
X-YouTube-Ad-Signals: dt=1655897973549&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C333%2C187&vis=1&wgl=true&ca_type=image

Response headers

date: Wed, 22 Jun 2022 11:39:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Wed, 22 Jun 2022 11:39:37 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 4BEC 28 B
56 B 52ms
51ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/4HGrUdx9muM?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
X-YouTube-Client-Version: 1.20220615.02.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgszcjRwSTJKaTRNRSjy_suVBg%3D%3D
X-YouTube-Ad-Signals: dt=1655897973618&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C333%2C187&vis=1&wgl=true&ca_type=image

Response headers

date: Wed, 22 Jun 2022 11:39:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Wed, 22 Jun 2022 11:39:37 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 0E48 28 B
56 B 51ms
49ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
X-YouTube-Client-Version: 1.20220615.02.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgszcjRwSTJKaTRNRSjy_suVBg%3D%3D
X-YouTube-Ad-Signals: dt=1655897973650&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C712%2C401&vis=1&wgl=true&ca_type=image

Response headers

date: Wed, 22 Jun 2022 11:39:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Wed, 22 Jun 2022 11:39:37 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 0EAD 28 B
56 B 53ms
50ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/pk2AIau9g6o?autoplay=0&modestbranding=1&controls=0&showinfo=0&rel=0&hd=1&wmode=transparent
X-YouTube-Client-Version: 1.20220615.02.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgszcjRwSTJKaTRNRSjy_suVBg%3D%3D
X-YouTube-Ad-Signals: dt=1655897973686&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C333%2C187&vis=1&wgl=true&ca_type=image

Response headers

date: Wed, 22 Jun 2022 11:39:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Wed, 22 Jun 2022 11:39:37 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 7639 28 B
56 B 54ms
52ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/https:/www.youtube.com/watch?v=8KUHpd8T6S8%3Fmute%3D1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
X-YouTube-Client-Version: 1.20220615.02.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgszcjRwSTJKaTRNRSjy_suVBg%3D%3D
X-YouTube-Ad-Signals: dt=1655897973717&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date: Wed, 22 Jun 2022 11:39:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Wed, 22 Jun 2022 11:39:37 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-player.css

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-player.css

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-player.css

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-player.css

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Domain: track.addevent.com
URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=2f3fa01b-4fe0-4cb1-b502-e276f974e950&url=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616&cache=1655897969901

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-player.css

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/www-embed-player.vflset/www-embed-player.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/player_ias.vflset/en_GB/base.js

Domain: www.youtube.com
URL: https://www.youtube.com/s/player/f05de49d/fetch-polyfill.vflset/fetch-polyfill.js

Verdicts & Comments Add Verdict or Comment

354 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: zQ8eVAHcEv0
.youtube.com/	1970-01-20 08:17:29	Name: VISITOR_INFO1_LIVE Value: 3r4pI2Ji4ME
www.obtainrefund.com/	1970-01-20 12:43:53	Name: addevent_track_cookie Value: 2f3fa01b-4fe0-4cb1-b502-e276f974e950
.obtainrefund.com/	1970-01-20 06:07:53	Name: _gcl_au Value: 1.1.936170623.1655897970
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:aff_sub2 Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:aff_sub3 Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:aff_sub Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:affiliate_id Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:cf_affiliate_id Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:content Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:medium Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:name Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:source Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:term Value:
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:NTUwNDkwNTY Value: :visited=true
www.obtainrefund.com/	1970-01-20 12:43:53	Name: cf:visitor_id Value: eb77f91b-d7fa-4e07-b2d6-816a29466409
181867.t.hyros.com/	1970-01-24 19:04:57	Name: __mh_tt_s Value: HB-ET_38027fb6bc9329180636c8183c8a58ba855a2aa46a1e43bac5c9dc9703bc6fab
.obtainrefund.com/	1970-01-20 06:07:53	Name: _fbp Value: fb.1.1655897972160.1637897288
.obtainrefund.com/	1970-01-20 21:29:29	Name: _ga Value: GA1.2.2081019228.1655897973
.obtainrefund.com/	1970-01-20 03:59:44	Name: _gid Value: GA1.2.1817947005.1655897973
.obtainrefund.com/	1970-01-20 03:58:18	Name: _gat_UA-219285256-1 Value: 1
.tiktok.com/	1970-01-20 13:19:53	Name: _ttp Value: 2AvlWhFmxrAnS5gQZatccpCVtGe
.obtainrefund.com/	1970-01-20 13:19:53	Name: _tt_enable_cookie Value: 1
.obtainrefund.com/	1970-01-20 13:19:53	Name: _ttp Value: 2ec550ad-c8b7-48b2-9491-5096cbef6981
.apps.elfsight.com/	1970-01-20 03:58:17	Name: _p_hfp_client_id Value: 907536227
www.obtainrefund.com/	1970-01-20 04:08:22	Name: cf_survey_participant_55049056 Value: participant_8m0jui
.clickfunnels.com/	1970-01-20 03:58:19	Name: __cf_bm Value: cC9ORGQj4nn.wjharLDocVgfxdbFnI8bFyHHU.ZmOzk-1655897976-0-AaROzyb1+aUnpzhzAl8L1VVoF50YAh+gdoaDhRp2CUYQP9XGS3rIvbIgU5IVOt9AkkBMjMwrVGWdRE2VunQ/0508z2UdVGUgraCIrja8+Fpr
www.obtainrefund.com/	1969-12-31 23:59:59	Name: is_eu Value: true
www.obtainrefund.com/	1970-01-20 12:43:53	Name: 6xuwbs19zksgulv3 Value: true
www.obtainrefund.com/	1970-01-20 12:43:53	Name: 12190097_viewed_1 Value: 1
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: c581d52d6b57b039

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.obtainrefund.com/loader1655503907616(Line 1029) Message: Mixed Content: The page at 'https://www.obtainrefund.com/loader1655503907616' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://www.getgovrefund.com/loader1655503907616'. This endpoint should be made available over a secure connection.
network	error	URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=2f3fa01b-4fe0-4cb1-b502-e276f974e950&url=https%3A%2F%2Fwww.obtainrefund.com%2Floader1655503907616&cache=1655897969901 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

181867.t.hyros.com
181867.tracking.hyros.com
analytics.tiktok.com
api.keen.io
api64.ipify.org
app.clickfunnels.com
app.socialproofy.io
apps.elfsight.com
assets.clickfunnels.com
bam.nr-data.net
cdn-dcbfd.nitrocdn.com
connect.facebook.net
d26b395fwzu5fz.cloudfront.net
files.elfsight.com
files.elfsightcdn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
img.icons8.com
jnn-pa.googleapis.com
js-agent.newrelic.com
obtainrefund.com
static.cloudflareinsights.com
static.doubleclick.net
static.elfsight.com
stats.g.doubleclick.net
track.addevent.com
use.fontawesome.com
www.facebook.com
www.getgovrefund.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.iplocate.io
www.obtainrefund.com
www.youtube.com
yt3.ggpht.com
track.addevent.com
www.youtube.com
143.204.101.210
151.101.2.137
161.35.152.125
162.247.241.14
23.36.163.228
2606:4700:20::681a:76b
2606:4700:20::681a:b55
2606:4700:20::ac43:4766
2606:4700:3033::6815:2a06
2606:4700:3033::6815:459e
2606:4700:3037::ac43:c5e1
2606:4700:440e::ac40:9c1a
2606:4700::6810:10c2
2606:4700::6810:dc2
2606:4700::6812:1690
2607:f2d8:4010:8::2
2a00:1450:4001:800::2003
2a00:1450:4001:802::2004
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2016
2a00:1450:4001:812::2008
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:829::200a
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2003
2a00:1450:4001:830::2006
2a00:1450:400c:c07::9d
2a02:6ea0:c700::17
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a06:98c1:3120::3
34.226.127.56
52.25.208.228
001ddaac7c39ee8ab2242885bdca890fc6aee2f4d953837c96ed85a7b31ae5d3
00329e11f30377dda9733fa6015d3f5f361af943e01b08def237051e36cbe82d
004e3565fa58bd4ff0cbf31deb5451508a5ec7d46c4480f9bfa23326f187a158
02cb19d5d059cc7c2a09e233c3fa603284e4d767901e035c222099fcaf77e5bb
03e3e595557954b00776edad5e3fe1f2275c07a31d349683f8e91c33d5e95beb
04f0d5dd02251a772b0f9f6c7ec09dd93ce9d028aff36bca3d7a5fe2984ece84
082a7c31c15e095710a5e3474d1f85120bad2de5e66962f5f298ca42d38c67a7
089016787c3335281a4f156ba36be3f3209a1a410a429508fa3bc5978bd1fca8
0936e323adeda3d6bda1d6310feef803410334d4aebe9698cc39ae4142bf991a
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
0fba49318f88c85bd057a1ec4de0609b675d80f808c762d8c4d3936ddbd365ca
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
111a2946b3856768f13a53e977daf3dfbc912df4f95fd3c14d538f9ab7df4d7e
12c34d64299db9def1b2b3774b6b73994b0ffc936e7aab1503eaf030a2cae958
13098227d934102c207371e23230977eca365e03bdb8bf0a18a362415459f5b0
1a1b94c3b3348dacc1d16a7fe3087b8c7df813e4914e9a3fa5bf4d26169f9693
1ffb52a2dc340242bde2a2c8f9d7a2865ddbb9d97228cc435466a006c137b43c
2279726a8248e3b3cb0bf6b121ad724f402016d584fc3e80cf52db224b5571e5
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2a3dfa1ad2ccefcae0d2c64051ec5f16d432412b644ee0adac5bf64b9d95cd40
32a298077a3c567a0b7019fd9232cb4a9f7ed125ab47b6b9360229e8d5f25a68
3322e4697d424c705cfe921a4086dbb13982e9265276ced4e8a002ba6da78bed
338dc283832b2caf28fab0ec8c88bc6c35974594a172f7c671996578a64f6f41
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97
3e1c9f584ab25a8fb6cbe35fbd0e9b2eca00e1cdf7ff5a625af9f72214e21585
458d87324ee08b5249731c948809915f2eb58bad0bef20e4c0c2a0cb5c735289
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
4a7ab5278aaa40f12a11d5563a72b0a8897cb5b2ad427e52eb739a90f48ad532
4af0bd53f6c36a13e7604282e9f8826269ca96297eb838c4f4d9ad00200a7fc8
4b3af1b97a6b7273ec4dc9198048be638f349eec0418c5aea0b7ec5c86844ec4
4d03c15025cba7738e16f499bba77a0961bb692b0adf593544757d4f4e1d690b
4d6d945c544478dcbb43c105d1ecfa43d513f1348f67b00c2e36c1204f65c078
4f9e9ae956ffab2981f954cf29a01f69353508687b3d7f9696dc502155b2a569
513c0438d9473eb19067dacb24c48150066f9eb2e14c0e89121c789154915821
5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
53a7bd59f44877ce484b2dc54d3568d1461e0a858985f962940bcd2ae7edf48e
5419f36ed2e1124d8d3bce52f2cecf6dbfc73ea7bfbf32f264dfbffb7e0a57f5
55912cfc0ebd0cfdaea7cb26393660daf8c0d03029368e5113f70453fd915ac0
58606f4379513af73e040faf239cccd6922dbffe97694e54cc8b0c9eed68a7ba
58ed3737f69e1b9cfe69c9c53bbba51aba83371d7915a913cdea13b4dbd97a60
59a24fd9ceda194298ccf0b352fa9acd789bf3fb4c69c01bcdcab44c584d0219
5e089cb4811fae2d388bf1580ada7ca720b17f813302cccc7f1c071a743e0015
660b938fae9c2a827ff143338ae6058bf9fd1d6f42b9fbb45f29d925945808b1
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6aa451a660722e461198ce196fc50e082f21ce0b6f3de61248b9610a2f010c65
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
70117b7df4d30ca7415308c330038ce3e2fb4966b896364a49eb23bb60195bd8
707e900c3868b792025699e6d7584616c08c4ae747f72fe9de24c87aca4c4b91
7204fcfe93e81338175bc13572c314dab97c6f6fcb9f627a5499e539656297c6
720adb3aeb05b911763b568e8ef447c3e8e7f67372ae73348e397d59f9208eb0
73fe8ab9505321d8aa0052729376531073d9852ba61bfd4e673b02ae588f16e6
7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d
8e001feddfc438a6ac7179aa1afe43b51cc3981e25c3aba03b952d6ddb07be42
8ecc7f1777308b5e9f8ff1a699b221f818b49e9c2216a313ca1a20b52fa00ebd
8edb2dab855419b307f2822fd2df3671ba5598dc2e7869e51b50c47749536b37
8f3dbe12fbbb9218bdc602fa9e4a86c73ca87c403128e2afccc69e6615d2546b
8f8e518cd706f3f6c743f964efa6f5cf3a4f2ea5b589694dec8ed2295b4f2bb8
9006a85a0d93c0864f1e1f73a15c78ec3af339e761f025caf66918efcc9803bb
90d7a7425bb272ec13bb4b71191347eb3f5f64b8bb2b06a41c0922230d3114a9
9145719c44c79da1f24c6ee1ae3fbf7df31af11e5fa9f300494d22ab183a2521
91664196ef95d96d430466bed4343630d9dc3334e36a10f44740e662942ba688
959d378b770bbff625dc2121f23ec405b6338f14a7ee52cd229fcf7b3df19ee6
98ef8240733673f0a3033c41dc341b2257b546bebf39e6e4303ee907366d78a9
9edf922182d605a48239fee4eddab22abc367aa35aec6e4a60ce62a21e3e4dc6
a0926a707a5da667e7e5563f00733afddff54e8b2af0646b78b63d0a61bf11cb
a15ae2b3cda8819a955675b8cb16528a5fa66ad1179944d22e106cfa6442082d
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4ea36e919353630714cb9b7e66ebd7afe115de0eadd593d57e43066ca0ed67b
ad2b8a299805727100878cdbe8d9e5537d76264126104cad5aeb66feca1097e3
ad62c505758842d183b2f383851a5d9d2208aaf444077e45860d669be22ead28
ae148d29d201d6e176a05cf0539d31d5fc42dacdf38b58e14de90c4ecd2975b5
ae6293c8e6c5db845d03dff6a3ffa88c018513a43b8e67c522b949ed0cadb65e
aea68df31c22fedd60b0fb27d60d19fd575df18f96627ddb0480d8f44b11d43d
aec7c2a0b955757314772857dbd2e74f10b0317e66c08fca34ee56b67ff3b303
b2b016e22165a64762518d5324d61e243cf652c2b067c62fb7fc8a678e5493dd
b308c2e72a650f6c8d72eb987ef68bdaca8bcf99c1a5ccdfc3a7695f491aabb0
bd7b7ce70d1c9a141a91abe41eaa1694a84ee5abdf36211b7d40cafda3f3b7f5
bf37505b8393edb026ba22b187b962e0848a8a9cf20bda450da852ec2da8d11a
c0300b01882cb7f6fe8aa7e6136aafde045545ec4a11ff62b876fdbd99601d03
c8fbd44351b2040cbd911e73aa17794cfd00261d0f10a6881fd48ca8a1d880b3
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
cff6e290756f072e15b009ae0f1222c335dbca57b47bdd9a5b799c64f52dbecd
d3d64271421bb356946bc2fa112e73b664685affe9c3075f12258236382f5f37
d572c032baaaae22839d0f29b03934c2f4bbc98c8cfaa88f8135d4e274115441
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d864d5a8d4d42225fbab083f7afd1d719a2bbfd7962c0c797450025a131934d8
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
db3efa583abcb290e22a5bc94420009484fce12acc02d3c7563a02568d462dce
dd9dc0b61ecd5cfdcba7ca7c4b75893d6ec619105cd744a4f7212436b9311887
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0ba64c7fef83833da6fc68a25516b26ba3ae833cea3eff3a66c587ccad21261
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e433af82f0adb8dd42f6169837cac493b72f668d83918edf6c951fa54fd01a8c
e65a71a904111d41178f5a2c687b716af13794ec91b174872ffd00e65ae9f620
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efef3a663113ecada42bf9171a7fd2c557931a9996282750ff71dd65f1fb4230
f5e45088670523f0b75ebf2c1c3ee0077c83acd790623dce6d312137c7300485
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422
f779f16d083a24d19f51f3a86b8b0b5c7d6ec5f335f645a16cc17802a33f58e9
f8f896dd3ca2e6b3350d0fc602c25e8562361739fc8c73d249afd752d1660ea5
fc80b92fcaf5587aaaded8e71db5825b90cb3ce0cda7219e74207d41a1668dd5
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

www.obtainrefund.com Open in urlscan Pro 2606:4700:3033::6815:2a06 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

201 Requests

84 %HTTPS

80 %IPv6

31 Domains

39 Subdomains

35 IPs

4 Countries

7896 kBTransfer

23175 kBSize

31 Cookies

3 Outgoing links

Page URL History

Redirected requests

201 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.obtainrefund.com Open in urlscan Pro
2606:4700:3033::6815:2a06 Public Scan

Screenshot
Live screenshot

Full Image

201
Requests

84 %
HTTPS

80 %
IPv6

31
Domains

39
Subdomains

35
IPs

4
Countries

7896 kB
Transfer

23175 kB
Size

31
Cookies

201 HTTP transactions
5 data transactions