Submitted URL: http://trk.ideasworthspreading-4u.eu/red.php?r=271854057629304877&lid=1407677&ln=7
Effective URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirs...
Submission: On February 28 via manual from SE

Summary

This website contacted 6 IPs in 2 countries across 8 domains to perform 33 HTTP transactions. The main IP is 2606:4700:3035::681c:1d89, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.friendlyreturns.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 18th 2020. Valid for: 8 months.
This is the only time www.friendlyreturns.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 217.115.153.221 20773 (GODADDY)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
24 2606:4700:303... 13335 (CLOUDFLAR...)
1 184.154.10.254 32475 (SINGLEHOP...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 23.111.9.35 33438 (HIGHWINDS2)
2 2a00:1450:400... 15169 (GOOGLE)
33 6
Domain Requested by
24 www.friendlyreturns.com www.friendlyreturns.com
3 fonts.googleapis.com www.friendlyreturns.com
2 fonts.gstatic.com www.friendlyreturns.com
2 use.fontawesome.com www.friendlyreturns.com
1 cdn.onesignal.com www.friendlyreturns.com
1 push.applytorely.com www.friendlyreturns.com
1 www.milestonereel.com 1 redirects
1 trk.ideasworthspreading-4u.eu 1 redirects
33 8

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2020-02-18 -
2020-10-09
8 months crt.sh
push.applytorely.com
Let's Encrypt Authority X3
2020-02-11 -
2020-05-11
3 months crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
ssl898578.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-10-11 -
2020-04-18
6 months crt.sh
*.fontawesome.com
DigiCert SHA2 Secure Server CA
2019-10-28 -
2020-12-23
a year crt.sh
*.google.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Frame ID: 0577D362659E1079C2746A41DE0FDB7B
Requests: 14 HTTP requests in this frame

Frame: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Frame ID: 40EB621AC0AC2803C02CBA285AA8E59E
Requests: 19 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://trk.ideasworthspreading-4u.eu/red.php?r=271854057629304877&lid=1407677&ln=7 HTTP 302
    https://www.milestonereel.com/tracking/5cd55a6b7ce7f91a603633e4?src=59c7d134b774554b578f930d&s1=&s2=&s3=&s... HTTP 302
    https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

33
Requests

100 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

6
IPs

2
Countries

452 kB
Transfer

944 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://trk.ideasworthspreading-4u.eu/red.php?r=271854057629304877&lid=1407677&ln=7 HTTP 302
    https://www.milestonereel.com/tracking/5cd55a6b7ce7f91a603633e4?src=59c7d134b774554b578f930d&s1=&s2=&s3=&s4=&s5=&k=5e26cdeee5f5094e1f8dbfdb&firstname={{first_name}}&lastname={{last-name}}&emailaddress={{email}} HTTP 302
    https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request nrp=5e58ef96a226f30dde7a2cee
www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&e...
Redirect Chain
  • http://trk.ideasworthspreading-4u.eu/red.php?r=271854057629304877&lid=1407677&ln=7
  • https://www.milestonereel.com/tracking/5cd55a6b7ce7f91a603633e4?src=59c7d134b774554b578f930d&s1=&s2=&s3=&s4=&s5=&k=5e26cdeee5f5094e1f8dbfdb&firstname={{first_name}}&lastname={{last-name}}&emailaddr...
  • https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=...
7 KB
3 KB
Document
General
Full URL
https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c6c34ecd5d1f8aaf96a478cd35ce9a221ae35924c05130fabe5b6140a0746d8

Request headers

:method
GET
:authority
www.friendlyreturns.com
:scheme
https
:path
/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 28 Feb 2020 10:46:46 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dff8cd57b6546618528a90829a466ba5b1582886806; expires=Sun, 29-Mar-20 10:46:46 GMT; path=/; domain=.friendlyreturns.com; HttpOnly; SameSite=Lax laravel_session=eyJpdiI6IjFmMlN0eWhRVmRKY0Z6dVc0RGJtUXc9PSIsInZhbHVlIjoiWjhJK1cwcjRRRjlobWJrU1R4aFBXZzIrS2hpK2Q5NmpDd2VhR1JqQjJvelBISnFVOUI0VWxKeEhiQnVSSTFJajdZa1pTYTcxUVEyZEN0U3pyZE5VcXc9PSIsIm1hYyI6ImQ2MDFlZDNmZjY3ZWYzMmM1MmZhOTI2ZjJhYjMyNzA1OGIyYmJlNDE0N2U1OWMwZWE3MjYwNjU5Y2Y3NzFlNzMifQ%3D%3D; expires=Fri, 06-Mar-2020 09:25:46 GMT; Max-Age=599940; path=/; httponly
vary
Accept-Encoding
cache-control
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
56c1d10d7fff1f29-FRA
content-encoding
br

Redirect headers

status
302
date
Fri, 28 Feb 2020 10:46:46 GMT
set-cookie
__cfduid=d7e3942a2dcbe390c831bd9af99db061c1582886806; expires=Sun, 29-Mar-20 10:46:46 GMT; path=/; domain=.milestonereel.com; HttpOnly; SameSite=Lax c2lub3M=5e58ef96a226f30dde7a2cee; Max-Age=595999; Path=/; Expires=Fri, 06 Mar 2020 08:20:05 GMT connect.sid=s%3AW1ncW2a58NPHoaUSfNHQrfbJcw4MZp-7.WyuVMyNT2K2wWWvQ1HzGNIjAt00S0N5eWN8hJe8XZKc; Path=/; HttpOnly
x-powered-by
Express
access-control-allow-origin
*
location
https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname={{first_name}}&lastname={{last-name}}&address=&zipcode=&mobile=&city=&email={{email}}/nrp=5e58ef96a226f30dde7a2cee
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
56c1d10c9807beab-FRA
backend.css
www.friendlyreturns.com/css/
2 KB
731 B
Stylesheet
General
Full URL
https://www.friendlyreturns.com/css/backend.css
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b24eb9638260837328cb57cc88a42c7472eebcef0d23ad953073901d3bf41c6d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 14 Jun 2017 10:13:06 GMT
server
cloudflare
age
1850
etag
W/"59410c32-8ab"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
56c1d1101ec31f29-FRA
bootstrap.min.css
www.friendlyreturns.com/css/bootstrap-4.1.3/
138 KB
19 KB
Stylesheet
General
Full URL
https://www.friendlyreturns.com/css/bootstrap-4.1.3/bootstrap.min.css
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1b923bd321edf1b6d8c70e83fc400818a545d8eb54f5f671fa81b871a9b3f2b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 15 Oct 2018 07:31:34 GMT
server
cloudflare
age
1850
etag
W/"5bc44256-22689"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
56c1d1101ec71f29-FRA
font-awesome.min.css
www.friendlyreturns.com/assets/font-awesome/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://www.friendlyreturns.com/assets/font-awesome/css/font-awesome.min.css
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 16 Oct 2017 10:55:43 GMT
server
cloudflare
age
1523
etag
W/"59e4902f-7918"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
56c1d1101ec81f29-FRA
jquery-3.4.1.min.js
www.friendlyreturns.com/js/
86 KB
30 KB
Script
General
Full URL
https://www.friendlyreturns.com/js/jquery-3.4.1.min.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 06 Aug 2019 08:32:45 GMT
server
cloudflare
age
1523
etag
W/"5d493b2d-15851"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
56c1d1101ecb1f29-FRA
bootstrap.min.js
www.friendlyreturns.com/js/bootstrap-4.1.3/
50 KB
13 KB
Script
General
Full URL
https://www.friendlyreturns.com/js/bootstrap-4.1.3/bootstrap.min.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
546f22daa21fdc336f4ea6181ca8c4a4dd5282dde72115f0bf3aa69e3b835b41

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 15 Oct 2018 07:31:36 GMT
server
cloudflare
age
1850
etag
W/"5bc44258-c760"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
56c1d1101ecd1f29-FRA
jquery.cookie.js
www.friendlyreturns.com/js/plugins/jqueryCookie/
3 KB
1 KB
Script
General
Full URL
https://www.friendlyreturns.com/js/plugins/jqueryCookie/jquery.cookie.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 14 Jun 2017 09:55:44 GMT
server
cloudflare
age
1850
etag
W/"59410820-c31"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
56c1d1101ecf1f29-FRA
jquery.plugin.js
www.friendlyreturns.com/js/plugins/jquery_countdown/
11 KB
3 KB
Script
General
Full URL
https://www.friendlyreturns.com/js/plugins/jquery_countdown/jquery.plugin.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccdc2f2a7a716655ee0e5604046dec02277fbc59252dbc59067d29582e027e58

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 14 Jun 2017 09:52:55 GMT
server
cloudflare
age
1850
etag
W/"59410777-2ba3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
56c1d1101ed11f29-FRA
currency_cnd2.js
www.friendlyreturns.com/custom_js/
1 KB
526 B
Script
General
Full URL
https://www.friendlyreturns.com/custom_js/currency_cnd2.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7793635b3a67ad46bb0f738f17326d1d4de4ef3e9a2a2ee4ac4e318a77dabd0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 14 Jun 2017 10:12:22 GMT
server
cloudflare
age
1523
etag
W/"59410c06-5f4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
56c1d1101ed31f29-FRA
blue_notys3.css
www.friendlyreturns.com/css/
9 KB
2 KB
Stylesheet
General
Full URL
https://www.friendlyreturns.com/css/blue_notys3.css
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae88db06df66fada6bd19661950611c6a69796df07f7a97991ec8db92c124af7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Nov 2017 11:25:46 GMT
server
cloudflare
age
1523
etag
W/"5a0c243a-2381"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
56c1d1101ec91f29-FRA
pub.min.js
push.applytorely.com/js/
3 KB
2 KB
Script
General
Full URL
https://push.applytorely.com/js/pub.min.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.154.10.254 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
9c87e5d4579eca6df0bbd4c0e1cd5a4b468c6e8d15a09976c68fee8bc2b07ab3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
gzip
last-modified
Mon, 03 Feb 2020 14:08:22 GMT
server
nginx
etag
"5e382956-5d5"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=86400
strict-transport-security
max-age=31536000; includeSubdomains;
content-length
1493
expires
Sat, 29 Feb 2020 10:46:47 GMT
css
fonts.googleapis.com/
763 B
485 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato:700
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ff4610869c48d9eefb45f127331f4203f8624db93d14cb268c69c38cfc77620e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 10:46:47 GMT
server
ESF
date
Fri, 28 Feb 2020 10:46:47 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 28 Feb 2020 10:46:47 GMT
css
fonts.googleapis.com/
7 KB
797 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d00255a582d67e7d1061097b97f939b3d4e4bd48c31e6e0fd1cdf3d2f271ab63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 10:46:47 GMT
server
ESF
date
Fri, 28 Feb 2020 10:46:47 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 28 Feb 2020 10:46:47 GMT
index.html
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/ Frame 40EB
13 KB
5 KB
Document
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ee7caaae1cc3f6b08b6f39cf4de7d3b3d044e06c07257f48c676167efcb5bf5

Request headers

:method
GET
:authority
www.friendlyreturns.com
:scheme
https
:path
/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=dff8cd57b6546618528a90829a466ba5b1582886806; laravel_session=eyJpdiI6IjFmMlN0eWhRVmRKY0Z6dVc0RGJtUXc9PSIsInZhbHVlIjoiWjhJK1cwcjRRRjlobWJrU1R4aFBXZzIrS2hpK2Q5NmpDd2VhR1JqQjJvelBISnFVOUI0VWxKeEhiQnVSSTFJajdZa1pTYTcxUVEyZEN0U3pyZE5VcXc9PSIsIm1hYyI6ImQ2MDFlZDNmZjY3ZWYzMmM1MmZhOTI2ZjJhYjMyNzA1OGIyYmJlNDE0N2U1OWMwZWE3MjYwNjU5Y2Y3NzFlNzMifQ%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe

Response headers

status
200
date
Fri, 28 Feb 2020 10:46:47 GMT
content-type
text/html
last-modified
Tue, 21 Jan 2020 10:21:35 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
56c1d1108fc41f29-FRA
content-encoding
br
survey
www.friendlyreturns.com/survey/
19 B
469 B
XHR
General
Full URL
https://www.friendlyreturns.com/survey/survey
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/js/jquery-3.4.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e69e632fd455bb94aa01816ae5530a7eb04e5ac5bc0a63d5f96d7d12f8a3f7b3

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Origin
https://www.friendlyreturns.com
X-Requested-With
XMLHttpRequest
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.friendlyreturns.com
cache-control
no-cache
cf-ray
56c1d1109fe31f29-FRA
OneSignalSDK.js
cdn.onesignal.com/sdks/ Frame 40EB
8 KB
3 KB
Script
General
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03287280ffc2f50b1c9b477d00acb16fec7797d50e3a89a2dcb5589e36e413c0

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
3283
etag
W/"f242ff15a186d9d5dc1c33cc46f2d4a1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=43200
cf-ray
56c1d110fd1dd6e1-FRA
expires
Fri, 28 Feb 2020 22:46:47 GMT
jquery-1.12.4.min.js
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/ Frame 40EB
95 KB
32 KB
Script
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/jquery-1.12.4.min.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:34 GMT
server
cloudflare
age
1196
etag
W/"5e25b282-17b8b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
56c1d110d8bf1f29-FRA
all.css
use.fontawesome.com/releases/v5.0.8/css/ Frame 40EB
35 KB
9 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.0.8/css/all.css
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
4080b83d8afc4487b8229308be2f196372bd2123613b46388048f14159f07181

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Origin
https://www.friendlyreturns.com
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
gzip
last-modified
Thu, 01 Mar 2018 21:36:58 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"265a36ec650d63e307e611cdf14d9b89"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
status
200
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
reset.min.css
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/css/ Frame 40EB
773 B
444 B
Stylesheet
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/css/reset.min.css
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82f1278f66b192a223e306d884f8db595ef3b6d829cc1544807b9bf40019403e

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:31 GMT
server
cloudflare
age
1196
etag
W/"5e25b27f-305"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
56c1d110d8af1f29-FRA
jquery.countdown.css
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/countdownjs/ Frame 40EB
1 KB
435 B
Stylesheet
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/countdownjs/jquery.countdown.css
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34f72aa883faea0e292b8e941ae721e100ba89cdcf2c7992c4fcfb81ad265630

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:42 GMT
server
cloudflare
age
1196
etag
W/"5e25b28a-46f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
56c1d110d8b51f29-FRA
jquery.plugin.js
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/countdownjs/ Frame 40EB
11 KB
3 KB
Script
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/countdownjs/jquery.plugin.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0a6acca9b827b8a216634408a4e3e4efb3dd88918ae6cff0bc7de4124a1005c

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:42 GMT
server
cloudflare
age
1196
etag
W/"5e25b28a-2ba2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
56c1d110d8c31f29-FRA
jquery.countdown.js
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/countdownjs/ Frame 40EB
35 KB
9 KB
Script
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/countdownjs/jquery.countdown.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a03ae00213fccd9886c4833e52f5467bdc5a6f9af22cf80667c6d9d75bd374a3

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:42 GMT
server
cloudflare
age
1196
etag
W/"5e25b28a-8c19"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
56c1d110d8c41f29-FRA
styles.css
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/css/ Frame 40EB
5 KB
1 KB
Stylesheet
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/css/styles.css
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06335fb1b038ceb04b3826b9b9af144c9a2a5532eb07e3af8ad08a20e78aa09f

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:31 GMT
server
cloudflare
age
1196
etag
W/"5e25b27f-15ab"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
56c1d110d8ba1f29-FRA
animate.css
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/css/ Frame 40EB
71 KB
4 KB
Stylesheet
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/css/animate.css
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d34c3af0d3b74cbb878ca4472668ebae02410ed1bfe8e85b244bb582d1dcb2ea

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:31 GMT
server
cloudflare
age
1196
etag
W/"5e25b27f-11a43"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
56c1d110d8bc1f29-FRA
preloader.gif
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/img/ Frame 40EB
80 KB
80 KB
Image
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/img/preloader.gif
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea4775a16983b954313e9a71e84fc0dc4a956d267de56462d94c78d695f9a9db

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:33 GMT
server
cloudflare
age
1196
etag
"5e25b281-14041"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
56c1d110d8c61f29-FRA
content-length
81985
expires
Thu, 31 Dec 2037 23:55:55 GMT
van.png
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/img/ Frame 40EB
16 KB
16 KB
Image
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/img/van.png
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2d1917de752c2887ea7e84c54d054c4d7621262cd99703490d9eae7a1d41ef8

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:34 GMT
server
cloudflare
age
1196
etag
"5e25b282-3f85"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
56c1d110d8cc1f29-FRA
content-length
16261
expires
Thu, 31 Dec 2037 23:55:55 GMT
css
fonts.googleapis.com/ Frame 40EB
20 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8381a7d35e63fa3670e6391361cac64bcdac5421f69f7197abc2119f00c40648
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 10:46:47 GMT
server
ESF
date
Fri, 28 Feb 2020 10:46:47 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 28 Feb 2020 10:46:47 GMT
prelander.js
www.friendlyreturns.com/prelanders/ Frame 40EB
3 KB
1008 B
Script
General
Full URL
https://www.friendlyreturns.com/prelanders/prelander.js
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f43f6bb9637c5d91057dabfaf7e296330476ee8b4574c0bf11688e2381082f53

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 29 Jan 2020 10:47:09 GMT
server
cloudflare
age
2052
etag
W/"5e3162ad-ab0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
56c1d1117a4e1f29-FRA
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ Frame 40EB
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/jquery-1.12.4.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i
Origin
https://www.friendlyreturns.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 30 Jan 2020 02:11:57 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
2536490
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
9132
x-xss-protection
0
expires
Fri, 29 Jan 2021 02:11:57 GMT
bg2.jpg
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/img/ Frame 40EB
129 KB
129 KB
Image
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/img/bg2.jpg
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/jquery-1.12.4.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75ae30bcd1fdb70111741756cb3afd61e9195a443a795286fb9e671488b57d96

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/css/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:33 GMT
server
cloudflare
age
10219
etag
"5e25b281-20319"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
56c1d1118a601f29-FRA
content-length
131865
expires
Thu, 31 Dec 2037 23:55:55 GMT
footer.gif
www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/img/ Frame 40EB
16 KB
16 KB
Image
General
Full URL
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/img/footer.gif
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/jquery-1.12.4.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681c:1d89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d22a7e34eaf4a1829eacc9766b940fefce122577bdaa19201ae400912aa0b2f

Request headers

Referer
https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/css/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
cf-cache-status
HIT
last-modified
Mon, 20 Jan 2020 14:00:33 GMT
server
cloudflare
age
1193
etag
"5e25b281-4193"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
56c1d1118a641f29-FRA
content-length
16787
expires
Thu, 31 Dec 2037 23:55:55 GMT
fa-solid-900.woff2
use.fontawesome.com/releases/v5.0.8/webfonts/ Frame 40EB
39 KB
40 KB
Font
General
Full URL
https://use.fontawesome.com/releases/v5.0.8/webfonts/fa-solid-900.woff2
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/jquery-1.12.4.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3

Request headers

Referer
https://use.fontawesome.com/releases/v5.0.8/css/all.css
Origin
https://www.friendlyreturns.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 28 Feb 2020 10:46:47 GMT
last-modified
Thu, 01 Mar 2018 21:37:15 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
"0ab54153eeeca0ce03978cc463b257f7"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
status
200
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
accept-ranges
bytes
content-length
40148
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ Frame 40EB
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
Requested by
Host: www.friendlyreturns.com
URL: https://www.friendlyreturns.com/prelanders/jld1/se/SE-PST-POSTNORD/SE-PST-GEN/js/jquery-1.12.4.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i
Origin
https://www.friendlyreturns.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 01 Feb 2020 19:32:54 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:31:11 GMT
server
sffe
age
2301233
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
9080
x-xss-protection
0
expires
Sun, 31 Jan 2021 19:32:54 GMT

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| bootstrap function| JQClass function| countdown boolean| pm_enablePrompt string| pm_promptText string| pm_promptAcceptBtnText string| pm_promptDenyBtnText string| pm_pid object| productUrl string| path_prefix number| total_products object| productId number| survey_id function| exitClickHandler function| trackAnswer function| setConversion function| setProductImpression function| setServerPixel function| trackProductClick function| loadSurveyQuestions

4 Cookies

Domain/Path Name / Value
www.friendlyreturns.com/ Name: survey_id_21327
Value: true
www.friendlyreturns.com/ Name: b2ZmZXJXYWxs
Value: %7B%22campaign%22%3A%2218455%22%2C%22survey%22%3A21327%2C%22source%22%3A%2259c7d134b774554b578f930d%22%2C%22subid%22%3A%22subid%3D59c7d134b774554b578f930d%26firstname%3D%7B%7Bfirst_name%7D%7D%26lastname%3D%7B%7Blast-name%7D%7D%26address%3D%26zipcode%3D%26mobile%3D%26city%3D%26email%3D%7B%7Bemail%7D%7D%22%2C%22firstSession%22%3A%22K9MpkGjbPS9CPLXsBiVcfZBIN8GM583DKNYOawmo_18455%22%7D
www.friendlyreturns.com/ Name: laravel_session
Value: eyJpdiI6Im9DZ283dEZ4akdJZ0x5OUlCZFwvTm5BPT0iLCJ2YWx1ZSI6IlM5aUVKOFQ5XC9QRXFHQm5TUnRyRVNWbzdtM1dpaXZ2Rmg3K28yZkFXeW9vVmI5aHNOeDNuc091NWZYVGo3S3ZOU0JOYW9uK3c0bTIrWUo1dktjZ1pDZz09IiwibWFjIjoiZjgzNzJjMWNkN2E2NzBlOGYwYzZhODE0ZTY0MzkxNGQ2MTMwNjlkYjkzZjY3YmYzN2I1NTRmMjcxNjgwMTk3NSJ9
.friendlyreturns.com/ Name: __cfduid
Value: dff8cd57b6546618528a90829a466ba5b1582886806

3 Console Messages

Source Level URL
Text
console-api log URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee(Line 44)
Message:
processed: firstname-{{first_name}} lastname-{{last-name}} address- zipcode- mobile- city- email-{{email}}
console-api info URL: https://www.friendlyreturns.com/survey/18455/source=59c7d134b774554b578f930d/subid=59c7d134b774554b578f930d&firstname=%7B%7Bfirst_name%7D%7D&lastname=%7B%7Blast-name%7D%7D&address=&zipcode=&mobile=&city=&email=%7B%7Bemail%7D%7D/nrp=5e58ef96a226f30dde7a2cee(Line 44)
Message:
TP init
console-api log URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1)
Message:
OneSignal: Using fallback ES5 Stub for backwards compatibility.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.onesignal.com
fonts.googleapis.com
fonts.gstatic.com
push.applytorely.com
trk.ideasworthspreading-4u.eu
use.fontawesome.com
www.friendlyreturns.com
www.milestonereel.com
184.154.10.254
217.115.153.221
23.111.9.35
2606:4700:3035::681c:1d89
2606:4700:3037::681b:8b83
2606:4700::6812:e134
2a00:1450:4001:800::2003
2a00:1450:4001:821::200a
03287280ffc2f50b1c9b477d00acb16fec7797d50e3a89a2dcb5589e36e413c0
06335fb1b038ceb04b3826b9b9af144c9a2a5532eb07e3af8ad08a20e78aa09f
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
2d22a7e34eaf4a1829eacc9766b940fefce122577bdaa19201ae400912aa0b2f
2ee7caaae1cc3f6b08b6f39cf4de7d3b3d044e06c07257f48c676167efcb5bf5
34f72aa883faea0e292b8e941ae721e100ba89cdcf2c7992c4fcfb81ad265630
4080b83d8afc4487b8229308be2f196372bd2123613b46388048f14159f07181
434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3
4c6c34ecd5d1f8aaf96a478cd35ce9a221ae35924c05130fabe5b6140a0746d8
546f22daa21fdc336f4ea6181ca8c4a4dd5282dde72115f0bf3aa69e3b835b41
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
75ae30bcd1fdb70111741756cb3afd61e9195a443a795286fb9e671488b57d96
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
82f1278f66b192a223e306d884f8db595ef3b6d829cc1544807b9bf40019403e
8381a7d35e63fa3670e6391361cac64bcdac5421f69f7197abc2119f00c40648
9c87e5d4579eca6df0bbd4c0e1cd5a4b468c6e8d15a09976c68fee8bc2b07ab3
a03ae00213fccd9886c4833e52f5467bdc5a6f9af22cf80667c6d9d75bd374a3
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
ae88db06df66fada6bd19661950611c6a69796df07f7a97991ec8db92c124af7
b0a6acca9b827b8a216634408a4e3e4efb3dd88918ae6cff0bc7de4124a1005c
b24eb9638260837328cb57cc88a42c7472eebcef0d23ad953073901d3bf41c6d
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
c2d1917de752c2887ea7e84c54d054c4d7621262cd99703490d9eae7a1d41ef8
ccdc2f2a7a716655ee0e5604046dec02277fbc59252dbc59067d29582e027e58
d00255a582d67e7d1061097b97f939b3d4e4bd48c31e6e0fd1cdf3d2f271ab63
d1b923bd321edf1b6d8c70e83fc400818a545d8eb54f5f671fa81b871a9b3f2b
d34c3af0d3b74cbb878ca4472668ebae02410ed1bfe8e85b244bb582d1dcb2ea
d7793635b3a67ad46bb0f738f17326d1d4de4ef3e9a2a2ee4ac4e318a77dabd0
e69e632fd455bb94aa01816ae5530a7eb04e5ac5bc0a63d5f96d7d12f8a3f7b3
ea4775a16983b954313e9a71e84fc0dc4a956d267de56462d94c78d695f9a9db
f43f6bb9637c5d91057dabfaf7e296330476ee8b4574c0bf11688e2381082f53
ff4610869c48d9eefb45f127331f4203f8624db93d14cb268c69c38cfc77620e