Submitted URL: https://cdn.returnsandrefund.com/
Effective URL: https://returnsandrefund.com/
Submission: On June 06 via automatic, source certstream-suspicious

Summary

This website contacted 21 IPs in 3 countries across 16 domains to perform 162 HTTP transactions. The main IP is 3.126.196.163, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is returnsandrefund.com.
TLS certificate: Issued by R3 on April 29th 2021. Valid for: 3 months.
This is the only time returnsandrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
45 3.126.196.163 16509 (AMAZON-02)
23 142.250.181.226 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:215... 16509 (AMAZON-02)
5 18.156.95.187 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2620:116:800d... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
12 2a00:1450:400... 15169 (GOOGLE)
13 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:205... 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
21 2a00:1450:400... 15169 (GOOGLE)
1 4 2a00:1450:400... 15169 (GOOGLE)
13 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 37.157.2.238 198622 (ADFORM)
162 21
Domain Requested by
45 returnsandrefund.com returnsandrefund.com
23 securepubads.g.doubleclick.net returnsandrefund.com
securepubads.g.doubleclick.net
21 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
returnsandrefund.com
bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
12 adservice.google.com securepubads.g.doubleclick.net
12 adservice.google.de securepubads.g.doubleclick.net
11 cdn.ampproject.org securepubads.g.doubleclick.net
6 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
5 fonts.gstatic.com fonts.googleapis.com
5 g.ezoic.net returnsandrefund.com
4 www.google.com 1 redirects tpc.googlesyndication.com
bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
returnsandrefund.com
4 fonts.googleapis.com returnsandrefund.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
2 googleads.g.doubleclick.net bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
2 www.googletagservices.com securepubads.g.doubleclick.net
bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
2 bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 track.seadform.net returnsandrefund.com
1 pixel.quantserve.com returnsandrefund.com
1 rules.quantcount.com secure.quantserve.com
1 secure.quantserve.com returnsandrefund.com
1 go.ezoic.net returnsandrefund.com
1 www.googletagmanager.com returnsandrefund.com
1 go.ezodn.com returnsandrefund.com
1 cdn.returnsandrefund.com 1 redirects
162 23

This site contains links to these domains. Also see Links.

Domain
silktide.com
us.homesense.com
www.ezoic.com
Subject Issuer Validity Valid
returnsandrefund.com
R3
2021-04-29 -
2021-07-28
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-05-10 -
2021-08-02
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-05 -
2021-08-05
a year crt.sh
upload.video.google.com
GTS CA 1O1
2021-05-10 -
2021-08-02
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2021-05-10 -
2021-08-02
3 months crt.sh
*.ezoic.net
Amazon
2021-02-15 -
2022-03-16
a year crt.sh
ezoic.net
R3
2021-05-23 -
2021-08-21
3 months crt.sh
*.google.com
GTS CA 1O1
2021-05-10 -
2021-08-02
3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA
2020-10-02 -
2021-10-07
a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2021-05-10 -
2021-08-02
3 months crt.sh
www.google.com
GTS CA 1C3
2021-05-10 -
2021-08-02
3 months crt.sh
misc-sni.google.com
GTS CA 1C3
2021-05-10 -
2021-08-02
3 months crt.sh
*.seadform.net
DigiCert SHA2 Secure Server CA
2020-10-05 -
2021-11-03
a year crt.sh

This page contains 8 frames:

Primary Page: https://returnsandrefund.com/
Frame ID: 75724D4A6F07D5BCCBD5A47D10D7C54C
Requests: 110 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: D5AB84837B3CF3C41DA5A9102BFEC932
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 68D90F6A70F3638C6354E0C0D31F1F0C
Requests: 1 HTTP requests in this frame

Frame: https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0CEA26C24D8B46AFA045F9EDFDA3E212
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/index.html
Frame ID: 9704A7EB83C03A8A6421B90AAAC75BB3
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 09A8ED63D5C638084635F0BC217BC3E9
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022105242203000/amp4ads-v0.mjs
Frame ID: 6126E61834399AC2280145463A4F490D
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022105242203000/amp4ads-v0.mjs
Frame ID: 5EE47567C74AD785C2F9793EF80F6D46
Requests: 15 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://cdn.returnsandrefund.com/ HTTP 301
    https://returnsandrefund.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /\.quantserve\.com\/quant\.js/i

Page Statistics

162
Requests

100 %
HTTPS

81 %
IPv6

16
Domains

23
Subdomains

21
IPs

3
Countries

1382 kB
Transfer

3433 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cdn.returnsandrefund.com/ HTTP 301
    https://returnsandrefund.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 96
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si

162 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
returnsandrefund.com/
Redirect Chain
  • https://cdn.returnsandrefund.com/
  • https://returnsandrefund.com/
114 KB
27 KB
Document
General
Full URL
https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
d7743c2b67adc72c4a4a986b5590704c5a9ced6d9a08cd7fd7ab6d499153e237

Request headers

:method
GET
:authority
returnsandrefund.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

age
50956
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 06 Jun 2021 05:31:57 GMT
display
pub_site_sol
expires
Sat, 05 Jun 2021 05:31:57 GMT
last-modified
Sun, 06 Jun 2021 01:01:21 GMT
pagespeed
off
response
200
server
nginx/1.16.0
set-cookie
ezoadgid_200400=-1; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 06:01:56 UTC ezoref_200400=; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 07:31:56 UTC ezoab_200400=mod1; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 07:31:56 UTC active_template::200400=pub_site.1622957516; Path=/; Domain=returnsandrefund.com; Expires=Tue, 08 Jun 2021 05:31:56 UTC ezopvc_200400=1; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 06:01:57 UTC ezepvv=0; Path=/; Domain=returnsandrefund.com; Expires=Mon, 07 Jun 2021 05:31:57 UTC ezovid_200400=1006240796; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 06:01:57 UTC lp_200400=https://returnsandrefund.com/; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 06:01:57 UTC ezovuuidtime_200400=1622957517; Path=/; Domain=returnsandrefund.com; Expires=Tue, 08 Jun 2021 05:31:57 UTC ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 06:01:57 UTC ezCMPCCS=true; Path=/; Domain=returnsandrefund.com; Expires=Mon, 06 Jun 2022 05:31:57 GMT
vary
Accept-Encoding Accept-Encoding,User-Agent
x-cache
HIT
x-cache-hits
406
x-ezoic-cdn
Miss
x-middleton-display
pub_site_sol
x-middleton-response
200
x-sol
pub_site

Redirect headers

date
Sun, 06 Jun 2021 05:31:56 GMT
content-type
text/plain; charset=utf-8
content-length
0
cache-control
max-age=300, private
location
https://returnsandrefund.com/
vary
Accept-Encoding Accept-Encoding
x-middleton-display
redirect
cf-cache-status
DYNAMIC
cf-request-id
0a81677e2000004aa4c7805000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FZQl4fqtNkl0eX%2FKMLaSNZiCIiyPpT8XdG1Vvj%2F7QF%2FoE5Dd58p1taPpW5l%2BKCeKMiZhVVb2B3NwFsGjYNA%2Fnp9buDpCgwSQdGA0rhsjsIVeWBiKJRM3kTMsUbJa8rkDR%2F9lxMCelnuHDU6w0uRDFe%2F2"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
65af41dcfef34aa4-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
gpt.js
securepubads.g.doubleclick.net/tag/js/
62 KB
21 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
sffe /
Resource Hash
5d3b1e91595e00d961f95eee4229b527cb8790f1e5718734ea0c85ffb69471cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"894 / 351 of 1000 / last-modified: 1622844595"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21373
x-xss-protection
0
expires
Sun, 06 Jun 2021 05:31:57 GMT
dall.js
go.ezodn.com/hb/
228 KB
66 KB
Script
General
Full URL
https://go.ezodn.com/hb/dall.js?b=oftmedia,oneVideo,onemobile,sharethrough,sovrn,spotx,unruly&cb=194-2-22
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:b890 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
475f9d1edc6601cbf2243cb11d8a432d3fe7be7df925754666ea2dd37f6eafa9

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
414300
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=C7JzEMKIxFOrfDRHJGJbPmXF%2FDV4WTrhYnSHQHkvp9SdtSHvoWBqSVu2JG9p3hiAqcxrrCFxuBm6dAVmmLVVU%2BdJmWTn8K742cucf5nZSLsgJAbsUtWRt4LbcEGmK47S9psjbOVw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
65af41e3ade52b1e-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0a8167824400002b1ebc953000000001
banger.js
returnsandrefund.com/porpoiseant/
43 KB
10 KB
Script
General
Full URL
https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
f4ecce62a254717c7a9b2107c356c7c874eb36725c9cbc4280f7ffc8dfb06509

Request headers

:path
/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
841ee1dfdec3fbc473772577a8b3240b.css
returnsandrefund.com/wp-content/cache/min/1/
147 KB
49 KB
Stylesheet
General
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
a965454ed27194420a23bd494e396653825da3850d9d9258d6464dd5e4f26bfc

Request headers

:path
/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
x-sol
orig
age
63809
x-ezoic-cdn
Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;5932bbef-8f7a-40e7-465e-640e73949182
x-cache
HIT
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
response
200
last-modified
Sun, 06 Jun 2021 01:06:27 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-cache-hits
17
css
fonts.googleapis.com/
5 KB
736 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b04c10e9ef56b9200c56cc5141fe6d712ec85a8d90c0fe5b98fbf9ebe2873cc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 06 Jun 2021 05:16:24 GMT
server
ESF
date
Sun, 06 Jun 2021 05:31:57 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 06 Jun 2021 05:31:57 GMT
jquery-1.12.4-wp.js
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/
95 KB
32 KB
Script
General
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
age
52339
x-ezoic-cdn
Bypass
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
809
x-middleton-response
200
response
200
last-modified
Sun, 06 Jun 2021 04:45:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
expires
Sun, 05 Jun 2022 14:59:38 GMT
responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/
765 B
506 B
Script
General
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
8e424541604f9439f054eb9e4e78925da8c4d2a77985f642f9f4b5f025424d48

Request headers

:path
/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
age
63810
x-ezoic-cdn
Hit ds;ms;c5ae736beb74dda836b2ae3f904f7066;2-200400-0;a1470e90-952b-4279-654b-419cd8c77462
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
315
response
200
last-modified
Sun, 06 Jun 2021 01:01:21 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
17
js
www.googletagmanager.com/gtag/
89 KB
35 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-150748452-1
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ac653397748289472585c3b084c0b503bcea3752bc7841f08bce48fdff759639
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35964
x-xss-protection
0
last-modified
Sun, 06 Jun 2021 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 06 Jun 2021 05:31:57 GMT
cookieconsent.min.js
returnsandrefund.com/ezoic/
4 KB
2 KB
Script
General
Full URL
https://returnsandrefund.com/ezoic/cookieconsent.min.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

:path
/ezoic/cookieconsent.min.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
last-modified
Fri, 28 May 2021 04:19:14 GMT
server
nginx/1.16.0
etag
"11a4-5c35c2da8d480-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
content-length
1707
expires
Mon, 06 Jun 2022 05:31:57 GMT
ezoic.png
go.ezoic.net/utilcave_com/img/
1 KB
2 KB
Image
General
Full URL
https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:b200:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 02:36:22 GMT
via
1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
x-sol
middleton
age
10535
x-cache
Hit from cloudfront
x-middleton-display
staticcontent_sol
content-length
1181
x-amz-cf-id
kL5LORSCf4aEgpWkfwS9pdU87CAc5o2hi7ICENc0bpXWouYf76QaBw==
last-modified
Fri, 28 May 2021 00:46:16 GMT
server
nginx/1.16.0
etag
"49d-5bd497273b080-gzip-gzip"
vary
Accept-Encoding,Accept-Encoding
content-type
image/png
cache-control
max-age=604800
x-amz-cf-pop
FRA50-C1
display
staticcontent_sol
expires
Sun, 13 Jun 2021 02:36:22 GMT
wp-polyfill.min-7.4.4.js
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/
97 KB
32 KB
Script
General
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
br
age
52339
x-ezoic-cdn
Bypass
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
796
x-middleton-response
200
response
200
last-modified
Sun, 06 Jun 2021 03:16:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
expires
Sun, 05 Jun 2022 14:59:38 GMT
index-4e981829b016000918dd61f7ac7dab7e.js
returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/
13 KB
4 KB
Script
General
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-4e981829b016000918dd61f7ac7dab7e.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
457f55ea0c6f05fbf9093f1535e1da2c627530ddbeb46c27a0fb8aef5b7e2805

Request headers

:path
/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-4e981829b016000918dd61f7ac7dab7e.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
age
63809
x-ezoic-cdn
Hit ds;mm;eb5c2d7020fda4533e4f2c14e95b4e90;2-200400-0;5b01d4fa-47c3-42bc-5e82-738e78695add
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
3778
response
200
last-modified
Sun, 06 Jun 2021 04:44:20 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
17
hoverIntent.min-1.8.1.js
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/
1 KB
492 B
Script
General
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
br
age
52339
x-ezoic-cdn
Bypass
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
801
x-middleton-response
200
content-length
447
response
200
last-modified
Sun, 06 Jun 2021 03:16:17 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
expires
Sun, 05 Jun 2022 14:59:38 GMT
superfish.min-1.7.10.js
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/
4 KB
2 KB
Script
General
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327

Request headers

:path
/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
age
25317
x-ezoic-cdn
Hit ds;mm;74aa522f6903ecede49f6fe26e67f571;2-200400-0;e1f0d140-2976-4678-542e-a4865edc8a22
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
1743
response
200
last-modified
Sun, 06 Jun 2021 01:01:21 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
10
superfish.args.min-3.3.3.js
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/
132 B
231 B
Script
General
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5

Request headers

:path
/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
age
25317
x-ezoic-cdn
Hit ds;ms;741c3197cbcdb4fa3069ff8bd82b4d2a;2-200400-0;55f39d27-536f-4174-407e-ce1b2e1ef5f0
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
102
response
200
last-modified
Sun, 06 Jun 2021 04:50:12 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
10
skip-links.min-3.3.3.js
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/
386 B
318 B
Script
General
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb

Request headers

:path
/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
age
25317
x-ezoic-cdn
Hit ds;ms;9dd6d85aaaabfbd9a62c43b4c9b53dea;2-200400-0;6c89b136-13a7-40f4-7c44-442d51efe6eb
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
188
response
200
last-modified
Sun, 06 Jun 2021 03:23:15 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
10
wp-embed.min.js
returnsandrefund.com/wp-includes/js/
1 KB
731 B
Script
General
Full URL
https://returnsandrefund.com/wp-includes/js/wp-embed.min.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path
/wp-includes/js/wp-embed.min.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
br
age
52339
x-ezoic-cdn
Bypass
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
800
x-middleton-response
200
content-length
663
response
200
last-modified
Sun, 06 Jun 2021 01:06:27 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
expires
Sun, 05 Jun 2022 14:59:38 GMT
pubads_impl_2021060301.js
securepubads.g.doubleclick.net/gpt/
312 KB
109 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
sffe /
Resource Hash
d0b3850a417ef733c6acaff02a3311c7ce9a5b7ee55d2cd76d8c7f1f661bcb20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 03 Jun 2021 08:37:25 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112073
x-xss-protection
0
expires
Sun, 06 Jun 2021 05:31:57 GMT
nmash.js
returnsandrefund.com/porpoiseant/
33 KB
9 KB
Other
General
Full URL
https://returnsandrefund.com/porpoiseant/nmash.js?v=19
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd

Request headers

:path
/porpoiseant/nmash.js?v=19
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
same-origin
accept
*/*
cache-control
no-cache
sec-fetch-dest
worker
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
last-modified
Fri, 28 May 2021 04:19:14 GMT
server
nginx/1.16.0
etag
"854d-5c35c2da8d480;5c40e7674104e-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
ezosuigeneris.js
g.ezoic.net/
555 B
565 B
Script
General
Full URL
https://g.ezoic.net/ezosuigeneris.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
64b8782e8d1d8de1437de5f46d9d4420dd0b575d2e16565ca4dcfe0ab415ef55

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
last-modified
Sat, 05 Jun 2021 23:12:11 GMT
server
nginx/1.16.0
etag
d9ae1bd24009438980cda398a3cd51b2
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cache-control
max-age=999999, private
content-length
278
expires
Mon, 29 Apr 2020 21:44:55 GMT
cmb.js
returnsandrefund.com/detroitchicago/
111 KB
28 KB
Script
General
Full URL
https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
0cf75919452a4adf80337eca213166aa09b6c3a7ec848e45b4b0c84eb4f8959e

Request headers

:path
/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
return-logo-2.png
returnsandrefund.com/wp-content/uploads/2019/03/
1 KB
1 KB
Image
General
Full URL
https://returnsandrefund.com/wp-content/uploads/2019/03/return-logo-2.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8

Request headers

:path
/wp-content/uploads/2019/03/return-logo-2.png
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
age
6520
x-ezoic-cdn
Hit ds;ms;dfcf52210967f019fd4ce3feb2e0509c;2-200400-0;58130387-7f1b-4994-430f-8f272559e8bf
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
1075
response
200
last-modified
Sun, 06 Jun 2021 05:27:13 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
image/png
cache-control
public, max-age=31536000
display
staticcontent_sol, staticcontent_sol
x-cache-hits
6
TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v36/
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 06:55:41 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jan 2021 20:31:14 GMT
server
sffe
age
426976
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16016
x-xss-protection
0
expires
Wed, 01 Jun 2022 06:55:41 GMT
0QIvMX1D_JOuMwr7Iw.woff2
fonts.gstatic.com/s/lora/v17/
34 KB
35 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lora/v17/0QIvMX1D_JOuMwr7Iw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9f762334ff28e79eb7547f6ddb109583d35e0ea3600b71406ca233fb57c12458
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 02 Jun 2021 00:19:32 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jan 2021 22:52:25 GMT
server
sffe
age
364345
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35284
x-xss-protection
0
expires
Thu, 02 Jun 2022 00:19:32 GMT
download-1.png
returnsandrefund.com/wp-content/uploads/2020/02/
3 KB
3 KB
Image
General
Full URL
https://returnsandrefund.com/wp-content/uploads/2020/02/download-1.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
c63c08ec376a1c99ee774ecbd488d3c33396ea42f8ad0e984179916a2e252849

Request headers

:path
/wp-content/uploads/2020/02/download-1.png
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
age
39359
x-ezoic-cdn
Hit ds;dm;502accaecac65cd023d490ab18d798a5;2-200400-0;f26c5b44-29ec-47d0-4284-f337eec4ce43
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
2981
response
200
last-modified
Sat, 05 Jun 2021 23:12:10 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
image/png
cache-control
public, max-age=31536000
display
staticcontent_sol, staticcontent_sol
x-cache-hits
8
download-4.jpg
returnsandrefund.com/wp-content/uploads/2020/02/
12 KB
12 KB
Image
General
Full URL
https://returnsandrefund.com/wp-content/uploads/2020/02/download-4.jpg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
efca4b1d7c19af67aa04f4a6ef3f9db4c8d3bea417a00240009db7ed26280080

Request headers

:path
/wp-content/uploads/2020/02/download-4.jpg
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Sun, 06 Jun 2021 03:22:24 GMT
server
nginx/1.16.0
age
39359
x-ezoic-cdn
Hit ds;dm;42dbe1ec3ee9c20d6caedbd1281216e7;2-200400-0;50204df6-d861-48db-7f70-35f7831b4a70
x-cache
HIT
content-type
image/jpeg
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
display
staticcontent_sol, staticcontent_sol
x-cache-hits
8
analytics.js
www.google-analytics.com/
48 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150748452-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
1234
date
Sun, 06 Jun 2021 05:11:23 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Sun, 06 Jun 2021 07:11:23 GMT
images-2.jpg
returnsandrefund.com/wp-content/uploads/2020/02/
9 KB
9 KB
Image
General
Full URL
https://returnsandrefund.com/wp-content/uploads/2020/02/images-2.jpg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
8c63493b034323da08e44455885820239e72b10f9fb8b857e8313008f4d6fac5

Request headers

:path
/wp-content/uploads/2020/02/images-2.jpg
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Sun, 06 Jun 2021 03:16:17 GMT
server
nginx/1.16.0
age
39359
x-ezoic-cdn
Hit ds;dm;7b4b808955c5813402eef6c10ded310c;2-200400-0;d541490f-856b-4e98-67a9-2c89e345f29f
x-cache
HIT
content-type
image/jpeg
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
display
staticcontent_sol, staticcontent_sol
x-cache-hits
7
imp.gif
returnsandrefund.com/detroitchicago/
43 B
128 B
XHR
General
Full URL
https://returnsandrefund.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A0%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C3%2C22%2C0%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Berlin%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1108%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2244678d34-dece-49cb-7e73-8741015f448f%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2210178%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A48878%2C%22response_time_orig%22%3A327%2C%22serverid%22%3A%2218.193.43.240%3A25045%22%2C%22state%22%3A%22BE%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1108%22%2C%22t_epoch%22%3A1622957516%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

:path
/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A0%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C3%2C22%2C0%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Berlin%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1108%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2244678d34-dece-49cb-7e73-8741015f448f%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2210178%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A48878%2C%22response_time_orig%22%3A327%2C%22serverid%22%3A%2218.193.43.240%3A25045%22%2C%22state%22%3A%22BE%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1108%22%2C%22t_epoch%22%3A1622957516%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
image/gif
x-middleton-display
imp_sol
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
47
quant.js
secure.quantserve.com/
24 KB
9 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
gzip
etag
"WhyxmPkT7L77qVDcrjxwGw=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Sun, 13 Jun 2021 05:31:57 GMT
ezosuigenerisc.js
g.ezoic.net/
0
54 B
Script
General
Full URL
https://g.ezoic.net/ezosuigenerisc.js?nogen=1
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
cache-control
max-age=300, private
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding, Accept-Encoding
content-type
text/plain; charset=utf-8
houston.js
returnsandrefund.com/detroitchicago/
3 KB
1 KB
Script
General
Full URL
https://returnsandrefund.com/detroitchicago/houston.js?gcb=2&cb=36
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa

Request headers

:path
/detroitchicago/houston.js?gcb=2&cb=36
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:57 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
content-length
1163
integrator.js
adservice.google.de/adsid/
107 B
799 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
553 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
945 B
307 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=2835932440418081&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3%2Creturnsandrefund_com-box-1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=580x400%2C300x250&prev_scp=a%3D%257C2%257C%26iid1%3D67501%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-67501%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D650%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%7Ca%3D%257C6%257C%26iid1%3D21751%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1108%26sap%3D1108%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dreturnsandrefund_com-box-1-21751%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D120%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C816%2C817%2C899%2C919&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1622941281&dt=1622957517996&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=345%2C1120&adys=640%2C191&adks=3214824028%2C3856334401&ucis=1%7C2&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400%7C300x264&msz=580x400%7C300x250&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0%2C0&ohw=0%2C0&btvi=0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
2a1114cab8def8caeb8ae86e73cb6a741765fb866e592f5ffc00833ea495c609
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
277
x-xss-protection
0
google-lineitem-id
-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/
0
0
Other
General
Full URL
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

841ee1dfdec3fbc473772577a8b3240b.css
returnsandrefund.com/wp-content/cache/min/1/
64 KB
64 KB
Image
General
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
br
x-sol
orig
age
63809
x-ezoic-cdn
Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;5932bbef-8f7a-40e7-465e-640e73949182
x-cache
HIT
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
response
200
last-modified
Sun, 06 Jun 2021 03:17:11 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-cache-hits
17
greenoaks.gif
returnsandrefund.com/detroitchicago/
0
127 B
XHR
General
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDYifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI3In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjAifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiZGF0YSI6W3sibmFtZSI6InVuaXZlcnNhbF91c2VyX2lkIiwidmFsIjoiZDlhZTFiZDI0MDA5NDM4OTgwY2RhMzk4YTNjZDUxYjIifV19XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDYifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI3In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjAifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiZGF0YSI6W3sibmFtZSI6InVuaXZlcnNhbF91c2VyX2lkIiwidmFsIjoiZDlhZTFiZDI0MDA5NDM4OTgwY2RhMzk4YTNjZDUxYjIifV19XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:31:57 UTC
ads
securepubads.g.doubleclick.net/gampad/
476 B
285 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=2380012119166910&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=a%3D%257C3%257C%26iid1%3D39901%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-39901%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D1300%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1622941281&dt=1622957518018&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
cd870328bbc2282c5e50f5e8e2e6c08298dd89447ee8c16e3364947b1e4aaff6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
255
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
1 B
21 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&a=2068052959&t=pageview&_s=1&dl=https%3A%2F%2Freturnsandrefund.com%2F&ul=en-us&de=UTF-8&dt=All%20About%20Returns%20%26%20Refunds%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=1010952762&gjid=773161414&cid=1316539072.1622957518&tid=UA-150748452-1&_gid=1926124316.1622957518&_r=1&gtm=2ou621&z=852884399
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 06 Jun 2021 05:31:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
rules-p-31iz6hfFutd16.js
rules.quantcount.com/
3 B
429 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2050:9a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 05 Jun 2021 13:13:51 GMT
via
1.1 61c35238bc750b646bd101c97da70923.cloudfront.net (CloudFront)
age
58688
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 19:50:24 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
BUD50-C1
accept-ranges
bytes
x-amz-cf-id
oEeoYp5m62S3KPkEyYSgkle-dRU-WxqnXFWSxkmSiUvaREHDqPwssg==
pixel;r=525569255;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-1743529864-1622957518113;pbcn=u;pbc=;ns=0...
pixel.quantserve.com/
35 B
371 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=525569255;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-1743529864-1622957518113;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=returnsandrefund.com;je=0;sr=1600x1200x24;dst=1;et=1622957518113;tzo=-120;ogl=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Jun 2021 05:31:58 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
dark-bottom.css
returnsandrefund.com/ezoic/styles/
3 KB
815 B
Stylesheet
General
Full URL
https://returnsandrefund.com/ezoic/styles/dark-bottom.css
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/ezoic/cookieconsent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

:path
/ezoic/styles/dark-bottom.css
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
br
last-modified
Fri, 28 May 2021 04:19:14 GMT
server
nginx/1.16.0
etag
"bd7-5c35c2da8d480-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
text/css
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
content-length
725
greenoaks.gif
returnsandrefund.com/detroitchicago/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjU4NSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTA2NCJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMTEifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiNjM4In0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiODQ2In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6Ijg0NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjE2MDgifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjE2MDgifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjU4NSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTA2NCJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMTEifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiNjM4In0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiODQ2In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6Ijg0NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjE2MDgifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjE2MDgifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=97043b2e3dd9e829-2274092f56c8005b:T=1622957518:S=ALNI_MZ4WQB3q7GAR76ggAl-JdEm_oMDog
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:31:58 UTC
greenoaks.gif
returnsandrefund.com/detroitchicago/
0
42 B
XHR
General
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiMTEwOSJ9XX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiMTEwOSJ9XX1d
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=97043b2e3dd9e829-2274092f56c8005b:T=1622957518:S=ALNI_MZ4WQB3q7GAR76ggAl-JdEm_oMDog
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:31:58 UTC
sodar
pagead2.googlesyndication.com/getconfig/
10 KB
8 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f56e66335810aad9fcba20cac463534cbb027523624e76f54398c43db34102c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7832
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:31:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1616005470650935"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Sun, 06 Jun 2021 05:31:58 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/222/ Frame D5AB
12 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/222/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://returnsandrefund.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5022
date
Sat, 05 Jun 2021 21:23:01 GMT
expires
Sun, 05 Jun 2022 21:23:01 GMT
last-modified
Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
29337
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 68D9
783 B
1012 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a98ca727ff8dca005e93dc2bc7baa535eb80e79d7e364224bfd9bde4d4c644ce
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-o6nxMHl4I/6jKTPDJ7lZyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://returnsandrefund.com/

Response headers

expires
Sun, 06 Jun 2021 05:31:58 GMT
date
Sun, 06 Jun 2021 05:31:58 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-o6nxMHl4I/6jKTPDJ7lZyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js
pagead2.googlesyndication.com/bg/ Frame D5AB
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 05 Jun 2021 18:18:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
40422
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5768
x-xss-protection
0
last-modified
Mon, 31 May 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 05 Jun 2022 18:18:16 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021060301&jk=520960277548951&bg=!b2ylbCjNAAY6sG-_OrA7ACkAdvg8Wsga1tySFQP8UQEUgx7x3jxUWCeamEQJGonucOIqGQQZeCa39gIAAABRUgAAAAtoAQcKAALXUZkCRZndExBYpHw13-gryvJ6Qy9EbOnPxOtPy6zu4gagtGSLemW6LKRs5oMNgub3A97z35-5SMZWR9VkkeP7UL3kcoKJkdQgTPXY1dvIJeGuyUamNzcrtOa4Ez_9xFwgJZNVopats1k2wliWwkVuIIaZoJHAvGwks40TOr9T_Jv-GRtacbtxZmpH6s3NifLEYbOegIqlyqjygrTRBOOvsl8NZEZ1UXknr6REToa361khIdpFCe9wfiC8JkfkkpZC8_Q7hkAHSH3xHOCmFxJlcVD57UJNl3mCI6BXYgnc6T9d6aV7sJohteSf6gWMj1tiTHlXkNTwUm2t2j6Wrko-B3vmDrXwB5tnm4VQPd9Ifg8eGyGKbHUMXUUKvM1AgBA0Lu3NnnB4R64O0w6RD9msQ8J_M3s0XSRM2DdSn7h-5eY90SRj6IRGf571_UjffsdUPOCCacTScXFRz0E13-acXClaJ2i61Y6nxcJe6CP25xGusp2KYKJ1nYIw7xxGFfo4LroOsG4rNgTwqERO96z-q0KehrwaSBgwxnw6X3RMz1HpbfURA-b-IY_gW9bn4gESwKPWRnkFXVscku-5pNkyZ6YiVCH0putBFyEA_AiTCpyjVm1BKj9mmwOubpMej-N3RZVhNRclRw1uONtSTxLxmRLsGyuW58rhaOd30eobXp6XhSDu0KM7WNfvxdDmlRFw-RNIDv01LQs0Z-UVn-KNShTfHcMs-K_9szMYaaz7YMJVmkBcH3hjDhTlIHJQs0fuRP27Esxx67h0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Jun 2021 05:31:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
459 B
272 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=4386430503690734&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=3&rcs=1&prev_scp=a%3D%257C3%257C%26iid1%3D39901%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-39901%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D650%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26lb%3D1300%26reqt%3D1622957521003&eri=1&cookie=ID%3Dd6b27a831fc6a196-2207d0d656c8008d%3AT%3D1622957518%3AS%3DALNI_MbcZi2ej6_cJJhJtSm-RlaJWgt7Eg&bc=31&abxe=1&lmt=1622941281&dt=1622957521006&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
449d166c02646b8abfd5232406fca903993c73c2543df26975350fcbf5520cd7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:01 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
241
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
451 B
261 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=4055462456336184&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=a%3D%257C6%257C%26iid1%3D21751%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1108%26sap%3D1108%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dreturnsandrefund_com-box-1-21751%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D60%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C816%2C817%2C899%2C919%2C17%2C19%2C20%26lb%3D120%26reqt%3D1622957521008&eri=1&cookie=ID%3Dd6b27a831fc6a196-2207d0d656c8008d%3AT%3D1622957518%3AS%3DALNI_MbcZi2ej6_cJJhJtSm-RlaJWgt7Eg&bc=31&abxe=1&lmt=1622941281&dt=1622957521011&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=1120&adys=191&adks=3856334401&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
f057e9f5ac1826093729b41efb5f67e4872c99e36f6fda5932b22b4b2eff5aa8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:01 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
230
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
460 B
272 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=2177949852389764&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=3&rcs=1&prev_scp=a%3D%257C2%257C%26iid1%3D67501%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-67501%26eb_br%3D9e0a1ce5b2455cb9b48d5df4c6bf4053%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D350%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%26lb%3D650%26reqt%3D1622957521013&eri=1&cookie=ID%3Dd6b27a831fc6a196-2207d0d656c8008d%3AT%3D1622957518%3AS%3DALNI_MbcZi2ej6_cJJhJtSm-RlaJWgt7Eg&bc=31&abxe=1&lmt=1622941281&dt=1622957521016&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=640&adks=3214824028&ucis=6&ifi=6&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
35da4dabdaa15b95e66185636e21015e65bea2d9fa7a12ddbe3621ede9cddf6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:01 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
241
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
351 B
182 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=3658173696933115&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=2&prev_scp=a%3D%257C2%257C%26iid1%3D67501%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-67501%26eb_br%3D8de2c8ca79e8623e3cb37120a35ebaa2%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D240%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C20%2C21%26lb%3D350%26reqt%3D1622957521519&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957522552&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=640&adks=3214824028&ucis=7&ifi=7&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
bc470576f8f1b4bf3993e1f983f1911aa8a5b0bd08f15e3916baa14714c39275
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
153
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
342 B
172 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=2253765713631530&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=2&prev_scp=a%3D%257C6%257C%26iid1%3D21751%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1108%26sap%3D1108%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dreturnsandrefund_com-box-1-21751%26eb_br%3D54d0fa6d5f6aabe7623cb24faa42a441%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D30%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C816%2C817%2C899%2C919%2C17%2C19%2C20%2C17%2C19%2C20%26lb%3D60%26reqt%3D1622957521544&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957522557&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=1120&adys=191&adks=3856334401&ucis=8&ifi=8&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
44ae8aad1266affebb54f57f25725c17ca8a361a78fc81db4300a81825eb5e67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
143
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
350 B
182 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=931119698237299&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=2&prev_scp=a%3D%257C3%257C%26iid1%3D39901%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-39901%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D400%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26lb%3D650%26reqt%3D1622957521665&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957522669&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=9&ifi=9&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
fcdd96fb7a2908cdd4c0863b2e84226f689682913e9f2ab18822e4b4c88d8041
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
153
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
351 B
182 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=142837191196081&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=1&rcs=3&prev_scp=a%3D%257C2%257C%26iid1%3D67501%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-67501%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D140%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C20%2C21%2C17%2C20%2C21%26lb%3D240%26reqt%3D1622957523055&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957523059&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=640&adks=3214824028&ucis=a&ifi=10&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
99a7ba6e3316eee5e9bc8b0fad11c8499e1b33f59207d74753400ce0bd806a71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
153
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
342 B
172 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=731382655316674&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=a%3D%257C6%257C%26iid1%3D21751%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1108%26sap%3D1108%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dreturnsandrefund_com-box-1-21751%26eb_br%3D2e8b8c60843e52e5aaa1e3a52287a2bb%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D8%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C816%2C817%2C899%2C919%2C17%2C19%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D30%26reqt%3D1622957523062&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957523064&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=1120&adys=191&adks=3856334401&ucis=b&ifi=11&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
08d98e9b304ce94b907cd49a21ae8c76ed6b5a3628ad5fd5f898b951530bcb49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
143
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
350 B
183 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=2602498273740469&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=3&prev_scp=a%3D%257C3%257C%26iid1%3D39901%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-39901%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D160%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C20%26lb%3D400%26reqt%3D1622957523172&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957523175&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=c&ifi=12&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
894a45bbc96d2e63c15ab9aa4697ca26dd3de90bfc0737b61072ab0137b33d6a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:03 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
154
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/
0
65 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjI1MiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjM5In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTkwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzQ1In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjI1MiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjM5In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTkwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzQ1In1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:03 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:03 UTC
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzQ1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI2NDAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMTc1MSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMTIwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxOTEifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTkwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMTAwIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJ0cnVlIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzQ1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI2NDAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMTc1MSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMTIwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxOTEifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTkwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMTAwIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJ0cnVlIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:03 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:03 UTC
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
351 B
182 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=2860966587471870&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=4&prev_scp=a%3D%257C2%257C%26iid1%3D67501%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-67501%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D60%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C20%2C21%2C17%2C20%2C21%2C17%2C19%2C20%2C21%26lb%3D140%26reqt%3D1622957523562&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957524565&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=640&adks=3214824028&ucis=d&ifi=13&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
dcdaf3bb08b6848452143b1ee870372ab0cd2032f3486773f7a9b91f566fb07c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:04 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
153
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
63 KB
22 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=486385819781487&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=4&prev_scp=a%3D%257C6%257C%26iid1%3D21751%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1108%26sap%3D1108%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dreturnsandrefund_com-box-1-21751%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D0%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C816%2C817%2C899%2C919%2C17%2C19%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D8%26reqt%3D1622957523574%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957524576&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=1120&adys=191&adks=3856334401&ucis=e&ifi=14&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
26b82e21c9dff2974e24344d3bf54b78abf922b8c3d9834b11e2aaed3c39b312
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLTd9fWjgvECFQjhuwgdHqQFow&gqi=&layout=/sadbundle/%24csp%253Der3%24/13064758606153383936/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLTd9fWjgvECFQjhuwgdHqQFow&gqi=&layout=/sadbundle/%24csp%253Der3%24/13064758606153383936/index.html
content-encoding
br
x-content-type-options
nosniff
google-creative-id
-1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22397
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
date
Sun, 06 Jun 2021 05:32:04 GMT
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
350 B
183 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=3427476015871312&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=4&prev_scp=a%3D%257C3%257C%26iid1%3D39901%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-39901%26eb_br%3D947f1d5169cc7d0f997560e34838fb04%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D42%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C20%2C17%2C19%2C20%26lb%3D160%26reqt%3D1622957523677&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957524680&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=f&ifi=15&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
06a2e960a80418f12894979360e01197143b7a075d030e274da6485fb58b8c60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:05 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
154
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0CEA
6 KB
3 KB
Document
General
Full URL
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://returnsandrefund.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Sun, 06 Jun 2021 05:31:58 GMT
expires
Mon, 06 Jun 2022 05:31:58 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
6
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/
73 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:04 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1622805992319560"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28149
x-xss-protection
0
expires
Sun, 06 Jun 2021 05:32:04 GMT
greenoaks.gif
returnsandrefund.com/detroitchicago/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6Ijc1MTMifV19XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6Ijc1MTMifV19XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspva=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:04 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:04 UTC
army.gif
returnsandrefund.com/porpoiseant/
0
65 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIxNzUxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6Inplcm8ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIxNzUxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMDgsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIxNzUxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMTc1MSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjQ4MTc3MzU0MjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIxNzUxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6Inplcm8ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIxNzUxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMDgsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIxNzUxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMTc1MSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjQ4MTc3MzU0MjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspva=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:04 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:04 UTC
4817735420
g.ezoic.net/dac/
0
93 B
XHR
General
Full URL
https://g.ezoic.net/dac/4817735420
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 06 Jun 2021 05:32:04 GMT
cache-control
max-age=3600, public
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0wNiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjcifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0wNiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjcifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspva=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:04 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:04 UTC
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYXVjdGlvbl9lcG9jaCI6MTYyMjk1NzUyNSwiYWRfcG9zaXRpb24iOjExMDgsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTIwLCJiaWRfZmxvb3JfcHJldiI6OCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MjkxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYXVjdGlvbl9lcG9jaCI6MTYyMjk1NzUyNSwiYWRfcG9zaXRpb24iOjExMDgsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTIwLCJiaWRfZmxvb3JfcHJldiI6OCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MjkxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspva=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:04 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:04 UTC
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
102 KB
22 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/index.html
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1699160349f58f6de31833ab95b03ce6f1f5f9330ae1a869f913c9a62655db01
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sadbundle/$csp%3Der3$/13064758606153383936/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
date
Tue, 01 Jun 2021 08:33:39 GMT
expires
Wed, 01 Jun 2022 08:33:39 GMT
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
content-length
22822
age
421105
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
securepubads.g.doubleclick.net/pagead/ Frame 0CEA
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CKsXw1F28YLSjJYjC7_UPnsiWmAr-gu3BYab04YG7DYLntLX5ARABIPT5xiVglfrwgYwHoAG5it-LAsgBCakCpYzRIahptD7gAgCoAwHIAwKqBOoBT9CgQryQz9ylagGtSXg4DWu_Gy6TnIVUCBpEJcste6E6vTrL8AWsBWRtpHRgot65KMBdOClRLvLYPvVfE-fnGxF7gOglkBtDWIY9tNroBPUJXfdvjrTRgqbl1VKkF_72RcA3RnTaGkvfqKjMnIp2SNqgMMfR8y-z7TrvJaSBLtkTgp-IvKTblrwlKRxfLvdzxlwsff4xycQ_2g8o7Mgh0AO8uh4csUAhuPC2U7orm1eKWy0wo3pgq2535DlS2t0fNtrChefxbzm2JFZrmGhTqd5xVtiZzqaTAQ0d-MXZjw5-gaf7WmcVZsIFwATpxPXvowPgBAGSBQQIBBgBkgUECAUYBKAGXYAHr_Wg9AGoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwMQ8C7SCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgPICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=qPFlhVsGVFs
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
/
Resource Hash

Request headers

Referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

s
googleads.g.doubleclick.net/pagead/drt/ Frame 09A8
143 B
431 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
URL: https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUl4mGFR-wm4IksitKwOnlO3t_Kcy4MAQw6P8EC1NaPhjBvfVa6q0q7aWjoHt7Q
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Sun, 06 Jun 2021 04:36:58 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
3306
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 0CEA
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js
Requested by
Host: bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
URL: https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:27:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
256
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 20 Jun 2021 05:27:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0CEA
122 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
URL: https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:04 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1622806011323838"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37960
x-xss-protection
0
expires
Sun, 06 Jun 2021 05:32:04 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 0CEA
13 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
URL: https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:29:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
164
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5635
x-xss-protection
0
server
cafe
etag
1091097466425408374
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 20 Jun 2021 05:29:20 GMT
l
www.google.com/ads/measurement/ Frame 0CEA
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQoTIxIwDIdwfqfwtnIvYCq6j4c7lUW41a_V4OH-yAj23NEP34pFOFvdXspZjwHha298jwXVlemxTEtMiqjIeHr4esE7Q
Requested by
Host: bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
URL: https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

css
fonts.googleapis.com/ Frame 9704
2 KB
536 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/index.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
99155f31d46dc469aa872ce824309fae9210fb9357f463b889d617b85b35eb61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 06 Jun 2021 05:08:58 GMT
server
ESF
date
Sun, 06 Jun 2021 05:32:04 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 06 Jun 2021 05:32:04 GMT
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 9704
16 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/index.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 05 Jun 2021 23:50:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20481
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sun, 06 Jun 2021 23:50:43 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 9704
26 KB
10 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/index.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 05 Jun 2021 20:37:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
32080
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sun, 06 Jun 2021 20:37:24 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 09A8
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
URL: https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUl4mGFR-wm4IksitKwOnlO3t_Kcy4MAQw6P8EC1NaPhjBvfVa6q0q7aWjoHt7Q
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sun, 06 Jun 2021 05:32:05 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Sun, 06-Jun-2021 06:32:05 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sun, 06 Jun 2021 05:32:05 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sun, 06 Jun 2021 05:32:04 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 0CEA
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
60cdd64c829852e56698dace8891bea16ba613b0214284ae8176c9c63df0752f

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 9704
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
null
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 08:33:34 GMT
x-content-type-options
nosniff
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
age
421111
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
expires
Wed, 01 Jun 2022 08:33:34 GMT
ziegler-teppich.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
37 KB
37 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ziegler-teppich.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08ea8b5f827ea4d281efb2b160528f1f3c42ee6a3293effd59b371a92915acbc
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
431431
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37936
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 05:41:34 GMT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 05:41:34 GMT
gabbeh-teppich.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
25 KB
25 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/gabbeh-teppich.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dd7e0f21fb756e7baf6c321c6a895710711a7dca6afa20ac2c7fc1f49ba401e9
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
419155
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25417
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 09:06:10 GMT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 09:06:10 GMT
cta_de.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
5 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/cta_de.svg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
480caf8d247b71c562b2f2e63c824fbcc81d5b07861a752c4db9ff270bb16e2e
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
368224
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1657
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 23:15:01 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 23:15:01 GMT
keshan_teppich.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
46 KB
46 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/keshan_teppich.png
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0cd810c7b0062ca026e5f21f80ff89d6f08e1a6736c7601c34bf2b640d664e96
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
372580
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46623
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 22:02:25 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 22:02:25 GMT
logo-nain.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
6 KB
6 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/logo-nain.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f048e73e39dfe007152d73f23869d3645ebb5ad4083e0261a5d00b77492ce63
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
370551
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5957
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 22:36:14 GMT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 22:36:14 GMT
truncated
/ Frame 9704
43 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
logo-nain.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
6 KB
6 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/logo-nain.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f048e73e39dfe007152d73f23869d3645ebb5ad4083e0261a5d00b77492ce63
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
370551
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5957
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 22:36:14 GMT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 22:36:14 GMT
keshan_teppich.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
46 KB
46 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/keshan_teppich.png
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0cd810c7b0062ca026e5f21f80ff89d6f08e1a6736c7601c34bf2b640d664e96
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
372580
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46623
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 22:02:25 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 22:02:25 GMT
cta_de.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
5 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/cta_de.svg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
480caf8d247b71c562b2f2e63c824fbcc81d5b07861a752c4db9ff270bb16e2e
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
368224
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1657
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 23:15:01 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 23:15:01 GMT
gabbeh-teppich.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
25 KB
25 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/gabbeh-teppich.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dd7e0f21fb756e7baf6c321c6a895710711a7dca6afa20ac2c7fc1f49ba401e9
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
419155
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25417
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 09:06:10 GMT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 09:06:10 GMT
ziegler-teppich.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ Frame 9704
37 KB
37 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13064758606153383936/ziegler-teppich.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08ea8b5f827ea4d281efb2b160528f1f3c42ee6a3293effd59b371a92915acbc
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
431431
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37936
x-xss-protection
0
last-modified
Thu, 08 Apr 2021 16:00:20 GMT
server
sffe
date
Tue, 01 Jun 2021 05:41:34 GMT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 05:41:34 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
351 B
181 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=719594850418500&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=1&rcs=5&prev_scp=a%3D%257C2%257C%26iid1%3D67501%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-67501%26eb_br%3D7432360301409ae695ba255f16fbcf06%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D20%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C20%2C21%2C17%2C20%2C21%2C17%2C19%2C20%2C21%2C17%2C18%2C19%2C20%2C21%26lb%3D60%26reqt%3D1622957525086&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957525089&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=640&adks=3214824028&ucis=g&ifi=16&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
eaddb32d5418af7cc9355d1f77cea3566b5c015f79ca177fd95a0996285e8adf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:05 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
152
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
199 KB
70 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=3050102509075724&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=5&prev_scp=a%3D%257C3%257C%26iid1%3D39901%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-39901%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D4%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D42%26reqt%3D1622957525190&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957525193&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=h&ifi=17&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
9aac4c67c9788d16beabfe54c41a94f4b264e430e8ae63981431e61f16817adf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:05 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
71270
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
greenoaks.gif
returnsandrefund.com/detroitchicago/
0
77 B
XHR
General
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjMwNzAwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIzIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjM5NDMwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiMyJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiMTA5NTUyMDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiNjg0NyJ9XX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjMwNzAwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIzIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjM5NDMwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiMyJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiMTA5NTUyMDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiNjg0NyJ9XX1d
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezouspvv=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspva=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:05 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:05 UTC
amp4ads-v0.mjs
cdn.ampproject.org/rtv/022105242203000/ Frame 6126
191 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aac6884cfa8c9515797c7291c7f5ad73ea968306017387e028dbc5089e027ee2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376208
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55209
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"7da48f12e8acf6ff"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/022105242203000/v0/ Frame 6126
12 KB
5 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376208
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4568
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"b435c2fa80137a0e"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/022105242203000/v0/ Frame 6126
87 KB
27 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376208
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27371
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"6687a81702b10306"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
amp-animation-0.1.mjs
cdn.ampproject.org/rtv/022105242203000/v0/ Frame 6126
70 KB
16 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/v0/amp-animation-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1c5563da3d1d8ffdd50815ecffd1c8549c4c8828429322f53effb7fe69814a0d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376177
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16346
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:02:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"60764f3de0d417cf"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:02:28 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/022105242203000/v0/ Frame 6126
4 KB
2 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376208
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1521
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5a9e085610d63d0a"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/022105242203000/v0/ Frame 6126
41 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376208
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13132
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"1bd5431ac5ac76b7"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
truncated
/ Frame 6126
211 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ba7f99f1d0f355953dd64b21364e4d4a0a1204899835824e8bb046a0d8308b69

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6126
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 05 Jun 2021 06:09:32 GMT
x-content-type-options
nosniff
server
cafe
age
84153
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Sun, 06 Jun 2021 06:09:32 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6126
295 B
321 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 05 Jun 2021 20:37:24 GMT
x-content-type-options
nosniff
server
cafe
age
32081
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Sun, 06 Jun 2021 20:37:24 GMT
l
www.google.com/ads/measurement/ Frame 6126
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTbIlyk1QBVuTbOZSqNV9wEMT3AFrGFatBqP9dghKYpo9YOgQ-JdkIx4NWzxq0uEI1BbUAjsK04ynrCTV0LW1OL7B2-Vg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

adview
securepubads.g.doubleclick.net/pagead/ Frame 6126
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CrLQs1V28YMztDdSh7_UPgLiY0A25g_OFY8WuhPHlDfymqbGOFhABIPT5xiVglfrwgYwHoAGs__PhAsgBCakCpYzRIahptD7gAgCoAwHIAwiqBOMBT9Dh3_AMa0sbDL5wh8jTbPDLWxWDV3axa4Gf29pL1-vP4bvi2VHgBrWl2OLEwkw-SssXVapBTlNmlStEKuojA5aH7-UYtPIj3VpyR6BNZJG2tZTxRi59yRSdHxwCeEeKggrI-oAhYPjZlTvSLmrl2O1iwJJ8dsrZYCB-wS2jX0nYMmPTxWaTLTLWPYLrRuI9mGBh1grK1swEfvi4gEkixiIhbAcBVM8ut2qTvm4FuJ0bGr-VAyBBbC2h_1jNXCq_5zE3wBcozI1E4qxW64b4b9lf12sMRH5wN8qOSu2u0U7rk9fABNy10LC6A-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe8gIyeAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCnwALSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgPICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=_5gL6GU11hI&template_id=419
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

truncated
/ Frame 6126
14 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a40c61bbb1a306009c379e04ae25fe0a82046c826e8cbe4b8470bd00c8159958

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ Frame 6126
16 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7c59c652a003409806d0ca1e915e9566967b6420799707f22cc33a5f51fd4b49

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ Frame 6126
20 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c05d670361e9e7d920db167399fba87849afa812e21c293ae57a31e040e7113b

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/jpeg
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTkwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5OTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDQyLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTA3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTkwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTkwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5OTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDQyLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTA3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTkwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspva=2; ezouspvh=4
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:05 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:05 UTC
28687274
g.ezoic.net/dac/
0
40 B
XHR
General
Full URL
https://g.ezoic.net/dac/28687274
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 06 Jun 2021 05:32:05 GMT
cache-control
max-age=3600, public
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDYifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI3In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjAifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDYifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI3In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjAifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspva=2; ezouspvh=4
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:05 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:05 UTC
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYXVjdGlvbl9lcG9jaCI6MTYyMjk1NzUyNiwiYWRfcG9zaXRpb24iOjExMDAsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTMwMCwiYmlkX2Zsb29yX3ByZXYiOjQyLCJiaWRfZmxvb3JfZmlsbGVkIjo0LCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo0NTYsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYXVjdGlvbl9lcG9jaCI6MTYyMjk1NzUyNiwiYWRfcG9zaXRpb24iOjExMDAsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTMwMCwiYmlkX2Zsb29yX3ByZXYiOjQyLCJiaWRfZmxvb3JfZmlsbGVkIjo0LCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo0NTYsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspva=2; ezouspvh=4
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:05 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:05 UTC
activeview
pagead2.googlesyndication.com/pcs/ Frame 0CEA
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssOYhNaJY7w8nWsYjwhSLoUWSJoLgrTTehkq42dIq---qpXA-Asj43TNAcYrWoaoYgEiT7xhN-YVq4SPziiRzFM5NdP5Q1LZs_iBEVgqSJvUSwLEPyzFqJRhwgsAw&sai=AMfl-YSJ8FHX4igCPsPzlWIGHEIuNStllAAQ0-rel8s3dMNm_gBtHYxuh_r9V6GYMHD7POvHFGuQTU8pFSEo70m-GgHbSjWMQ3ttCgbhmLY-YDKPQiXshuKYc9alDNMu&sig=Cg0ArKJSzKOjJA5MBnE6EAE&cid=CAASF-RonH7YLDMW1OWyKaKmsPRKMc9YCWJZ&id=lidar2&mcvt=1000&p=191,1120,441,1420&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210604&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3856334401&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1622957524869&dlt=21&rpt=128&isd=0&msd=0&r=v
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Jun 2021 05:32:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/
0
65 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspva=2; ezouspvh=4
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:06 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:06 UTC
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIxNzUxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMTc1MSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzIifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjE3NTEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDgsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIxNzUxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTA4LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMTc1MSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzIifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspva=2; ezouspvh=4
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:06 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:05 UTC
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
351 B
183 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=1469206228068743&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=6&prev_scp=a%3D%257C2%257C%26iid1%3D67501%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-67501%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D4%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C20%2C21%2C17%2C20%2C21%2C17%2C19%2C20%2C21%2C17%2C18%2C19%2C20%2C21%2C17%2C18%2C19%2C20%2C21%26lb%3D20%26reqt%3D1622957525607&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957526619&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=640&adks=3214824028&ucis=i&ifi=18&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
94668b5fc8de8571014fff7e5de47ee33de11122a9956fec7be3a6f19e97096b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:06 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
154
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 6126
42 B
64 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvrY6qQ49ADTCYOV3LsJP2wXhDZfVx9kUlVxvtLnCAJj4pdF3w3OmFtFWOzlwW44b3CbAFvms4fHBvlWXpD5Q54bCmJ20UgMtGELFMyjZBmi41PFW3TBXel8iiZ_ueisPJRDqQupdKpD-WUXo8IwAxT&sai=AMfl-YSbmN90_u6S3O7EQE1ErgDNFmOSJzaBoY7qRIDbu0qUQcHoIzPvzJDuJJrxJ1ad04Vgjc55lGz1WJEKmoK2i8u6kLQf6q0eTLJYUG8ZA-zXngtYsUsKYdPQv2fE&sig=Cg0ArKJSzKFX_a48iTEvEAE&cid=CAASF-RoFCS9mUsYrMySdzpl4wFmmvkqP_MF&id=ampim&o=315,1108&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=104&tls=1104&g=100&h=100&tt=1105&r=v&avms=ampa&adk=3121120320
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Jun 2021 05:32:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspva=2; ezouspvh=4
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:06 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:06 UTC
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 06 Jun 2021 05:32:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
45 KB
11 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=520960277548951&correlator=4142230165441614&output=ldjh&impl=fifs&eid=31060988%2C31061161%2C31061371%2C31061200%2C44740386&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210606&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=1&rcs=7&prev_scp=a%3D%257C2%257C%26iid1%3D67501%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D8%26at%3Dbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-67501%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D0%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C20%2C21%2C17%2C20%2C21%2C17%2C19%2C20%2C21%2C17%2C18%2C19%2C20%2C21%2C17%2C18%2C19%2C20%2C21%2C17%2C18%2C19%2C20%2C21%26lb%3D4%26reqt%3D1622957527140%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3Dd6b27a831fc6a196%3AT%3D1622957518%3AS%3DALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw&bc=31&abxe=1&lmt=1622941281&dt=1622957527151&dlt=1622957517359&idt=592&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=640&adks=3214824028&ucis=j&ifi=19&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&ga_vid=1316539072.1622957518&ga_sid=1622957518&ga_hid=2068052959&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
a20a93bc352c08254e08812c31094b508a7c4b08d008e1188ea906e8630792e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:07 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11075
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/
0
65 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzk3MCw5MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5OTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzk3MCw5MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5OTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk5MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspva=2; ezouspvh=4
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:07 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:07 UTC
amp4ads-v0.mjs
cdn.ampproject.org/rtv/022105242203000/ Frame 5EE4
191 KB
54 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aac6884cfa8c9515797c7291c7f5ad73ea968306017387e028dbc5089e027ee2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376210
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55209
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"7da48f12e8acf6ff"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/022105242203000/v0/ Frame 5EE4
12 KB
4 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376210
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4568
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"b435c2fa80137a0e"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/022105242203000/v0/ Frame 5EE4
87 KB
27 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376210
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27371
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"6687a81702b10306"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/022105242203000/v0/ Frame 5EE4
4 KB
2 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376210
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1521
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5a9e085610d63d0a"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/022105242203000/v0/ Frame 5EE4
41 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/022105242203000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
376210
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13132
x-xss-protection
0
server
sffe
date
Tue, 01 Jun 2021 21:01:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"1bd5431ac5ac76b7"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Jun 2022 21:01:57 GMT
css
fonts.googleapis.com/ Frame 5EE4
7 KB
741 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500|Roboto:300&lang=de
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
37d29979cc13eac68ee8339830a9685021bdb74db368b1a9bb0be3db71818d63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 06 Jun 2021 05:32:05 GMT
server
ESF
date
Sun, 06 Jun 2021 05:32:07 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 06 Jun 2021 05:32:07 GMT
css
fonts.googleapis.com/ Frame 5EE4
5 KB
688 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&text=
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
83e1fc06d61560e19649771db56bc018fc7fdb56e98f3a9f74505230a8f35060
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 06 Jun 2021 03:36:29 GMT
server
ESF
date
Sun, 06 Jun 2021 05:32:07 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 06 Jun 2021 05:32:07 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5EE4
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 05 Jun 2021 06:09:32 GMT
x-content-type-options
nosniff
server
cafe
age
84155
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Sun, 06 Jun 2021 06:09:32 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5EE4
295 B
323 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 05 Jun 2021 20:37:24 GMT
x-content-type-options
nosniff
server
cafe
age
32083
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Sun, 06 Jun 2021 20:37:24 GMT
truncated
/ Frame 5EE4
217 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6b7f4f0b93f8b32f1e0f74d544b3c2c8c2f909ad691d60399dd91a36c34d7b24

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
adview
securepubads.g.doubleclick.net/pagead/ Frame 5EE4
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CcLit1128YO2zDJzO7_UP3deeONCrj4VjmJPlqdANuM2BzNwTEAEg9PnGJWCV-vCBjAegAcjk14oDyAEGqQKljNEhqGm0PuACAKgDAcgDCqoE4wFP0Nk1W-7GeHw2yDrFmkjZGtwoO2oq7VbTiSM4ld8dd_lnqSATGuuipg5HdI-grh4RpZqxwPv0H88JGNKk0V56cGC1tzPdF5ipqZrUoTmpn_MjBbX9ZCA-fWNuzCk39llz9ECP7K4wIZyVxkH-nLssd-AnhbBnm8p-feqvPfCvFz8H3qIVNvGv1Psftl91YQEnQ6mJC_5UhuAgAnG7lGFEykjfYI3RzCPXTfXdevCAubaCEP2QVQjY1j5tnj7h48sPVpcTqs-uL1til4f6RptPGja4TJYWRxRRZKPGDuuGd2-d_sAErbWc8q0D4AQBkgUECAQYAZIFBAgFGASgBjeAB6CbqHWoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwMQ8C7SCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgPICwHYEw2IFAHQFQGYFgGAFwGyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=dywZkV3sUiQ&template_id=492
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

/
track.seadform.net/adfserve/ Frame 5EE4
35 B
304 B
Image
General
Full URL
https://track.seadform.net/adfserve/?bn=44373739;1x1inv=1;srctype=3;ord=3350949261
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Jun 2021 05:32:07 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
expires
-1
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjgifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6Inplcm8ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMDQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzUwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjQ4MTc3MzU0MjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjgifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6Inplcm8ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMDQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzUwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjQ4MTc3MzU0MjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspvh=4; ezouspva=3
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:07 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:07 UTC
4817735420
g.ezoic.net/dac/
0
40 B
XHR
General
Full URL
https://g.ezoic.net/dac/4817735420
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 06 Jun 2021 05:32:07 GMT
cache-control
max-age=3600, public
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0wNiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjcifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0wNiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjcifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspvh=4; ezouspva=3
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:07 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:07 UTC
army.gif
returnsandrefund.com/porpoiseant/
0
19 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYXVjdGlvbl9lcG9jaCI6MTYyMjk1NzUyOCwiYWRfcG9zaXRpb24iOjExMDEsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6NjUwLCJiaWRfZmxvb3JfcHJldiI6NCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6OCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6Mzc4LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYXVjdGlvbl9lcG9jaCI6MTYyMjk1NzUyOCwiYWRfcG9zaXRpb24iOjExMDEsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6NjUwLCJiaWRfZmxvb3JfcHJldiI6NCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6OCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6Mzc4LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod1; active_template::200400=pub_site.1622957516; ezopvc_200400=1; ezepvv=0; ezovid_200400=1006240796; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622957517; ezovuuid_200400=6a1b409c-18e3-4ea1-41af-2204f86b425a; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=d9ae1bd24009438980cda398a3cd51b2; _ga=GA1.2.1316539072.1622957518; _gid=GA1.2.1926124316.1622957518; _gat_gtag_UA_150748452_1=1; __qca=P0-1743529864-1622957518113; ezux_lpl_200400=1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false; __gads=ID=d6b27a831fc6a196:T=1622957518:S=ALNI_MbBNcgmx6kG4ykzhrIMftqBOSORSw; ezouspvv=4; ezouspvh=4; ezouspva=3
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:07 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:07 UTC
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 5EE4
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500|Roboto:300&lang=de
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 08:33:34 GMT
x-content-type-options
nosniff
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
age
421113
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
expires
Wed, 01 Jun 2022 08:33:34 GMT
jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 5EE4
44 KB
44 KB
Font
General
Full URL
https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500|Roboto:300&lang=de
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://returnsandrefund.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 04:11:59 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:20 GMT
server
sffe
age
436808
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45416
x-xss-protection
0
expires
Wed, 01 Jun 2022 04:11:59 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 5EE4
42 B
501 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuqQ6Ky5uB93FsM0PvFVeer-CYrZ0kkOjA1amJ-g3s1ZJ2gtt0r_Dbifkazz16Zh014YLPpON8KIvYCtHS-KF9hdRzAzcoDzhAr3vlMBf3uMZcNhYowYvOU4bF62g&sai=AMfl-YTiXTM7KLnQrJJtMo0xQAJdtYn9tFOwmUW_gjVM-Xuee25iOt1pTbWnhDBOeP7sJ3SxujREm3mBqzCqOgztCwUZ3yHHqtAF8DcvZodTQZ35WIdvSlo0_zAd1wCQ&sig=Cg0ArKJSzLCwxLlROmFLEAE&cid=CAASF-RoIHtCNwnIXHZWM5kYzGmJnvIGqkdK&id=ampim&o=345,640&d=580,400&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=38&tls=1039&g=100&h=100&tt=1039&r=v&avms=ampa&adk=3214824028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Jun 2021 05:32:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/
0
42 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:08 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:07 UTC
army.gif
returnsandrefund.com/porpoiseant/
0
65 B
XHR
General
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNTgwLDQwMF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzUwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc1MDEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjk1NzUxNiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNDQ2NzhkMzQtZGVjZS00OWNiLTdlNzMtODc0MTAxNWY0NDhmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNTgwLDQwMF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NTAxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI5NTc1MTYsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjQ0Njc4ZDM0LWRlY2UtNDljYi03ZTczLTg3NDEwMTVmNDQ4ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzUwMSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjIyOTU3NTE2LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI0NDY3OGQzNC1kZWNlLTQ5Y2ItN2U3My04NzQxMDE1ZjQ0OGYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 06 Jun 2021 05:32:09 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Sat, 05 Jun 2021 05:32:08 UTC

Verdicts & Comments Add Verdict or Comment

230 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| __ez string| __sellerid object| __banger_pmp_deals object| _ebcids number| ezobv function| ez_isclean object| ezSlotKVStore function| ezSetSlotTargeting function| ezGetSlotById object| ez_queue function| sort_queue function| execute_ez_queue function| ez_write_tag function| in_array object| ezrpos undefined| ez_current_interval number| ez_current_load function| __ez_fad_load boolean| __ez_fad_floatshowd function| __ez_fad_floatshow object| __ez_fad_initslot object| __ez_fad_fastd object| __ez_fad_fastdiv object| __ez_fad_fastslots object| __ez_fad_viewslots object| __ez_fad_instaslots object| ezslit_run object| __ez_fad_divs object| __ez_fad_divsd number| __ez_fad_vw number| __ez_fad_vh function| __ez_fad_invisible function| __ez_fad_position function| __ez_fad_fast function| __ez_fad_csnt boolean| __ez_fad_haspo function| __ez_fad_rdy function| __ez_fad_docht function| __ez_fad_vpht number| __ez_fad_doc_ht number| __ez_fad_vp_ht boolean| __ez_fad_hascp object| ez_ad_units object| ezslots object| ezsrqt object| __ez_fad_divpos object| ezorbf boolean| isEZABL number| ezmadspc boolean| ezoViewCheck boolean| ezDisableInitialLoad object| googletag object| ezoibfh object| ezaxmns object| ezaucmns object| __ez_fad_floating boolean| __ez_fad_gptd boolean| __ez_fad_ezpbinitd function| __ez_fad_gpt function| __ez_fad_pb function| ezogetbrkey boolean| ezoll string| ezoadxnc string| ezoadhb function| ezorefgsl boolean| ezoicTestActive object| _ezaq object| _ezim_d object| _ezat object| ggeac object| google_js_reporting_queue string| ezoScriptHost object| IL11ILILIIlLLLILILLLLIILLLIIL11111LLILiiLIliLlILlLiiLLIiILL object| ezomash function| ezbanger function| ezvb function| ezsr function| ezosethbbids function| ezoSyncToDfp function| ezoGetDFPSlot undefined| $ function| jQuery function| gtag object| dataLayer function| loadCSS object| cookieconsent_options boolean| hasCookieConsent string| ezouid string| ezoTemplate string| ezoFormfactor object| ezo_elements_to_check string| soc_app_id number| did string| ezdomain number| ezoicSearchable function| __ez_ezosuigenerisEvt function| create_ezolpl function| attach_ezolpl string| _audins_dom number| _audins_did object| google_tag_manager number| _ez_fad_vw object| google_tag_data string| GoogleAnalyticsObject function| ga function| ezocfol number| netStartTime function| hashCode function| ezogetrqbykey function| ezorqs function| ezorqe function| _fEzDt function| ez_attachEvent function| ez_attachEventWithCapture function| ez_detachEvent function| ez_getQueryString function| __ezDotData object| ezux object| ct object| ezdent object| ezDenty object| ezmt object| ezua object| ezuxgoals function| _ez_TOS_TrackEvent object| _qevents object| vitalsFired object| metricNameMap function| ezlogVital function| ES6Promise function| EzoIvent function| _findOverlappingQuietPeriods function| _findNetworkQuietPeriods function| ezoFetchConst object| _ezfd object| riveted number| indexKey number| ez_tos_track_count number| ez_last_activity_count object| webVitals function| ezoChar function| ezoCharSize function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| wpcf7 boolean| ez_uwa_detect function| __ez_fad_ezpbinit object| epbjs boolean| __enableAnalytics object| __s2sbidders function| __ez_tkn_evnt function| __ez_fad_scroll number| __ez_fad_scrollint function| __ez_fad_chkpos object| ezslot_0 object| ezslot_4 number| i3 object| googleToken object| googleIMState function| processGoogleToken number| __google_ad_urls_id number| google_unique_id object| gaGlobal object| ezRBA function| __ez_addAllListeners undefined| __ez_dims string| ezosuigeneris function| __ez_func_ezosuigeneris object| ezslot_1 object| gaplugins object| gaData function| quantserve function| __qc object| ezt object| _qoptions function| qtrack function| epbjsRequestAdUnits function| epbjsRefreshSlot object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill string| pubcidCookie function| ga_skiplinks object| wp object| jQuery1124007893752014293676 number| ezodomstart number| ezoIint function| uglipop function| update_cookieconsent_options object| perf_vals string| token boolean| ezowwinit object| GoogleGcLKhOms object| google_image_requests string| slot_key object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired object| ampInaboxIframes object| ampInaboxPendingMessages number| ezouspvv string| slotElName number| bid_val function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| slots string| slot

21 Cookies

Domain/Path Name / Value
.returnsandrefund.com/ Name: __qca
Value: P0-1743529864-1622957518113
.returnsandrefund.com/ Name: _gid
Value: GA1.2.1926124316.1622957518
.returnsandrefund.com/ Name: _gat_gtag_UA_150748452_1
Value: 1
.returnsandrefund.com/ Name: _ga
Value: GA1.2.1316539072.1622957518
.returnsandrefund.com/ Name: ezosuigeneris
Value: d9ae1bd24009438980cda398a3cd51b2
returnsandrefund.com/ Name: ezouspva
Value: 0
.returnsandrefund.com/ Name: ezCMPCCS
Value: true
returnsandrefund.com/ Name: ezohw
Value: w%3D1600%2Ch%3D1200
.returnsandrefund.com/ Name: ezovuuid_200400
Value: 6a1b409c-18e3-4ea1-41af-2204f86b425a
returnsandrefund.com/ Name: ezouspvv
Value: 0
.returnsandrefund.com/ Name: lp_200400
Value: https://returnsandrefund.com/
.returnsandrefund.com/ Name: ezovuuidtime_200400
Value: 1622957517
.returnsandrefund.com/ Name: ezovid_200400
Value: 1006240796
.returnsandrefund.com/ Name: ezepvv
Value: 0
.returnsandrefund.com/ Name: ezoref_200400
Value:
returnsandrefund.com/ Name: ezux_lpl_200400
Value: 1622957518214|44678d34-dece-49cb-7e73-8741015f448f|false
.returnsandrefund.com/ Name: ezoadgid_200400
Value: -1
.returnsandrefund.com/ Name: active_template::200400
Value: pub_site.1622957516
returnsandrefund.com/ Name: ezds
Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
.returnsandrefund.com/ Name: ezopvc_200400
Value: 1
.returnsandrefund.com/ Name: ezoab_200400
Value: mod1

2 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/rtv/022105242203000/amp4ads-v0.mjs(Line 17)
Message:
Powered by AMP ⚡ HTML – Version 2105242203000 https://returnsandrefund.com/
console-api info URL: https://cdn.ampproject.org/rtv/022105242203000/amp4ads-v0.mjs(Line 17)
Message:
Powered by AMP ⚡ HTML – Version 2105242203000 https://returnsandrefund.com/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
bf8ffdaf36f6787698f2d330e32e590a.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.returnsandrefund.com
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
go.ezodn.com
go.ezoic.net
googleads.g.doubleclick.net
pagead2.googlesyndication.com
pixel.quantserve.com
returnsandrefund.com
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
track.seadform.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
142.250.181.226
18.156.95.187
2600:9000:2050:9a00:6:44e3:f8c0:93a1
2600:9000:2156:b200:2:cb38:840:93a1
2606:4700:3031::ac43:cfee
2606:4700:3032::ac43:b890
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:800::2001
2a00:1450:4001:802::200a
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:827::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:831::2001
2a00:1450:4001:831::200e
3.126.196.163
37.157.2.238
06a2e960a80418f12894979360e01197143b7a075d030e274da6485fb58b8c60
08d98e9b304ce94b907cd49a21ae8c76ed6b5a3628ad5fd5f898b951530bcb49
08ea8b5f827ea4d281efb2b160528f1f3c42ee6a3293effd59b371a92915acbc
0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd
0cd810c7b0062ca026e5f21f80ff89d6f08e1a6736c7601c34bf2b640d664e96
0cf75919452a4adf80337eca213166aa09b6c3a7ec848e45b4b0c84eb4f8959e
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
1699160349f58f6de31833ab95b03ce6f1f5f9330ae1a869f913c9a62655db01
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c5563da3d1d8ffdd50815ecffd1c8549c4c8828429322f53effb7fe69814a0d
1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5
26b82e21c9dff2974e24344d3bf54b78abf922b8c3d9834b11e2aaed3c39b312
27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c
2a1114cab8def8caeb8ae86e73cb6a741765fb866e592f5ffc00833ea495c609
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8
35da4dabdaa15b95e66185636e21015e65bea2d9fa7a12ddbe3621ede9cddf6c
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37d29979cc13eac68ee8339830a9685021bdb74db368b1a9bb0be3db71818d63
3f048e73e39dfe007152d73f23869d3645ebb5ad4083e0261a5d00b77492ce63
449d166c02646b8abfd5232406fca903993c73c2543df26975350fcbf5520cd7
44ae8aad1266affebb54f57f25725c17ca8a361a78fc81db4300a81825eb5e67
457f55ea0c6f05fbf9093f1535e1da2c627530ddbeb46c27a0fb8aef5b7e2805
475f9d1edc6601cbf2243cb11d8a432d3fe7be7df925754666ea2dd37f6eafa9
480caf8d247b71c562b2f2e63c824fbcc81d5b07861a752c4db9ff270bb16e2e
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d3b1e91595e00d961f95eee4229b527cb8790f1e5718734ea0c85ffb69471cd
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
60cdd64c829852e56698dace8891bea16ba613b0214284ae8176c9c63df0752f
64b8782e8d1d8de1437de5f46d9d4420dd0b575d2e16565ca4dcfe0ab415ef55
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b7f4f0b93f8b32f1e0f74d544b3c2c8c2f909ad691d60399dd91a36c34d7b24
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb
7c59c652a003409806d0ca1e915e9566967b6420799707f22cc33a5f51fd4b49
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83e1fc06d61560e19649771db56bc018fc7fdb56e98f3a9f74505230a8f35060
894a45bbc96d2e63c15ab9aa4697ca26dd3de90bfc0737b61072ab0137b33d6a
8c63493b034323da08e44455885820239e72b10f9fb8b857e8313008f4d6fac5
8e424541604f9439f054eb9e4e78925da8c4d2a77985f642f9f4b5f025424d48
94668b5fc8de8571014fff7e5de47ee33de11122a9956fec7be3a6f19e97096b
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
99155f31d46dc469aa872ce824309fae9210fb9357f463b889d617b85b35eb61
99a7ba6e3316eee5e9bc8b0fad11c8499e1b33f59207d74753400ce0bd806a71
9aac4c67c9788d16beabfe54c41a94f4b264e430e8ae63981431e61f16817adf
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
9f762334ff28e79eb7547f6ddb109583d35e0ea3600b71406ca233fb57c12458
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a20a93bc352c08254e08812c31094b508a7c4b08d008e1188ea906e8630792e2
a40c61bbb1a306009c379e04ae25fe0a82046c826e8cbe4b8470bd00c8159958
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a965454ed27194420a23bd494e396653825da3850d9d9258d6464dd5e4f26bfc
a98ca727ff8dca005e93dc2bc7baa535eb80e79d7e364224bfd9bde4d4c644ce
aac6884cfa8c9515797c7291c7f5ad73ea968306017387e028dbc5089e027ee2
ac653397748289472585c3b084c0b503bcea3752bc7841f08bce48fdff759639
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb
b04c10e9ef56b9200c56cc5141fe6d712ec85a8d90c0fe5b98fbf9ebe2873cc0
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
ba7f99f1d0f355953dd64b21364e4d4a0a1204899835824e8bb046a0d8308b69
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bc470576f8f1b4bf3993e1f983f1911aa8a5b0bd08f15e3916baa14714c39275
c05d670361e9e7d920db167399fba87849afa812e21c293ae57a31e040e7113b
c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c63c08ec376a1c99ee774ecbd488d3c33396ea42f8ad0e984179916a2e252849
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cd870328bbc2282c5e50f5e8e2e6c08298dd89447ee8c16e3364947b1e4aaff6
d0b3850a417ef733c6acaff02a3311c7ce9a5b7ee55d2cd76d8c7f1f661bcb20
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3
d7743c2b67adc72c4a4a986b5590704c5a9ced6d9a08cd7fd7ab6d499153e237
dcdaf3bb08b6848452143b1ee870372ab0cd2032f3486773f7a9b91f566fb07c
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd7e0f21fb756e7baf6c321c6a895710711a7dca6afa20ac2c7fc1f49ba401e9
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaddb32d5418af7cc9355d1f77cea3566b5c015f79ca177fd95a0996285e8adf
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efca4b1d7c19af67aa04f4a6ef3f9db4c8d3bea417a00240009db7ed26280080
f057e9f5ac1826093729b41efb5f67e4872c99e36f6fda5932b22b4b2eff5aa8
f4ecce62a254717c7a9b2107c356c7c874eb36725c9cbc4280f7ffc8dfb06509
f56e66335810aad9fcba20cac463534cbb027523624e76f54398c43db34102c3
fcdd96fb7a2908cdd4c0863b2e84226f689682913e9f2ab18822e4b4c88d8041