urlscan.io logo urlscan.io
SecurityTrails logo

reurl.cc Open in urlscan Pro
35.185.130.121  Public Scan

Go To Rescan Add Verdict Report
URL: https://reurl.cc/XV1QXD
Submission: On October 14 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 66 IPs in 11 countries across 49 domains to perform 442 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 254108.
TLS certificate: Issued by R3 on September 23rd 2022. Valid for: 3 months.
This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 35.185.130.121 396982 (GOOGLE-CL...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
38 203.75.214.136 3462 (HINET Dat...)
2 35.186.215.140 15169 (GOOGLE)
15 18.64.119.38 16509 (AMAZON-02)
40 2600:9000:225... 16509 (AMAZON-02)
32 2a03:2880:f02... 32934 (FACEBOOK)
7 2a03:2880:f12... 32934 (FACEBOOK)
1 35.244.196.223 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
4 210.59.219.180 3462 (HINET Dat...)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
2 34.95.67.231 396982 (GOOGLE-CL...)
1 6 35.201.76.93 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
5 2600:9000:225... 16509 (AMAZON-02)
7 52.198.19.32 16509 (AMAZON-02)
8 2a02:2638::3 44788 (ASN-CRITE...)
1 87.248.100.136 34010 (YAHOO-IRD)
1 2a00:1288:110... 34010 (YAHOO-IRD)
1 2a00:1450:400... 15169 (GOOGLE)
1 35.242.224.42 396982 (GOOGLE-CL...)
2 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 192.0.78.135 2635 (AUTOMATTIC)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.102.176.152 396982 (GOOGLE-CL...)
1 192.0.77.2 2635 (AUTOMATTIC)
1 192.0.78.187 2635 (AUTOMATTIC)
7 103.132.192.30 138552 (RTBHOUSE-...)
8 16 34.96.119.68 396982 (GOOGLE-CL...)
8 8 172.105.199.172 63949 (LINODE-AP...)
7 210.59.219.181 3462 (HINET Dat...)
7 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
12 178.250.2.131 44788 (ASN-CRITE...)
10 162.210.196.208 30633 (LEASEWEB-...)
5 34.117.219.39 396982 (GOOGLE-CL...)
12 31 142.250.184.226 15169 (GOOGLE)
2 35.227.249.156 15169 (GOOGLE)
8 16 2a02:2638::1c 44788 (ASN-CRITE...)
10 178.250.0.157 44788 (ASN-CRITE...)
2 210.59.219.175 3462 (HINET Dat...)
2 6 23.203.77.3 16625 (AKAMAI-AS)
1 3 69.173.144.138 26667 (RUBICONPR...)
2 4 192.96.200.41 30633 (LEASEWEB-...)
6 2606:4700:20:... 13335 (CLOUDFLAR...)
1 69.173.158.64 26667 (RUBICONPR...)
7 2a00:1450:400... 15169 (GOOGLE)
38 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
22 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 5 185.80.39.216 27381 (CASALE-MEDIA)
3 4 185.89.211.132 29990 (ASN-APPNEX)
40 2a00:1450:400... 15169 (GOOGLE)
4 172.217.23.98 15169 (GOOGLE)
1 2 2001:678:cb4:... 56396 (AMOBEE)
1 1 2a05:d018:d29... 16509 (AMAZON-02)
2 2 104.18.19.126 13335 (CLOUDFLAR...)
2 2 216.52.2.48 32475 (SINGLEHOP...)
1 1 2600:9000:225... 16509 (AMAZON-02)
1 4 104.75.89.75 16625 (AKAMAI-AS)
2 2 3.120.86.7 16509 (AMAZON-02)
2 35.244.159.8 15169 (GOOGLE)
1 2a02:fa8:8806... ()
1 1 185.29.132.245 ()
2 2 213.155.156.184 ()
1 35.186.253.211 ()
2 2 13.248.245.213 ()
1 2607:f8b0:400... ()
442 66
6    35.185.130.121 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com
reurl.cc
2    2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
38    203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net
t.ssp.hinet.net
55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net
fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net
2    35.186.215.140 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 140.215.186.35.bc.googleusercontent.com
ad.sitemaji.com
15    18.64.119.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-119-38.txl50.r.cloudfront.net
img.scupio.com
40    2600:9000:2250:600:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.holmesmind.com
32    2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
static.xx.fbcdn.net
scontent.xx.fbcdn.net
7    2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    35.244.196.223 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 223.196.244.35.bc.googleusercontent.com
storage.re-news.tw
3    2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    210.59.219.180 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
bw.scupio.com
1    2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
2    34.95.67.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.67.95.34.bc.googleusercontent.com
fcm.holmesmind.com
6    35.201.76.93 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 93.76.201.35.bc.googleusercontent.com
c.holmesmind.com
2    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
5    2600:9000:2250:9200:3:1794:2540:93a1 (United States)

ASN16509 (AMAZON-02, US)
adcdn.holmesmind.com
7    52.198.19.32 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-198-19-32.ap-northeast-1.compute.amazonaws.com
ad.holmesmind.com
8    2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    87.248.100.136 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: o1.ycpi.vip.ir2.yahoo.com
ads.yap.yahoo.com
1    2a00:1288:110:c204::b000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)
geo.yahoo.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    35.242.224.42 (Frankfurt am Main, Germany)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 42.224.242.35.bc.googleusercontent.com
www.rayskyinvest.com
2    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
img.racingcharger.tw
img.gbyhn.com.tw
1    192.0.78.135 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
creditcards.com.tw
1    2606:4700::6810:fd04 (United States)

ASN13335 (CLOUDFLARENET, US)
mma.prnasia.com
1    34.102.176.152 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 152.176.102.34.bc.googleusercontent.com
static.wixstatic.com
1    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com
i0.wp.com
1    192.0.78.187 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
blog.alphaloan.co
7    103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net
prebid-asia.creativecdn.com
16    34.96.119.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.119.96.34.bc.googleusercontent.com
ad2.apx.appier.net
8    172.105.199.172 (Tokyo, Japan)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1853-172.members.linode.com
gocm.c.appier.net
7    210.59.219.181 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
prebid.scupio.com
7    2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
12    178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com
bidder.criteo.com
10    162.210.196.208 (Rockville, United States)

ASN30633 (LEASEWEB-USA-WDC, US)
hb.aralego.com
sync.aralego.com
5    34.117.219.39 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 39.219.117.34.bc.googleusercontent.com
fp.holmesmind.com
31    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
cm.g.doubleclick.net
googleads.g.doubleclick.net
2    35.227.249.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.249.227.35.bc.googleusercontent.com
m.holmesmind.com
16    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
10    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
2    210.59.219.175 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
rec.scupio.com
6    23.203.77.3 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-203-77-3.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
eus.rubiconproject.com
3    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
pixel.rubiconproject.com
4    192.96.200.41 (Gaithersburg, United States)

ASN30633 (LEASEWEB-USA-WDC, US)
ads.aralego.com
6    2606:4700:20::681a:567 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.aralego.net
1    69.173.158.64 (Singapore, Singapore)

ASN26667 (RUBICONPROJECT, US)
pixel-apac.rubiconproject.com
7    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
38    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
4    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
2    2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
56e67421b456b8d3b999a2ace679ba12.safeframe.googlesyndication.com
1a2e2cd544940899bd7f4b34a5538995.safeframe.googlesyndication.com
2    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
2    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
22    2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
5    185.80.39.216 (Canada)

ASN27381 (CASALE-MEDIA, CA)
dsum-sec.casalemedia.com
4    185.89.211.132 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
40    2a00:1450:4001:829::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
4    172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net
googleads4.g.doubleclick.net
2    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
r.turn.com
1    2a05:d018:d29:3602:870a:9263:699a:3d34 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
2    104.18.19.126 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
2    216.52.2.48 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ap.lijit.com
1    2600:9000:225f:9600:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.ad.smaato.net
4    104.75.89.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com
sync.teads.tv
2    3.120.86.7 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-86-7.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
1    2a02:fa8:8806:12::1370 (None, )

ASN- ()
dclk-match.dotomi.com
1    185.29.132.245 (None, )

ASN- ()
sync.mathtag.com
2    213.155.156.184 (None, )

ASN- ()
d5p.de17a.com
1    35.186.253.211 (None, )

ASN- ()
rtb.openx.net
2    13.248.245.213 (None, )

ASN- ()
eb2.3lift.com
1    2607:f8b0:4001:c14::78 (None, )

ASN- ()
csi.gstatic.com
Apex Domain
Subdomains		 Transfer
67 holmesmind.com
cdn.holmesmind.com — Cisco Umbrella Rank: 131737
fcm.holmesmind.com — Cisco Umbrella Rank: 143686
c.holmesmind.com — Cisco Umbrella Rank: 104067
adcdn.holmesmind.com — Cisco Umbrella Rank: 132436
ad.holmesmind.com — Cisco Umbrella Rank: 93703
fp.holmesmind.com — Cisco Umbrella Rank: 132976
m.holmesmind.com — Cisco Umbrella Rank: 256990
225 KB
62 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 104
56e67421b456b8d3b999a2ace679ba12.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 147
1a2e2cd544940899bd7f4b34a5538995.safeframe.googlesyndication.com
645 KB
43 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
cm.g.doubleclick.net — Cisco Umbrella Rank: 215
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 188
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 317
428 KB
40 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 273
605 KB
38 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 763
gum.criteo.com — Cisco Umbrella Rank: 425
mug.criteo.com — Cisco Umbrella Rank: 2786
49 KB
38 hinet.net
t.ssp.hinet.net — Cisco Umbrella Rank: 84153
55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net
fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net
29 KB
30 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 713
scontent.xx.fbcdn.net — Cisco Umbrella Rank: 420
574 KB
28 scupio.com
img.scupio.com — Cisco Umbrella Rank: 85081
bw.scupio.com — Cisco Umbrella Rank: 139779
prebid.scupio.com — Cisco Umbrella Rank: 71395
rec.scupio.com — Cisco Umbrella Rank: 148275
355 KB
24 appier.net
ad2.apx.appier.net — Cisco Umbrella Rank: 40512
gocm.c.appier.net — Cisco Umbrella Rank: 2273
3 KB
14 aralego.com
hb.aralego.com — Cisco Umbrella Rank: 18600
sync.aralego.com — Cisco Umbrella Rank: 2910
ads.aralego.com — Cisco Umbrella Rank: 28151
6 KB
11 google.com
www.google.com — Cisco Umbrella Rank: 2
adservice.google.com — Cisco Umbrella Rank: 78
3 KB
10 rubiconproject.com
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 929
eus.rubiconproject.com — Cisco Umbrella Rank: 596
token.rubiconproject.com — Cisco Umbrella Rank: 682
pixel-apac.rubiconproject.com — Cisco Umbrella Rank: 32248
pixel.rubiconproject.com
22 KB
8 criteo.net
static.criteo.net — Cisco Umbrella Rank: 680
272 KB
7 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 542
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 439
6 KB
7 creativecdn.com
prebid-asia.creativecdn.com — Cisco Umbrella Rank: 18573
1 KB
7 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
30 KB
6 aralego.net
cdn.aralego.net — Cisco Umbrella Rank: 8566
90 KB
6 reurl.cc
reurl.cc — Cisco Umbrella Rank: 254108
6 KB
4 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 1137
803 B
4 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 232
4 KB
4 google.de
www.google.de — Cisco Umbrella Rank: 6045
adservice.google.de — Cisco Umbrella Rank: 8724
2 KB
3 openx.net
us-u.openx.net — Cisco Umbrella Rank: 409
rtb.openx.net
716 B
3 yahoo.com
ads.yap.yahoo.com — Cisco Umbrella Rank: 9524
geo.yahoo.com — Cisco Umbrella Rank: 1432
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 426
2 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
20 KB
2 3lift.com
eb2.3lift.com
948 B
2 de17a.com
d5p.de17a.com
643 B
2 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 303
2 KB
2 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 599
1 KB
2 turn.com
ad.turn.com — Cisco Umbrella Rank: 766
r.turn.com — Cisco Umbrella Rank: 3362
869 B
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 193
93 KB
2 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 888
747 B
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 306
67 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
34 KB
2 sitemaji.com
ad.sitemaji.com — Cisco Umbrella Rank: 101776
11 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 394
57 KB
1 gstatic.com
csi.gstatic.com
327 B
1 mathtag.com
sync.mathtag.com
860 B
1 dotomi.com
dclk-match.dotomi.com
104 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 717
442 B
1 alphaloan.co
blog.alphaloan.co
133 KB
1 wp.com
i0.wp.com — Cisco Umbrella Rank: 2976
360 KB
1 wixstatic.com
static.wixstatic.com — Cisco Umbrella Rank: 5285
1 MB
1 gbyhn.com.tw
img.gbyhn.com.tw
100 KB
1 prnasia.com
mma.prnasia.com — Cisco Umbrella Rank: 469914
31 KB
1 creditcards.com.tw
creditcards.com.tw
58 KB
1 racingcharger.tw
img.racingcharger.tw
435 KB
1 rayskyinvest.com
www.rayskyinvest.com
61 KB
1 yimg.com
s.yimg.com — Cisco Umbrella Rank: 494
30 KB
1 re-news.tw
storage.re-news.tw
7 KB
442 49
Domain Requested by
40 s0.2mdn.net reurl.cc
s0.2mdn.net
40 cdn.holmesmind.com reurl.cc
cdn.holmesmind.com
ad.holmesmind.com
38 pagead2.googlesyndication.com ads.aralego.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
reurl.cc
googleads.g.doubleclick.net
s0.2mdn.net
www.googletagservices.com
30 t.ssp.hinet.net reurl.cc
cdn.holmesmind.com
t.ssp.hinet.net
28 static.xx.fbcdn.net www.facebook.com
static.xx.fbcdn.net
25 cm.g.doubleclick.net 12 redirects googleads.g.doubleclick.net
22 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
reurl.cc
googleads.g.doubleclick.net
s0.2mdn.net
pagead2.googlesyndication.com
16 gum.criteo.com 8 redirects static.criteo.net
16 ad2.apx.appier.net 8 redirects reurl.cc
15 img.scupio.com reurl.cc
img.scupio.com
12 bidder.criteo.com static.criteo.net
img.scupio.com
10 mug.criteo.com reurl.cc
8 sync.aralego.com img.scupio.com
ads.aralego.com
reurl.cc
8 gocm.c.appier.net 8 redirects
8 static.criteo.net cdn.holmesmind.com
img.scupio.com
static.criteo.net
7 securepubads.g.doubleclick.net cdn.aralego.net
securepubads.g.doubleclick.net
googleads.g.doubleclick.net
7 www.google.com reurl.cc
tpc.googlesyndication.com
googleads.g.doubleclick.net
7 prebid.scupio.com cdn.holmesmind.com
img.scupio.com
7 prebid-asia.creativecdn.com cdn.holmesmind.com
img.scupio.com
7 ad.holmesmind.com cdn.holmesmind.com
img.scupio.com
7 www.facebook.com reurl.cc
static.xx.fbcdn.net
img.scupio.com
6 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
6 cdn.aralego.net reurl.cc
ads.aralego.com
6 c.holmesmind.com 1 redirects cdn.holmesmind.com
reurl.cc
img.scupio.com
6 reurl.cc reurl.cc
5 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
5 fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net reurl.cc
cdn.holmesmind.com
t.ssp.hinet.net
5 fp.holmesmind.com cdn.holmesmind.com
5 adcdn.holmesmind.com cdn.holmesmind.com
4 sync.teads.tv 1 redirects googleads.g.doubleclick.net
4 googleads4.g.doubleclick.net reurl.cc
4 ib.adnxs.com 3 redirects googleads.g.doubleclick.net
4 adservice.google.com securepubads.g.doubleclick.net
pagead2.googlesyndication.com
4 ads.aralego.com 2 redirects ads.aralego.com
4 eus.rubiconproject.com reurl.cc
eus.rubiconproject.com
4 bw.scupio.com img.scupio.com
ajax.googleapis.com
3 adservice.google.de securepubads.g.doubleclick.net
pagead2.googlesyndication.com
3 55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net reurl.cc
t.ssp.hinet.net
3 www.google-analytics.com reurl.cc
www.google-analytics.com
2 eb2.3lift.com 2 redirects
2 d5p.de17a.com 2 redirects
2 us-u.openx.net googleads.g.doubleclick.net
2 x.bidswitch.net 2 redirects
2 ap.lijit.com 2 redirects
2 ssum-sec.casalemedia.com 2 redirects
2 www.googletagservices.com googleads.g.doubleclick.net
2 partner.googleadservices.com pagead2.googlesyndication.com
2 token.rubiconproject.com eus.rubiconproject.com
2 secure-assets.rubiconproject.com 2 redirects
2 rec.scupio.com img.scupio.com
2 m.holmesmind.com cdn.holmesmind.com
2 hb.aralego.com img.scupio.com
2 ajax.googleapis.com img.scupio.com
2 fcm.holmesmind.com cdn.holmesmind.com
2 scontent.xx.fbcdn.net www.facebook.com
2 connect.facebook.net reurl.cc
connect.facebook.net
2 ad.sitemaji.com reurl.cc
ad.sitemaji.com
2 cdn.jsdelivr.net reurl.cc
1 csi.gstatic.com securepubads.g.doubleclick.net
1 pixel.rubiconproject.com 1 redirects
1 rtb.openx.net googleads.g.doubleclick.net
1 sync.mathtag.com 1 redirects
1 dclk-match.dotomi.com googleads.g.doubleclick.net
1 s.ad.smaato.net 1 redirects
1 pr-bh.ybp.yahoo.com 1 redirects
1 r.turn.com googleads.g.doubleclick.net
1 ad.turn.com 1 redirects
1 1a2e2cd544940899bd7f4b34a5538995.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 56e67421b456b8d3b999a2ace679ba12.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 pixel-apac.rubiconproject.com eus.rubiconproject.com
1 www.google.de reurl.cc
1 blog.alphaloan.co reurl.cc
1 i0.wp.com reurl.cc
1 static.wixstatic.com reurl.cc
1 img.gbyhn.com.tw reurl.cc
1 mma.prnasia.com reurl.cc
1 creditcards.com.tw reurl.cc
1 img.racingcharger.tw reurl.cc
1 www.rayskyinvest.com reurl.cc
1 stats.g.doubleclick.net www.google-analytics.com
1 geo.yahoo.com reurl.cc
1 ads.yap.yahoo.com s.yimg.com
1 s.yimg.com ad.sitemaji.com
1 storage.re-news.tw reurl.cc
442 84

This site contains links to these domains. Also see Links.

Domain
re-news.tw
youtils.cc
stockinfo.tw
Subject Issuer Validity Valid
reurl.cc
R3		 2022-09-23 -
2022-12-22		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-02 -
2023-06-01		 a year crt.sh
*.t.ssp.hinet.net
 2022-04-14 -
2023-04-14		 a year crt.sh
feebee.com.tw
R3		 2022-08-23 -
2022-11-21		 3 months crt.sh
*.scupio.com
Sectigo RSA Organization Validation Secure Server CA		 2022-09-26 -
2023-10-27		 a year crt.sh
*.holmesmind.com
Go Daddy Secure Certificate Authority - G2		 2022-05-19 -
2023-06-20		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-07-23 -
2022-10-21		 3 months crt.sh
storage.re-news.tw
GTS CA 1D4		 2022-08-26 -
2022-11-24		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.api.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-09-05 -
2022-10-26		 2 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-01 -
2022-11-30		 3 months crt.sh
ui.aps.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-09-05 -
2022-10-26		 2 months crt.sh
yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-07-12 -
2023-01-04		 6 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.rayskyinvest.com
R3		 2022-09-10 -
2022-12-09		 3 months crt.sh
tls.automattic.com
R3		 2022-09-19 -
2022-12-18		 3 months crt.sh
*.prnasia.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-08 -
2022-12-08		 a year crt.sh
*.gbyhn.com.tw
E1		 2022-10-02 -
2022-12-31		 3 months crt.sh
*.wixstatic.com
Sectigo RSA Domain Validation Secure Server CA		 2022-04-30 -
2022-10-27		 6 months crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-11 -
2023-07-12		 a year crt.sh
*.creativecdn.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-17 -
2023-04-12		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-08-27 -
2022-11-22		 3 months crt.sh
*.aralego.com
Sectigo RSA Domain Validation Secure Server CA		 2021-10-21 -
2022-11-20		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-17 -
2023-04-04		 a year crt.sh
*.google.de
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
teads.tv
R3		 2022-08-17 -
2022-11-15		 3 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2022-08-09 -
2023-09-10		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh

This page contains 64 frames:

Primary Page: https://reurl.cc/XV1QXD
Frame ID: D6C8D2B4CE54C9BB5471EF9D26854C6B
Requests: 39 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FCreditCards.com.tw%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId
Frame ID: 380F89883716413E373839156CB52225
Requests: 36 HTTP requests in this frame

Frame: https://ad.sitemaji.com/native/reurl_passback.js?s=728x90_pc
Frame ID: 532BDEF5FC0CDC766109569284B82B3C
Requests: 4 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 4B45F0ACC24C9A446AFA8B95141C6587
Requests: 5 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: C26A43D9EA357F1D83CA37A6D8CD9B5E
Requests: 23 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 2E01D792224E610EF8B23D93B9C498A3
Requests: 12 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: A47207AEBEC90B9CED911F86694C1429
Requests: 20 HTTP requests in this frame

Frame: https://img.scupio.com/html/ad.html?v=1.0.65
Frame ID: E566FF9811480E09D5C110F08F4CC2D2
Requests: 16 HTTP requests in this frame

Frame: https://img.scupio.com/html/ad.html?v=1.0.65
Frame ID: 9F4F49320FE5EC554381516C3AEA35E2
Requests: 16 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 695BFF171A0B8EC9604CE64F35C8AD3E
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Frame ID: B369AD1307771CDA49BF3CE5CBD438C8
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Frame ID: 6211D096D4141204C3ED2A34A4979018
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Frame ID: 02B05AB3462D6476B042ECA296AC6081
Requests: 1 HTTP requests in this frame

Frame: https://img.scupio.com/js/adsbyscupio.js?v=1.0.2
Frame ID: CCD01D6A1AE46A6326BC0A57B66EFBC9
Requests: 2 HTTP requests in this frame

Frame: https://img.scupio.com/js/adsbyscupio.js?v=1.0.2
Frame ID: F09B74B8DB099FC253A8E573E52B86E2
Requests: 2 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/init.js
Frame ID: 2675D9E1DC536D2D17460872F0C51478
Requests: 2 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: E2693BBC22590C1A27500FB988A87DB6
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 5AF38EF2676645F53EDE2F1798FE98C6
Requests: 19 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 55AFDD4D70CE7990ECC12FA5B91ADF9B
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Frame ID: E4CC1051693E17B9F87B47A16FA732D8
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/init.js
Frame ID: 412D90D5A6A0C81B78F0EF4E0BB1B724
Requests: 2 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 01BFBFB2D447154BAD151D951650F096
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: AAE807AADC56DCBDE4031E675090A81F
Requests: 19 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: 45818F7F2E2A9B7D1443882AC667AB44
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: 5E03BEF0F912338053C54ACCF7E88E18
Requests: 2 HTTP requests in this frame

Frame: https://img.scupio.com/html/ls.html
Frame ID: A0F8C329CF183777B96A1BF80160BE05
Requests: 1 HTTP requests in this frame

Frame: https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
Frame ID: FE072B6628651AB2D2B81FB8B4556E31
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Frame ID: BC71CFF5C925E2F61F61FE0B3E0803BB
Requests: 4 HTTP requests in this frame

Frame: https://img.scupio.com/html/ls.html
Frame ID: 6556291B6F6E81305527ED25D1B47143
Requests: 1 HTTP requests in this frame

Frame: https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
Frame ID: 0D9D9F834E0472458701F85A91A926BF
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Frame ID: 51DE78690D98B56B670D26076A26AEA7
Requests: 3 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Frame ID: 2C557605EB14EDD85A582D28E838928E
Requests: 5 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Frame ID: 5703012C54205968CB6289A4096C0919
Requests: 1 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: 9927AEF93F1AE9CBE22C80FB5DE607D2
Requests: 9 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Frame ID: 466FF97DB8CD57C1FF688BAA32DEAF4E
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 6E08DF32248AC7105DC149AC548AA715
Requests: 8 HTTP requests in this frame

Frame: https://56e67421b456b8d3b999a2ace679ba12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Frame ID: 9D55300EB0F994B4C0927CDE5B5C52BB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Frame ID: 915348547101AB195186EED842FDF4B1
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0C77EFB5AFB4E399F2E25322A03E70FB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 05CBBA5A80BB072D7DEC53EF92586FB4
Requests: 2 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: 12F71FA72FC64B4ED581ED8B55623F4A
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 6926B458D248ACFD8DA9AE065DEC8DA2
Requests: 8 HTTP requests in this frame

Frame: https://1a2e2cd544940899bd7f4b34a5538995.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Frame ID: 825F88355CA57E4BDC2F6BB18FFBDFFE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Frame ID: D7E312B605A366A9E37CAE8D188EE565
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNXgKIcfw2guU0pdE829VeANUM2DetqzQJ_rnoxI3cdFggk_ZpR8R8uTwqFOI8ocF41L7FX3V5LqfX-mcblasWYMgmzoOnZ8FJpdpUsKZRtXBPGLHUFIY4JL8YdBcsPUYyjBA-OCWRPNn7QYh_C3SiVMrnvX103tKNrnlTnrdAtm3fqi4UE
Frame ID: BC3466510A2F65AD8CA88B9B03985D5F
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D35AFBCAA5047D0D74CD4559C5AE15CA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AE476FE165E936F0676AEC35194DD2B5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C135806E67AE2C8CA6EB8D2004BAB769
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Frame ID: 8DED2842062BB13778B53B17096D8118
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CB30B76DE40A71927909A5466D30D032
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNUVYV9WnFQZrWMHfOs3SbqX9AHtcdrAv3Q_q4RsRcV7dxLBVAjylzkMItgD_OWoMPk5OC7FwSSrZZ2hGF9ghFuHoGQZXLYKcpB2ETw2x0PcQ-PQBYpB8TuUR-HlULqquZ2aupSULkT3RypSHiSjlXurQAoqMONv6l-uYqYSN4bNq5D9K_A
Frame ID: 18EE18E159C8BF16BF0B98AA6A3270C4
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 21ECB38AF5DECE04E278A8306E278092
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Frame ID: 1E09969DCE9431E237638E93A052F782
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C0F980802DB7D1E8927331E3306943C1
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
Frame ID: AC01990BF1659028E7547645E0066731
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E63364498D51D2EAA787E75D69E6A0BB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 04C45BB28962611211F11B60F8DF7423
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: DABB1B672E26E74192DB95DDF84F8D3D
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
Frame ID: 720E8B56B77FD500AF7D2E18F6852989
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B3111AB394C09884DD4D96FABD576E5D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A503A3E56923143BD29ED7AFB378CFD2
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: 00FDC305FA49DE0A78F42C088792D5A7
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: FAFAD8ABC22B7339D0E8B9FF7BF2F850
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: B7994E2201B0718796EEDEE641993C7C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ING

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/vue(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • /prebid\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

442
Requests

90 %
HTTPS

43 %
IPv6

49
Domains

84
Subdomains

66
IPs

11
Countries

6269 kB
Transfer

11882 kB
Size

45
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54
  • https://c.holmesmind.com/cm HTTP 302
  • https://c.holmesmind.com/cm?tc=getIn&
Request Chain 91
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=TT3aD-mDCJSc9-0vdRVJYw
Request Chain 92
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=PV1hLwwdAlqJPz9FdRVJYw
Request Chain 135
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=a7_3DPTbC9KbkGZXdRVJYw
Request Chain 136
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Request Chain 175
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_tc= HTTP 302
  • https://m.holmesmind.com/ml/google?cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_gid=CAESEJxKvnHOR-5VheyqcfTVNGk&google_cver=1
Request Chain 186
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Request Chain 187
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Request Chain 199
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined HTTP 302
  • https://m.holmesmind.com/ml/google?cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_gid=CAESEJxKvnHOR-5VheyqcfTVNGk&google_cver=1
Request Chain 209
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=mpKqZnwvSUJZM2JuVS9qbDBvemlFUjE3YisxWmk5YlliUzZFNS9CTzUvY0hYVTM2OTgra20wRXhTOFY4WWJ1U2lSUFdpRXk0b0VMTnhWWFBFbnVOTE9vbXQ0a0hLUzRkOUw4NXgxQUFlbndnQXlrd3hveHhSYU9iYkNwdkdxdzJNbDlwWTFNVmJybGFxdStHM2d4WDhhYjlISGZDWGhJTkJrVk5KSFpQM3hZeGVXQmFMU29IVUZRWEpoY3Z3bHkwUzhGZVp6U1krS2tpWS9Xa01CTzNNL3ZkWld6NlQrNlg4UjZWL05ORUZpNncvcEFENHB4QmRucElpd2lEbGZ4cEZJcjhSd3VuMnZDd2RTeXNJeTZGeENIUnFTdmpTUVFZQ1ozUEU1NlpUWERpWCtYWT18&cppv=2
Request Chain 210
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=i2JCXHxhQjNIWEpxRlI4Vko4ZjJhM3ZxdVVhOUtmL0U0OVRqSTJEcHdmaGdPWTdGcUVydjZPK2VUOXluaGpMY0tQY0xHM3AweWdCL1hMVDlVbkxtVlpVc3ZTdW5yWU5GbDVwTUlrVFpDTGV0N21qMzJ1RVR5R1FnTU1xMFhobkFNc3VvdFpET00xYmFRdy9LeEtFdEp1R08wKy9aNThMSEFjWm82YVk0Q0lGaThaZDZQcmdZNGhnaFZ2UUpSODYwTlYwMDVFVWdiYkdyR3N3djdIU21CRVNZbm0vYjBXWnNydmJ1VU5uNEx2SGNTOW1ZU05aUGNLVTRiZEQwcHhwYzB5V3VJTjVva3RET2paSCthUjF2N0dSV0hieHVaSmUybVRzaUQySHZ6RkU5RE5Ydz18&cppv=2
Request Chain 213
  • https://cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q01BMjAyMjEwMTQxNTUzMjY0NDg5NjA%3d&layout=js HTTP 302
  • https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
Request Chain 214
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Request Chain 228
  • https://cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q0lBMjAyMjEwMTQxNTUzMjYzNzcwMjc%3d&layout=js HTTP 302
  • https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
Request Chain 229
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Request Chain 234
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Request Chain 235
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Request Chain 242
  • https://ads.aralego.com/sdk HTTP 301
  • https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Request Chain 256
  • https://ads.aralego.com/sdk HTTP 301
  • https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Request Chain 297
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=lOsA3Hw2d0RMa3pEVXU5UXU3SGR0NXp0WEJZcnZnNVFoYVI0djBXVDhRMjF4cG1rTTltNHVrRHBFMmtvRXRvSFE5c2hENmpxVmZWaytVdlFkQ1JXamczOEp5Q09RaWNsbVl4T1BkVzZNb3g5aForU1lrRnV2aUsvb0E3S3psSE5wdXFUREhjKzV3VzNvMmdDNldFcWRua0hVdFpEdTVGWXJzeGNzdVNxRldta1dpdS9vSDAxZ2tvaWJJOFBwOWVqS3FCOUcrbHBqSUh2WTdXYmdxM043VlU5VndVdzVDM3lmem5LdmxaM2p3NjAyOXloQm1mVHpWdEtya0Z2ZjQzM0kvN2FaSHRKVG1wNGNybm9VQzhvb0VnSmpqTWtJOTA2bmZRdkxhK0VabDM4a205ST18&cppv=2
Request Chain 306
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=0BM9H3xQMk0yOFE2MkJwZW8rOWN5bmhNTSsxd200UFpqek1jSUNpV2xBR3NtaTYvbDZlQ1ErekFvVkpjcUd4Sm9BcWt0TFpaWHRxVDJxK0JuVU56Q09UVmdWVllydlZQeFVvL3hDbkF4czd0ZEZKaEd2cUxORGhocno1SW4vV2FFSDFRb3BuQk93VDNEWjJyZVduSURPa21Uc2Q1THpISFNGM0R6anByNkpnRnhqRWJKczFuQlkvZ3ZlNkVXNXduc2djN3ozSDlyUGRiQUU0blRQMmw1YkQvSlE5Y0F0OHFNYmJOcHh2dVRHODlKRFdHVTQ0NWFINFhOUkg4MmR2bzVhMzJvTmU4VFdLM3NQaHVOR3hxZ0FuVWU5cFBhVkl2aXBiRVpuckhmM2MyWFVJRT18&cppv=2
Request Chain 315
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1&C=1
Request Chain 316
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y0kVeCxO1yvDGR8.vW1VbwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1&google_hm=2
Request Chain 317
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEOacqMiF_Er1UkuoA9HQeSU&google_cver=1 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOacqMiF_Er1UkuoA9HQeSU%26google_cver%3D1
Request Chain 318
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI0NjQ0MzUzNjI2Nzg3MDM%3D
Request Chain 330
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESECUqT_CPQScF0vNnEFAjmcQ&google_cver=1&google_push=AZmPxg-0efUwE-Nka2JRxTSplPVUPNRfKQiQgjYglx8zPw7p-yYsFeEBl5Z8zj9n8xX86GwKU3RhEiIbexCN6cA-vH4bo5ExvgU HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjUyODY2NDU1MjYyMDg5NTYyMg==&gdpr=&gdpr_consent= HTTP 302
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECUqT_CPQScF0vNnEFAjmcQ&google_cver=1
Request Chain 331
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKLuVpqYc5E2Fg4AVSzGhlQ&google_cver=1&google_push=AZmPxg_1SkGciL6e17J7OCcQRUH5dynqIH8tx7Dj5rxWScqyr0qAhXCYTorhQmPR_gLaCES5WhO_lVLVz5LNcKrY2JivXaN3LPY5 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg_1SkGciL6e17J7OCcQRUH5dynqIH8tx7Dj5rxWScqyr0qAhXCYTorhQmPR_gLaCES5WhO_lVLVz5LNcKrY2JivXaN3LPY5&google_hm=Mjc1MDcwMTI1NzE3MzAyMTQzMw%3D%3D
Request Chain 332
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_cver=1&google_push=AZmPxg_i8pWh62gcEe6Zi2x3lVYPzl-t8m1NDzHMwOHjEATOxaeig0KDPr3iaH7Ua01gZcwGq1bLdrGTG2qWXn2j2w54Wi2pIYbo HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_hm=Y0kVeCxO1yvDGR8-vW1VbwAABLAAAAAB&google_nid=index&google_push=AZmPxg_i8pWh62gcEe6Zi2x3lVYPzl-t8m1NDzHMwOHjEATOxaeig0KDPr3iaH7Ua01gZcwGq1bLdrGTG2qWXn2j2w54Wi2pIYbo
Request Chain 333
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMHjZaJFCdvW8a2meHirPno&google_cver=1&google_push=AZmPxg8JP1-gtte6kGk3xoQ-YNl71uZj5QXZtR7SrtPFM4_3Irx5n3av8bU2-lknYOYervbCxDI3pjcCFSLgYWS0XL-T6ZOmIb_6 HTTP 307
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMHjZaJFCdvW8a2meHirPno&google_cver=1&google_push=AZmPxg8JP1-gtte6kGk3xoQ-YNl71uZj5QXZtR7SrtPFM4_3Irx5n3av8bU2-lknYOYervbCxDI3pjcCFSLgYWS0XL-T6ZOmIb_6&sovrn_retry=true HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AZmPxg8JP1-gtte6kGk3xoQ-YNl71uZj5QXZtR7SrtPFM4_3Irx5n3av8bU2-lknYOYervbCxDI3pjcCFSLgYWS0XL-T6ZOmIb_6&google_hm=Fen5tGZHCnJQ-cJTTku1G-vg
Request Chain 334
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEALi--wkzGiXvOY_kvN1XvM&google_cver=1&google_push=AZmPxg-Kr_2NbBSMfIWXoDudGw5mMhc48EzN8V8d9g5EV92K0yqcP34sX2nKqSu--wi_BjnVir5E7HQLnE0RLRjKAqkCrtLSWXk2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AZmPxg-Kr_2NbBSMfIWXoDudGw5mMhc48EzN8V8d9g5EV92K0yqcP34sX2nKqSu--wi_BjnVir5E7HQLnE0RLRjKAqkCrtLSWXk2
Request Chain 335
  • https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIxZzxWzJtAwlq3Jb_rc3NU&google_cver=1&google_push=AZmPxg-Tglrl7_DPRADm-hg8ZKQvHcTE66uji2K3svdWwWO69vEgBB1FdvKlTeMpu2LzUhx16mgmcJ1wwPAV1jVNxn7iFITQOfSfDg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AZmPxg-Tglrl7_DPRADm-hg8ZKQvHcTE66uji2K3svdWwWO69vEgBB1FdvKlTeMpu2LzUhx16mgmcJ1wwPAV1jVNxn7iFITQOfSfDg HTTP 302
  • https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Request Chain 336
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26&google_push=AZmPxg8g8fmu--tsRbOvYkMlHzkzo-UkwMfeVcaIShWK6v67FpcxDXjgCewzecLs0k8oB91PYv8w-sYePV9WarjiguALQAgJAYOGqQ?google_gid=CAESEFFi7Q7QeUrZV9RyVeMktkQ&google_cver=1 HTTP 302
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26&google_push=AZmPxg8g8fmu--tsRbOvYkMlHzkzo-UkwMfeVcaIShWK6v67FpcxDXjgCewzecLs0k8oB91PYv8w-sYePV9WarjiguALQAgJAYOGqQ?google_gid=CAESEFFi7Q7QeUrZV9RyVeMktkQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=3de31375-26b5-4c85-8ae9-50a0a1cc35c3&&google_push=AZmPxg8g8fmu--tsRbOvYkMlHzkzo-UkwMfeVcaIShWK6v67FpcxDXjgCewzecLs0k8oB91PYv8w-sYePV9WarjiguALQAgJAYOGqQ
Request Chain 366
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJFCt-qAbtnNQGdqybQPOYQ&google_cver=1
Request Chain 368
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESECesOACdXP0TO_55tNdxfHc&google_cver=1
Request Chain 404
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEOA7gQFJsFCovzB-AnHTDVo&google_cver=1&google_push=AZmPxg9QgK3haptRINM9QVrO8V-rRxLBlgsRfctw2tC5fbjLlqUZ7woLdRrO9O0ko5kyZunAdFDDuI0ptXSgAjbpHrb8hu_y4h0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AZmPxg9QgK3haptRINM9QVrO8V-rRxLBlgsRfctw2tC5fbjLlqUZ7woLdRrO9O0ko5kyZunAdFDDuI0ptXSgAjbpHrb8hu_y4h0
Request Chain 405
  • https://d5p.de17a.com/cookies/google?google_gid=CAESENtSzOuNPpSjQm-VFSDOL-Q&google_cver=1&google_push=AZmPxg_UBPn6hlIyLXiI28QAtc1XmgGjj1WW3l1Sp-Y5Amq5V9p4-QmILyXHpng0yIhLdCEDVibhnf0urJ2jDy4NmzFBEl1UMw HTTP 302
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESENtSzOuNPpSjQm-VFSDOL-Q&google_cver=1&google_push=AZmPxg_UBPn6hlIyLXiI28QAtc1XmgGjj1WW3l1Sp-Y5Amq5V9p4-QmILyXHpng0yIhLdCEDVibhnf0urJ2jDy4NmzFBEl1UMw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AZmPxg_UBPn6hlIyLXiI28QAtc1XmgGjj1WW3l1Sp-Y5Amq5V9p4-QmILyXHpng0yIhLdCEDVibhnf0urJ2jDy4NmzFBEl1UMw
Request Chain 407
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPTFH-u9DMOYJlIGRT9u6u4&google_cver=1&google_push=AZmPxg8xf4qZSFrCSleKO3PWy6RYdycy1Np_QlMm5lMWeEohkwzk9gZlqGqusvhK8Z0O9qn9UnQRQ7_0m4g2ggo-0kn4I3_MOGM HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDk4NzBSNFItUi00VE9O&google_push=AZmPxg8xf4qZSFrCSleKO3PWy6RYdycy1Np_QlMm5lMWeEohkwzk9gZlqGqusvhK8Z0O9qn9UnQRQ7_0m4g2ggo-0kn4I3_MOGM
Request Chain 408
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_cver=1&google_push=AZmPxg-ktR5A3Wl3J3vveOp6EX3IzN8uPyAH8GaUeePFRgFNSZABanVZ8WK3Rjf5zkSYK0d4lTuAPjXopyIG0u6n8VSELj6avwk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_hm=Y0kVeCxO1yvDGR8-vW1VbwAABLAAAAAB&google_nid=index&google_push=AZmPxg-ktR5A3Wl3J3vveOp6EX3IzN8uPyAH8GaUeePFRgFNSZABanVZ8WK3Rjf5zkSYK0d4lTuAPjXopyIG0u6n8VSELj6avwk
Request Chain 409
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOXOWh1DCQUmBJ54DYgZVaI&google_cver=1&google_push=AZmPxg8qY_bJwdCKXs2BGpz-dQw8kqZI12JqP0AlZJyzlO3uGjl63YtgmjL9hkj1_cN-N_UGJu08K4-9MhwZMxAvgVbNjlTcji4 HTTP 302
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AZmPxg8qY_bJwdCKXs2BGpz-dQw8kqZI12JqP0AlZJyzlO3uGjl63YtgmjL9hkj1_cN-N_UGJu08K4-9MhwZMxAvgVbNjlTcji4&google_gid=CAESEOXOWh1DCQUmBJ54DYgZVaI HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTE0MTkzNjAwMzUyMDUwMTY3MDg5&google_push=AZmPxg8qY_bJwdCKXs2BGpz-dQw8kqZI12JqP0AlZJyzlO3uGjl63YtgmjL9hkj1_cN-N_UGJu08K4-9MhwZMxAvgVbNjlTcji4
Request Chain 426
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=FtAMU3x6dVZ0UUVGbUgreGYyYVV6K2UvVGVITlVRUjdqSXZHT0I5Y1dFa3hUNml4TmNpcUFTVndEdEoxcEVwbXpRSEFuSmorUkVkUk1DSHpINnRPNU5DWHIzWjRkU1FiMDRqbXRSelZNbFo0cDdsY3Y4N1dLUFQxOFNjOHI0RDcrUUErRWNlVWwvcUpydUtjMzNWSUlEb3dYZXVUbG5KbXNXMlZkMVRCU2tUOXl2RVFvYXY0RzM1dERnZTZMdDhwcFpQNFd5enRhNjNRM2twd3d1cTVDWjI2QUN2Y0E3OTAxbmtVL1YxbldjbW9qRU5acExoeE5MRm1RRm5uajVhN1lXbmZ5ZFhDZ1Rxb0lHM3gxdUVCNnJ0YWdzQT09fA&cppv=2
Request Chain 433
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=MtFzNV93RHp1SEZwVlo1a1U1ZFY1dmdSb3R4QVklMkYyMUJxVFZBZFNqU0ltQ0ZzT0dkVXh3YlQ3SjBWam41Z3R5eVp4bk5PeWhieTVJeWlYSUw2SjZHb2dwZEFGJTJCVnFMSXhPZEtuNzZxSnN0Nkx1JTJGUyUyRjBhJTJCdkVVa1FXdkFBJTJCclo2QUdHd0FocExBN25kNG14QzdybE80eDVuOWclM0QlM0Q&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=BqUwk3xYeVlFZ1B5eG5LT1BoQkJnOHFJL0JBZGxZY3REMjNUb2d4YzZUQU1oV3NIaGRDTjBWY0dKalhETFZDNUNGYXlhU3djVkVxc3N5dlMwcm9Va2ZGeURVTzZpZ2k5c0EvUG9ocmRWbDFRRTRla1JLTStnSGRLOFo5UUpjWW5CS3BxSUxzbGtCVkUrbEd4WmhjUlpXUXhGMTZiTytZMWMxTUJxd0EweEtyLzFtbXNuY1BwUzh5R2JrTDdSUlM4TDBCWmJiNG5YQ0lpYkFjWWhpakpFRUZUSjBKTEFJR21DY29sWWkyNCswR3dHdTVJSGoydVhPTmErRk45QjRMMTZvRHo1b0kwdlhQQWsxeXFpQkltdmpZd2ZLZz09fA&cppv=2
Request Chain 435
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=MtFzNV93RHp1SEZwVlo1a1U1ZFY1dmdSb3R4QVklMkYyMUJxVFZBZFNqU0ltQ0ZzT0dkVXh3YlQ3SjBWam41Z3R5eVp4bk5PeWhieTVJeWlYSUw2SjZHb2dwZEFGJTJCVnFMSXhPZEtuNzZxSnN0Nkx1JTJGUyUyRjBhJTJCdkVVa1FXdkFBJTJCclo2QUdHd0FocExBN25kNG14QzdybE80eDVuOWclM0QlM0Q&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=8IGydXxtMW14M0ZaNGUwQWpyck9zRVcvVm9BbWNqZER1MFgwYW1pUjZkWllGV2pRWW5RRnFwVUEvUWZjRjlaQ0JGM21OMUNLMklYUmFmMlpFK0phcVFydnRRbFlFWGNJbGxWWU5iNUFTSUhYei8xbDR4UEE1NG1yT2lXanJXQ0tQL0FsRndUdWlGeE9HcWVVL1VtelZrNFZuUHBpbzJ0blFHNXdIVU0zWXpERVg5UWliNFRJY0dtVGRqaFBvdk00WHdTUXFBcmtEa1BHLzZBeXNEaFJWc3IvMDdFR3llR29Ld2VUTUlTemF5Y1h6bDRIUlR5clNiUXQxSHA5czlteFFwRHBGVFBudDZpdXB6SGNSdHpwY0ZNTWdMQT09fA&cppv=2
Request Chain 436
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=MtFzNV93RHp1SEZwVlo1a1U1ZFY1dmdSb3R4QVklMkYyMUJxVFZBZFNqU0ltQ0ZzT0dkVXh3YlQ3SjBWam41Z3R5eVp4bk5PeWhieTVJeWlYSUw2SjZHb2dwZEFGJTJCVnFMSXhPZEtuNzZxSnN0Nkx1JTJGUyUyRjBhJTJCdkVVa1FXdkFBJTJCclo2QUdHd0FocExBN25kNG14QzdybE80eDVuOWclM0QlM0Q&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=ihYUlXxhcWwxdWx0cFVmLytYL2V0Q2FaT1FBWWFEZk5Qa3RhSzltc2dkM1NQZktmTDJad0E1VmxZVktFTzBnWjRTbmFwdGNoK2dncHZuRkRuK3JpaXNPd2hBa3RVN3g0NjMvREtLMjA4LzExN3E0Z1NyYTFKTElLOXRtUzZXeEZVckRrWTVlcHozSllQa1VRSW1zSGQ2ZkRjSTNEZ1VRT0piVDZFamdtWWZYUlpKbGR0QUc2Wm0rdCtvQ3FMbEZFOURBck1EVlF3L3N4Ynd1ZU5WRnVjanRLNlUvWE95SGE2emVyMUVtZG9FOVN4ZmNNNDB1TFc0cEpYemlVN2pZNUhDbFNneFlDMmE3VVoyNU4yS0UwRzBTOHdqdz09fA&cppv=2

442 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request XV1QXD
reurl.cc/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.130.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e9c71f8b95c5cd0b76b737b59923a0ead4eb6d83acc245b1b0527ac8dc8acaef

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:23 GMT
server
nginx/1.18.0 (Ubuntu)
target
https://mustardinkstudios.com/wp-content/plugins/wp/
vary
Accept-Encoding
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 		152 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
17879486
x-jsd-version
4.3.1
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19143-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gCcUAb06YtOmD%2FCWyOCHu1%2By6s8gQPg3Q6LrEZUEAGbJnckj%2BZaGrG%2BmN%2Fkk1ZvKSevs4gFvPh7Exm0bOsjtXDskgc4eNugkyQ0J1bTRV6oW%2BhIkzfjLe39oTiht86N2sd8lYD6unIT1gs8JAUw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
759ebdb1fead9177-FRA
style.css
reurl.cc/stylesheets/rwd/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/stylesheets/rwd/style.css?v=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.130.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/XV1QXD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
gzip
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
server
nginx/1.18.0 (Ubuntu)
etag
W/"63356adf-9f6"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=31536000
expires
Sat, 14 Oct 2023 07:53:23 GMT
pixel.js
reurl.cc/javascripts/ 		429 B
524 B 		Script
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/javascripts/pixel.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.130.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/XV1QXD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
gzip
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
server
nginx/1.18.0 (Ubuntu)
etag
W/"63356adf-1ad"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
expires
Sat, 14 Oct 2023 07:53:23 GMT
utag.js
t.ssp.hinet.net/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=0
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 06:51:32 GMT
server
nginx
etag
W/"62de3d74-134a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
expires
Fri, 14 Oct 2022 08:03:24 GMT
ysm_reurl.js
ad.sitemaji.com/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.sitemaji.com/ysm_reurl.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.215.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.215.186.35.bc.googleusercontent.com
Software
nginx/1.12.1 (Ubuntu) /
Resource Hash
8290d97b04510b940ddca9f2aea802eaafb36fc7a8f52e4466ed2b77db35c632

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 11:09:33 GMT
content-encoding
br
via
1.1 google
last-modified
Thu, 20 Jun 2019 08:48:16 GMT
server
nginx/1.12.1 (Ubuntu)
age
74630
etag
W/"5d0b4850-4488"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400,public
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5880
expires
Fri, 14 Oct 2022 11:09:33 GMT
ad.js
img.scupio.com/js/ 		76 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/js/ad.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
0b7c985fafda17e8085fb6ba1cc58444ae9aad39a3f721a627db9e64d4491cea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:52:56 GMT
content-encoding
gzip
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
last-modified
Mon, 19 Sep 2022 02:16:55 GMT
server
nginx/1.12.1
x-amz-cf-pop
TXL50-P4
age
35
etag
W/"6327d117-12f95"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=900
x-amz-cf-id
KqDJeN9fYYBgs2Lc_t1x3QWVdKr4UEqoybAbKc_MpNV582Mhvln0yQ==
expires
Fri, 14 Oct 2022 08:07:48 GMT
init.js
cdn.holmesmind.com/js/ 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
date
Fri, 14 Oct 2022 07:52:57 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 04 Mar 2022 10:10:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
39
etag
"439e160b698f1ec2efb45c3b6cd6b265"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
6552
x-amz-cf-id
XAUakfkwrJGe7iAUmxgoSmrKBtAFcmR5zMhA3mC5kjsNSLVWAa_klw==
vue.min.js
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 		84 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
17879447
x-jsd-version
2.5.16
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19143-FRA, cache-hhn4027-HHN
x-jsd-version-type
version
server
cloudflare
etag
W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2F6VJsMaBTy4U%2BcnPbBAWJkv38waIrB%2BR4JPxOLTRIGXfkA%2BpJVC0HLvy7wl5iMRFqTwKF6vekuaIBO8d7z%2B0w76jM5Fgd1HI2i91HUW1PZXopKdkKE9OU8C3UkPXWEA49xl03ZjylSYnKA%2BorQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
759ebdb1feb49177-FRA
renews.js
reurl.cc/javascripts/ 		412 B
493 B 		Script
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/javascripts/renews.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.130.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
52bb2d07b65ec544edeb2a33f4103397a28f036f0d100090f3e17e4364aea1fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/XV1QXD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
gzip
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
server
nginx/1.18.0 (Ubuntu)
etag
W/"63356adf-19c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
expires
Sat, 14 Oct 2023 07:53:23 GMT
loading.js
reurl.cc/javascripts/ 		134 B
339 B 		Script
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/javascripts/loading.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.130.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/XV1QXD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
gzip
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
server
nginx/1.18.0 (Ubuntu)
etag
W/"63356adf-86"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
expires
Sat, 14 Oct 2023 07:53:23 GMT
ga2.js
reurl.cc/javascripts/ 		536 B
550 B 		Script
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/javascripts/ga2.js?v=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.130.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/XV1QXD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
gzip
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
server
nginx/1.18.0 (Ubuntu)
etag
W/"63356adf-218"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
expires
Sat, 14 Oct 2023 07:53:23 GMT
fbevents.js
connect.facebook.net/en_US/ 		101 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/javascripts/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b81cc6d28cbf3df9c6127a05a865bef0842d917507cce946712974e748110957
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 14 Oct 2022 07:53:23 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26852
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
LHyEdwY7T0txllx9mUHSZ4I5zqjtFRGpv77J5pMlkqfVdVrDbvnh87ghVGYQFW+SRFuVlZ8OSAV8ptOHOSXTwQ==
x-fb-trip-id
917726464
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
page.php
www.facebook.com/plugins/ Frame 380F 		98 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d5a4ce07c722a024fffd9e89ad84fe5bbdbe501e920cd6a73cf4fd41c04c6ded
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
date
Fri, 14 Oct 2022 07:53:23 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=3,i
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
GM8qaprj0lomfToI2cKquzaghzgXdL8q5sf+RMc9m2HrNKnjK6JY9rKk8xEFnvFZeXRg5Ds38Ssxtuxu0MfLXg==
x-fb-rlafr
0
x-xss-protection
0
feeds
storage.re-news.tw/ 		6 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://storage.re-news.tw/feeds
Requested by
Host: reurl.cc
URL: https://reurl.cc/javascripts/renews.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.196.223 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
223.196.244.35.bc.googleusercontent.com
Software
/ Express
Resource Hash
29bc7fe3ad3db20965fe2448725789708ab21a6d148a99e5380744df261886c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
via
1.1 google
x-powered-by
Express
etag
W/"193a-5lB2YkjlNlKXeSYaTJnoqpi32l0"
vary
Origin
content-type
text/html; charset=utf-8
access-control-allow-origin
https://reurl.cc
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6458
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/javascripts/ga2.js?v=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 14 Oct 2022 07:15:57 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
2246
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Fri, 14 Oct 2022 09:15:57 GMT
reurl_passback.js
ad.sitemaji.com/native/ Frame 532B 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.sitemaji.com/native/reurl_passback.js?s=728x90_pc
Requested by
Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/ysm_reurl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.215.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.215.186.35.bc.googleusercontent.com
Software
nginx/1.12.1 (Ubuntu) /
Resource Hash
9106df425157d837db9798b2b26f25f27f9a4e803f2fb0b2851c88492bec14fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 17:13:44 GMT
content-encoding
br
via
1.1 google
last-modified
Thu, 29 Aug 2019 10:21:10 GMT
server
nginx/1.12.1 (Ubuntu)
age
52779
etag
W/"5d67a716-3bbe"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400,public
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5256
expires
Fri, 14 Oct 2022 17:13:44 GMT
1675200226052423
connect.facebook.net/signals/config/ 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1675200226052423?v=2.9.84&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d9a7de3641bea5808ef2ac099754f534d282dd6ad578bd119ac96a33d53f3200
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 14 Oct 2022 07:53:23 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
7343
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
GWFlxN7zYw2fqv+qjxDmAMtLuN+Mt2+hxNF2iicubectp9l9BPjaV64AdgYYlCULdI2fjP2J47ExzDCkPLvNcQ==
x-fb-trip-id
917726464
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
capmapping.htm
cdn.holmesmind.com/js/ Frame 4B45 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
24
content-length
4730
content-type
text/html
date
Fri, 14 Oct 2022 07:52:59 GMT
etag
"c36f5eb091d6195fe8b68f3b263f999b"
last-modified
Mon, 22 Aug 2022 03:00:17 GMT
server
AmazonS3
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
x-amz-cf-id
LrnomjZbfNvKyi28PZmi8_0EnOOIxTTk9p3u_nvdw7Q67_9_dG5oKA==
x-amz-cf-pop
FRA60-P2
x-amz-version-id
9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
x-cache
Hit from cloudfront
edmp_init.js
cdn.holmesmind.com/js/ 		662 B
1003 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/edmp_init.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:59 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 12 Mar 2021 02:45:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
38
etag
"f58f8a90686f8ffb3325107e8a788b71"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
662
x-amz-cf-id
6mV3s9YhL53DN6xtLs2NPeY0noVXfXRYb7lRpHqb-oZedsQyDD_kyQ==
presetfn.js
cdn.holmesmind.com/js/ Frame C26A 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
date
Fri, 14 Oct 2022 07:53:23 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Mon, 22 Aug 2022 03:00:16 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
4
etag
"ddf163a3d8381378b3e35e39339ad7ab"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
9530
x-amz-cf-id
Q38QmulIrCx0n31GGqL56Anuzm1LsSlGeUpHsge0kOBL5ES-NdJVMA==
presetfn.js
cdn.holmesmind.com/js/ Frame 2E01 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
date
Fri, 14 Oct 2022 07:53:23 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Mon, 22 Aug 2022 03:00:16 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
4
etag
"ddf163a3d8381378b3e35e39339ad7ab"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
9530
x-amz-cf-id
ZIqwnxwnqI6QxkTzdU50Y76lMvBZLb6Puka7K9ual-VbVeqxZhv-rw==
presetfn.js
cdn.holmesmind.com/js/ Frame A472 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
date
Fri, 14 Oct 2022 07:53:23 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Mon, 22 Aug 2022 03:00:16 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
4
etag
"ddf163a3d8381378b3e35e39339ad7ab"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
9530
x-amz-cf-id
omoD1hofzehbE87BYDlw_i3CyReNa5wjviHdX0qPI--VLxVJMtN9SA==
17229.json
img.scupio.com/js/config/ 		461 B
870 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/js/config/17229.json?v=1.0.3839
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
b089858662086aaf29d4f37d5cbd92faf267e7f9db55d13df5ec21229d2eb1b0

Request headers

Accept
application/json, text/javascript, */*
Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
via
1.1 6c62711a616d17e4e2fe0b898df3c02a.cloudfront.net (CloudFront)
x-amz-cf-pop
TXL50-P4
age
281
x-cache
Hit from cloudfront
content-length
461
last-modified
Fri, 14 Oct 2022 02:20:47 GMT
server
nginx/1.12.1
etag
"6348c77f-1cd"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=10800
accept-ranges
bytes
x-amz-cf-id
AN1yFy-GHLDswjqxotG237nkVApexPvlqlwib3klK-oLdQXHzO9HKA==
expires
Fri, 14 Oct 2022 10:48:42 GMT
adreqlog.aspx
bw.scupio.com/adpinline/ 		0
711 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.6812418162581579
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
210.59.219.180 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*
Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Fri, 14 Oct 2022 07:53:24 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
application/json
Access-Control-Allow-Origin
https://reurl.cc
P3P
CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Cache-Control
private
Access-Control-Allow-Credentials
true
Content-Length
0
ad.html
img.scupio.com/html/ Frame E566 		83 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/html/ad.html?v=1.0.65
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
f670c1ad9fafff4387b4474fda0e68b090c975ddc416cf9f2aa64f50e1a4077c

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2457
cache-control
max-age=2592000
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 14 Oct 2022 07:12:55 GMT
etag
W/"62fdf772-14d93"
expires
Sun, 13 Nov 2022 07:12:26 GMT
last-modified
Thu, 18 Aug 2022 08:25:22 GMT
server
nginx/1.12.1
vary
Origin
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
x-amz-cf-id
iamX3ySKyvOKNqDdjCuYYHYASrhxni1-WBoNhkJDDJ4cTp1HdSuU_w==
x-amz-cf-pop
TXL50-P4
x-cache
Hit from cloudfront
17253.json
img.scupio.com/js/config/ 		461 B
869 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/js/config/17253.json?v=1.0.3839
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
b1cbb0a3fc338c889779e2fb023e61a1e039d238f5e42b3920413c83a0e3b71a

Request headers

Accept
application/json, text/javascript, */*
Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
via
1.1 6c62711a616d17e4e2fe0b898df3c02a.cloudfront.net (CloudFront)
x-amz-cf-pop
TXL50-P4
age
281
x-cache
Hit from cloudfront
content-length
461
last-modified
Fri, 14 Oct 2022 02:20:48 GMT
server
nginx/1.12.1
etag
"6348c780-1cd"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=10800
accept-ranges
bytes
x-amz-cf-id
j8SPGZK4AsRlUZZTWfJ19vhMGMgaNwrWgEvJmPr9bRX25wcFg9DCqw==
expires
Fri, 14 Oct 2022 10:48:42 GMT
adreqlog.aspx
bw.scupio.com/adpinline/ 		0
711 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.9831965287763502
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
210.59.219.180 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*
Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Fri, 14 Oct 2022 07:53:24 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
application/json
Access-Control-Allow-Origin
https://reurl.cc
P3P
CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Cache-Control
private
Access-Control-Allow-Credentials
true
Content-Length
0
ad.html
img.scupio.com/html/ Frame 9F4F 		83 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/html/ad.html?v=1.0.65
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
f670c1ad9fafff4387b4474fda0e68b090c975ddc416cf9f2aa64f50e1a4077c

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2457
cache-control
max-age=2592000
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 14 Oct 2022 07:12:55 GMT
etag
W/"62fdf772-14d93"
expires
Sun, 13 Nov 2022 07:12:26 GMT
last-modified
Thu, 18 Aug 2022 08:25:22 GMT
server
nginx/1.12.1
vary
Origin
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
x-amz-cf-id
DdL5Atjp-ycIt69-N5O_ns2frBtghx6_yBa56PHsD26cs1NNsn5K2A==
x-amz-cf-pop
TXL50-P4
x-cache
Hit from cloudfront
Jhpam8SKQ3I.css
static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/ Frame 380F 		18 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/Jhpam8SKQ3I.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e6ac1f56910010e5a93a3093e7847ad5ea43ba9e8bb8ff568b957eff0a2f58da
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
jGZ6W9LX7Pa2QkA52B4BYg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
4747
x-fb-rlafr
0
x-fb-debug
RuNKDQarsu4UAOGqP/m4YqVzJ9PLMFm38xEplg/9/FjP5rr3stUOi4pXrKFCLlHP+hb4chCYAcGOFzFb4Uc9xA==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 13 Oct 2023 17:21:02 GMT
5d4eZbVHxAY.css
static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/ Frame 380F 		2 KB
1021 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/5d4eZbVHxAY.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
239a83f36e0eb1c181c4ec174b9a05ce02b44afc5685aa3dc828aa581ea3d7a0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
qp62alFG777So/ro/wbkaA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
829
x-fb-rlafr
0
x-fb-debug
vSjYciL2qABDsh1QHF0cHcJxUaOkjAL01NN70G+Z5cFdyGD175dQFMO+QqIxrGDYq5k0dWXcRNnduEH7wmWJLA==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 05 Oct 2023 15:32:30 GMT
uNC9cVrg9ND.css
static.xx.fbcdn.net/rsrc.php/v3/yQ/l/0,cross/ Frame 380F 		33 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yQ/l/0,cross/uNC9cVrg9ND.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2944c3024e13444318267d493ee7dba4e4679744a51116229953c4d7c3866a43
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
kob/OCQxBBBRBwPxc4gbHg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
6454
x-fb-rlafr
0
x-fb-debug
rmOo7pY0NgPrZkeFvnv4HgB4iwad3nPGPXQkRrgpjzq5SnhBCIG205zoivrI5QWRQ1c9+LkHOpvrAMB/IizQkw==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 04 Oct 2023 21:23:59 GMT
2qJRjrlwTog.css
static.xx.fbcdn.net/rsrc.php/v3/yp/l/0,cross/ Frame 380F 		17 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yp/l/0,cross/2qJRjrlwTog.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eaca0fb0be4c00a5add8575e92bddc641057ee578b8c75641cf8c36018543142
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
lGfaiydoxOwSQubOhXstPA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
4581
x-fb-rlafr
0
x-fb-debug
YrBROSo40EnUbtLhb4VWwTSj2F4WD/XWOpTZ4r6b6ZhmXbeXNYsvHL2ruCWGSNBg5m1EJZksUM0vy8HvNo2idg==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sat, 30 Sep 2023 17:30:29 GMT
V_wJ8EQu-vo.js
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 380F 		323 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/V_wJ8EQu-vo.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8c52f64b8538b61eb70de24754c61aed4119abcde29a8aedeebfa0a32c264138
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
0nwiIUzgQWDEVCDX5kGDLw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
88941
x-fb-rlafr
0
x-fb-debug
9tRVbTHKDZ0v3ypl77jHpaXT9kZ5yX+/xRW2fCom24qDL7jPxpuDyJQLHez/td8H9TgS/uRBVyOEZ7DjdHr4OQ==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 12 Oct 2023 08:21:16 GMT
FGasx_8C7gf.js
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 380F 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/FGasx_8C7gf.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
41b2c8c215be5020e756d8dde6c738ba98ca3a167266a4f708fbb02299771d69
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
TPH8wCpe+btQJshugd6Gtw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
12272
x-fb-rlafr
0
x-fb-debug
nOA5nqgN1tYtnE+kA95V3kttugzZmh1ufGKyQ68/btnacYv1DLrB53qxhIfSCWa/921C8lkCTAqEFQcrE3EF2g==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 04 Oct 2023 07:25:14 GMT
5I68SGTEBGz.js
static.xx.fbcdn.net/rsrc.php/v3/yj/r/ Frame 380F 		51 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/5I68SGTEBGz.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a5fc80af241aec02acf796b66c39027b469e8b54fd30519bb773908d3cd1f600
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
QjaAwCelpsv7iT4ru+X7MA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
16192
x-fb-rlafr
0
x-fb-debug
p0IOtbipf2bRa3oQ5TfshVTKbnu764I0LPkXsnj/3WxIxeRhZPzx6XSNqSOarxcSyvp119zwmlB0avPbp6opkg==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sat, 14 Oct 2023 04:48:28 GMT
hPZIPTPHqCo.js
static.xx.fbcdn.net/rsrc.php/v3/yQ/r/ Frame 380F 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yQ/r/hPZIPTPHqCo.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b34e990bcdb512549b66a8703674635168434d960dd725e90285889f1336759e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
BWIH4To21LUz9RX2gJ76+A==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
7126
x-fb-rlafr
0
x-fb-debug
S5Ohlpgjd7y6mlFPAdRfBy9yd7UmqTEW0s791GXyb3ilODsLXLiDqej3QT9LJ0vzojsi28QG2QIjj3vkG6ZZqg==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 13 Oct 2023 17:21:02 GMT
iKOdrVwIJO6.js
static.xx.fbcdn.net/rsrc.php/v3/y1/r/ Frame 380F 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/iKOdrVwIJO6.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d295ad9799d17401cc653b47a5c27bd046fe89512861221f1bc6b6738d31a060
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
ACqcir3ClHkUNdXTCpvPCg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
8427
x-fb-rlafr
0
x-fb-debug
KDEnm4es30E2t6YZqUJU7B35H5O1A7dt3iD/eJHTDDsxGRJbLd3D06jItkBdbm801xAbdQfc2HAxKwNbpzhBbg==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 13 Oct 2023 17:21:02 GMT
dmtE6195c4_.js
static.xx.fbcdn.net/rsrc.php/v3/y-/r/ Frame 380F 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/dmtE6195c4_.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
27ddc909a924fa13e1c92c061f1efc24eb5851a8679a49b6d1cbf5b52a30bb1b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
NkD8cYDASlJU1GEhNvFoig==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
5804
x-fb-rlafr
0
x-fb-debug
0KDsGqkDbta7YSTJMQvxWiiwcCGd1RghjcJHzZP0EvsoOs+2rDpF+aiZDQVdKikQrWBXssyAom1x4F3oAzMY+A==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 13 Oct 2023 17:21:02 GMT
p55HfXW__mM.js
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ Frame 380F 		588 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2a3d13042506b014659c201105249b75f7101f0c3175eea254b8f33bb5ea7bd8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
dvWT6EJnf3PNCgYjKHSyww==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
338
x-fb-rlafr
0
x-fb-debug
lnI8PyvKbIUgmqg0kxw4Lqszn4Bpvwy0WUVqktwO+nFxfnEPfc2Lhznab72Srsqcv7RFgx2GK+pR4penA1xR3w==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 05 Oct 2023 15:35:31 GMT
UQf8KwbqJif.js
static.xx.fbcdn.net/rsrc.php/v3i2aq4/yX/l/de_DE/ Frame 380F 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i2aq4/yX/l/de_DE/UQf8KwbqJif.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
506d315d02544f0d8269f294f2da7d047af707dcd41db86012ca90dc1b4f78c2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
3npe0GkJmZlCzbg9uyZ0Kg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
7101
x-fb-rlafr
0
x-fb-debug
77VORXrHwEoKenSgTSq28mxa45oNLSh34o0o4dovge03ve9CyGmL6Wb7YOwpdBcxbPZaRAbYvdFtcxh5uLn3ug==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 13 Oct 2023 17:36:02 GMT
GG1Y0sYc7My.js
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 380F 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
90fc0d4d2666d3f5b0ce950a759f03f7755f52012ba11c5d68bad84ab0ea9a3d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
FvCDsjtWXbnS8g0a11kzwQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1657
x-fb-rlafr
0
x-fb-debug
NoHMQI8nlRIqoKYzQlBDjVjmnenckToBkVshQWKWSNzoN+8RuQEDJ2gh/63+3dXk2e7Zrr+bmod2lhVUXDSezg==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 01 Oct 2023 03:39:26 GMT
I52F_owkvX4.js
static.xx.fbcdn.net/rsrc.php/v3iAxA4/yx/l/de_DE/ Frame 380F 		83 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/yx/l/de_DE/I52F_owkvX4.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
211d6dc20d58202a8270f43f611dcbb34b14f7dd96cd8f2a8cdb6b85c28cf3e1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
d2HI/xcx71WEBU04RmusEQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
23362
x-fb-rlafr
0
x-fb-debug
g5NxJ6GXUSkBYIUQp18vdr50VP/4XRBqc2t8Ke1nZYnkLs4IC9ke0ymp6UyK2CRju9F+8R27DCURCGC+sTLhrQ==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 13 Oct 2023 17:36:02 GMT
oDVETVg4GJv.js
static.xx.fbcdn.net/rsrc.php/v3/yV/r/ Frame 380F 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d7994b4c7055c1dbba3b5b88309fcd1327a08f3412ff73d5633cb3b842a156f6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
0bpo8UawH0rvYNearbkm6g==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
7236
x-fb-rlafr
0
x-fb-debug
iZZA/zO+QeZMm2b2U3g6ir+yVZmk0N/89YpQixhJChDTJQoGM/Xd3mu0DolWUYgb0y+v1hJbZmYcvzmh1brk4A==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sun, 01 Oct 2023 11:25:26 GMT
HIpG-zMFMaC.js
static.xx.fbcdn.net/rsrc.php/v3iiuU4/yO/l/de_DE/ Frame 380F 		336 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iiuU4/yO/l/de_DE/HIpG-zMFMaC.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
064b872dc62ac586dbb1c7c9c9d01b292df105e4d2f6ae624808f15eb300a140
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
xx6E0JW2i75QdqHU53eL3A==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
80487
x-fb-rlafr
0
x-fb-debug
QyLsgISpNITePM3SqSbyCw/f53wKg2/tlDxMX9WKy8A3R3dtMZGczuR1B1qrkRQj1ivjn77utjUFK0/ROacVBg==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Tue, 10 Oct 2023 19:40:59 GMT
fYcoadLKcqx.js
static.xx.fbcdn.net/rsrc.php/v3/yl/r/ Frame 380F 		73 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yl/r/fYcoadLKcqx.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
05d7b718b14633236a482ade1982ae74c25d2cfe73a43ca3e39840f6f093d71d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
dnL8k+yw6LQd3AQoGk2E4A==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
19181
x-fb-rlafr
0
x-fb-debug
zUMGpy0ysz3HHKlOfrbHz4ZIlQ1Oae/YQ74CoUUv327NBkqe9VUqT2Ijba/Sfuc8bRgfD6/tp6zmSBz5oNZcEw==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 13 Oct 2023 17:21:02 GMT
XOGLqtK6SbW.js
static.xx.fbcdn.net/rsrc.php/v3iMqR4/yq/l/de_DE/ Frame 380F 		155 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iMqR4/yq/l/de_DE/XOGLqtK6SbW.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
55cea37ba4b4a7545b294b34cfc82339b661f891fcd64c246e3342ad0f7a57c1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
woPTmoM4f5w07qV6SDEBuw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
42146
x-fb-rlafr
0
x-fb-debug
pQD7Zw6IRHGj4oGfeQrVkfgRKpBHeZCQTplmtm8vlzNMFNIqgtDOO7cop3byb6pVfWC7uWsORLuW9HEYuGUqHA==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 13 Oct 2023 17:36:02 GMT
tWToR-gOAEL.js
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 380F 		210 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/tWToR-gOAEL.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8274947f071c5bd9734c5e970df088e184c8f463ca9b72688b43eaeab2d635fe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
ASs/HK9M2wJ3ULde+FyQGA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
47802
x-fb-rlafr
0
x-fb-debug
7OKXXG3y9AnwXwVlC299uHK41zCNLGMo1cHpwpXK9yt1kzabqa0XlmfRivWsfrYByDINBbnoQcGWpnjZ0mOMuw==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 13 Oct 2023 17:21:02 GMT
ehi71tw9UIC.js
static.xx.fbcdn.net/rsrc.php/v3/yB/r/ Frame 380F 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/ehi71tw9UIC.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
49712020cdf04c0161b3c7d60d9fa6c073388f2ef009bbad6c5edcf123fa707a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
813e0p2VQavjAMRiz8/G8g==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
7562
x-fb-rlafr
0
x-fb-debug
sMLFbJCWVEaReR/TekEbT5ORclUKtQmR/ypScZJPye/Vf1g4MyVgwSKCj13Vp9313x00PxXFyKTBbr2AkOQeDA==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 13 Oct 2023 17:21:02 GMT
FLvtonlSna1.js
static.xx.fbcdn.net/rsrc.php/v3/yf/r/ Frame 380F 		55 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/FLvtonlSna1.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
1d6490f44a2180305b547c102812f520f01fb334f167db4091c1816b66166b9e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
4majzMI5X7y53cPlzz/opA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
15209
x-fb-rlafr
0
x-fb-debug
qTIAaFeOKcQ+yAjIYom5BEsJBYprTcpJw2iktl4o4KtD8gflNcViXwPF34pnU9cbCfnjhUqNf7HLIX5JNk91Xg==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sun, 01 Oct 2023 00:51:19 GMT
269546106_682875953118913_5806549178849375890_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-6/ Frame 380F 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.xx.fbcdn.net/v/t39.30808-6/269546106_682875953118913_5806549178849375890_n.jpg?stp=dst-jpg_s350x350&_nc_cat=106&ccb=1-7&_nc_sid=dd9801&_nc_ohc=IDlhf8V5V4sAX_SyFcz&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AT_4PS7dRSRT6lmqMcNVl1TJw_IfZ7VOY9zVtsN7hr66XA&oe=634E600C
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
571da35bdddda7ec4fccd594181c04e2c5db4285be67907abea45daad789ebf7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-haystack-needlechecksum
2787905246
date
Fri, 14 Oct 2022 07:53:24 GMT
x-fb-trip-id
917726464
x-storage-error-category
dfs:none;hs_p:200:HS_ESUCCESS
last-modified
Fri, 24 Dec 2021 06:59:33 GMT
content-type
image/jpeg
access-control-allow-origin
*
content-digest
adler32=3014635661
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
250743086
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
18831
305964663_450890893727816_1742559653774706626_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-1/ Frame 380F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.xx.fbcdn.net/v/t39.30808-1/305964663_450890893727816_1742559653774706626_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=YtPTnhN78uAAX93Jsvk&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AT-CAgKuPr6Xb9l0hC3jSHFGdj2hG8Iv5P1Uadvy9Yx1VA&oe=634E8F15
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4636fb9df5ae103fbad3764c9f98400be1c9384cbe77fdb6951b96adcac788b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-haystack-needlechecksum
760809244
date
Fri, 14 Oct 2022 07:53:24 GMT
x-fb-trip-id
917726464
x-storage-error-category
dfs:none;hs_p:200:HS_ESUCCESS
last-modified
Thu, 08 Sep 2022 19:16:03 GMT
content-type
image/jpeg
access-control-allow-origin
*
content-digest
adler32=2540016234
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
88386505
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1345
native.js
s.yimg.com/dy/ads/ Frame 532B 		78 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/dy/ads/native.js
Requested by
Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/native/reurl_passback.js?s=728x90_pc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
a19902458ab4a5513642a87b381b9183a2fc725849b581fd953e22d824d1c5a7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:47:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000
x-amz-request-id
WKS5ZYSSREB7VY19
age
351
x-amz-server-side-encryption
AES256
x-amz-id-2
4C/YS6AUS110Nf/j9iXGjbSk08w44bComkd+yxNeosmpurX7d1Anmg0iRTyxaKgtqZcG14sgJ2w=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 08 Feb 2022 12:02:57 GMT
server
ATS
etag
"7e002e241fddeeb8dd76383206c47a3d-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
accept-ranges
bytes
cm.php
fcm.holmesmind.com/ Frame 695B 		39 B
100 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fcm.holmesmind.com/cm.php
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.67.95.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:27 GMT
server
Apache/2.4.29 (Ubuntu)
via
1.1 google
utag.js
t.ssp.hinet.net/ Frame 4B45 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=0
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 06:51:32 GMT
server
nginx
etag
W/"62de3d74-134a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
expires
Fri, 14 Oct 2022 08:03:24 GMT
cm
c.holmesmind.com/ Frame 4B45
Redirect Chain
  • https://c.holmesmind.com/cm
  • https://c.holmesmind.com/cm?tc=getIn&
0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm?tc=getIn&
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Server
35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
via
1.1 google
server
nginx/1.10.3 (Ubuntu)
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=UTF-8

Redirect headers

location
https://c.holmesmind.com/cm?tc=getIn&
date
Fri, 14 Oct 2022 07:53:24 GMT
via
1.1 google
server
nginx/1.10.3 (Ubuntu)
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=UTF-8
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ Frame E566 		95 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 06:11:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92497
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33951
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Oct 2023 06:11:46 GMT
prebid.js
img.scupio.com/js/ Frame E566 		236 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/js/prebid.js?v=5.20.0
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
97a8ac3778e546a6f181085011be6050889e44dd212ac3e9782389f0b853c23d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:50:16 GMT
content-encoding
gzip
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
last-modified
Tue, 28 Jun 2022 05:54:43 GMT
server
nginx/1.12.1
x-amz-cf-pop
TXL50-P4
age
253
etag
W/"62ba97a3-3b047"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
x-amz-cf-id
zDvHd9ZWNPzJl63ddQVFKbrGPC6jRhXh_t2Z0G2zun5Dz9mULovw5Q==
expires
Sun, 13 Nov 2022 07:49:10 GMT
Preset.js
adcdn.holmesmind.com/adserver/ Frame C26A 		756 B
690 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adcdn.holmesmind.com/adserver/Preset.js?z=13847
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:9200:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
ce1e17725c0565bbdb0d7342bd669fea135d89a610c5f1c9ae7d0eed5e118267

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:48:42 GMT
content-encoding
gzip
via
1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
server
nginx/1.14.0 (Ubuntu)
x-amz-cf-pop
FRA60-P2
age
282
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
x-amz-cf-id
NvTfjAlkNcNSy4e-0IpBnRz5pedP5jqb4QEXjMqQrv43PE3mnoppvg==
Preset.js
adcdn.holmesmind.com/adserver/ Frame 2E01 		575 B
643 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adcdn.holmesmind.com/adserver/Preset.js?z=13856
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:9200:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
22d4fe7a41e1b5ac442faeccace387a6e59c4f056bc35b71f1b65cf42e7a6721

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:48:42 GMT
content-encoding
gzip
via
1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
server
nginx/1.14.0 (Ubuntu)
x-amz-cf-pop
FRA60-P2
age
282
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
x-amz-cf-id
t6ZwKr4ZlH9VBKlMWlLDj3mkVFlJgXuOEqco1z4IB4zDkzl_vQTEig==
/
www.facebook.com/tr/ 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FXV1QXD&rl=&if=false&ts=1665734003939&sw=1600&sh=1200&v=2.9.84&r=stable&ec=0&o=28&fbp=fb.1.1665734003938.88087514&it=1665734003839&coo=false&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 14 Oct 2022 07:53:23 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
priority
u=3,i
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1043191352&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FXV1QXD&ul=en-us&de=UTF-8&dt=ING&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=2018333405&gjid=701170655&cid=92490124.1665734004&tid=UA-102456694-1&_gid=663937525.1665734004&_r=1&_slc=1&z=1523628350
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j98&a=1043191352&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FXV1QXD&ul=en-us&de=UTF-8&dt=ING&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=3&el=MTc4LjE2Mi4yMDkuMTMx&ev=1&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=92490124.1665734004&tid=UA-102456694-1&_gid=663937525.1665734004&z=925641770
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 13 Oct 2022 17:56:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
50226
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ Frame 9F4F 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 06:11:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92497
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33951
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Oct 2023 06:11:46 GMT
prebid.js
img.scupio.com/js/ Frame 9F4F 		236 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/js/prebid.js?v=5.20.0
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
97a8ac3778e546a6f181085011be6050889e44dd212ac3e9782389f0b853c23d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:50:16 GMT
content-encoding
gzip
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
last-modified
Tue, 28 Jun 2022 05:54:43 GMT
server
nginx/1.12.1
x-amz-cf-pop
TXL50-P4
age
253
etag
W/"62ba97a3-3b047"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
x-amz-cf-id
LtFHCONhZa0AkSO8NinwGPQ2lpCLo8cZjFkT1urrJDDQFrTCedZZDg==
expires
Sun, 13 Nov 2022 07:49:10 GMT
Preset.js
adcdn.holmesmind.com/adserver/ Frame A472 		760 B
685 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adcdn.holmesmind.com/adserver/Preset.js?z=13848
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:9200:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
8f85e51a2f3c094fe6816857f185ca3f81647b4a74c6b06dd0df82e1d7455771

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
via
1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
server
nginx/1.14.0 (Ubuntu)
x-amz-cf-pop
FRA60-P2
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
x-amz-cf-id
idq5GJ2glOjqxQYC1By6uS4r7o-235TI3K5EHStEivXdxZp5LX5i1A==
ads.js
ad.holmesmind.com/adserver/ Frame C26A 		0
214 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FXV1QXD&n=764&o=1&d=1&b=2&ts=1&ii=3&FPCK=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&initver=210830P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.198.19.32 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-198-19-32.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
access-control-allow-credentials
true
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame C26A 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:00 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 09:25:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
34
etag
"6a605eea47197fa280f27aaf1fa1521d"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2773
x-amz-cf-id
FJoYV9QeAvuds19r8tm-UwWjkNl_JBipfp_LC093EydGghC1yiWJiw==
publishertag.js
static.criteo.net/js/ld/ Frame C26A 		121 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
119e37f6f9552a67b6f761070add78e7f93db654027478a7c51e9e34f955b841
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Sat, 01 Oct 2022 02:55:29 GMT
server
nginx
etag
W/"6337ac21-1e358"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Oct 2022 07:53:24 GMT
criteoV2.js
cdn.holmesmind.com/js/ Frame C26A 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:47 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 09:25:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
38
etag
"e8f33fcb581483ced4a09b3c8e7550e4"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2443
x-amz-cf-id
6KFn0OL4ryWPAQJSbEiGPZmaUANNxgcefH4PX4M9k9nPKkFp9cd2xQ==
bridgewellV3.js
cdn.holmesmind.com/js/ Frame C26A 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:24 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 20 Apr 2021 06:25:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
13
etag
"c3b948e5a48dd0ec20c265d6d8da7add"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
4530
x-amz-cf-id
x0O3fH08KNtbRdxV7nyiEUPnkSBhN0-pH-YT3luz4mX0ZFqGYDidcA==
appierV2.js
cdn.holmesmind.com/js/ Frame C26A 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:46 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Thu, 11 Mar 2021 07:54:26 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
38
etag
"548ed610a8571343fb3022f543174735"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
3177
x-amz-cf-id
dn0qN19PA4Sjd4ODEvq9DsOX7UFjAhqP0jtXRSboXOVxJevkmejVgw==
appier_mainV3.js
cdn.holmesmind.com/js/ Frame C26A 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
13d69b634ceeee6647713a2568ba53d7f956abaf734f3cfad0ad1e35d1e988c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
fIQgLpkPc8Xa6hWRKpG2InO.92XkfeB1
date
Fri, 14 Oct 2022 07:53:02 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Wed, 12 Oct 2022 08:48:47 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
23
etag
"945b888de0f0e51f6997f84814931271"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
5760
x-amz-cf-id
tMw7CDO75LBHz-X3GFotQdU8_UHHN60WdGk5XwJoakU_0cuKN5Fa2A==
UXtr_j2Fwe-.png
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ Frame 380F 		573 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/Jhpam8SKQ3I.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/Jhpam8SKQ3I.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
x-content-type-options
nosniff
content-md5
07aG/2AEtDHVAZ5LUajMDQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
573
x-fb-rlafr
0
x-fb-debug
eqJ02I60kecGdrEMxBdIPfCMH+R/0qx715HoEZ7+BI0qSimr4DUZtde66tGQtp4FGGZqEg8z3eXh8pcMi4UdKA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 04 Oct 2023 00:50:13 GMT
getAds.do
ads.yap.yahoo.com/nosdk/wj/v1/ Frame 532B 		290 B
623 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FXV1QXD&caps=16&cb=jsonpCallback0
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
87.248.100.136 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
o1.ycpi.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
f7a8e9ba173126956cea416f7d8039002d47e39abd29f782ac164884ed216c5e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
date
Fri, 14 Oct 2022 07:53:23 GMT
server
ATS
age
1
x-content-type-options
nosniff
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Accept-Encoding, User-Agent
content-type
application/javascript; charset=UTF-8
x-envoy-upstream-service-time
15
x-xss-protection
1; mode=block
x-request-id
3d7958b0-7206-4741-a969-0d11a2f430d5
b
geo.yahoo.com/ Frame 532B 		43 B
446 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.yahoo.com/b?t=xhkd7&9sdk8454
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=31536000
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
content-type
image/gif
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control
no-cache, no-store, private
x-envoy-upstream-service-time
1
content-length
43
collect
stats.g.doubleclick.net/j/ 		4 B
437 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-102456694-1&cid=92490124.1665734004&jid=2018333405&gjid=701170655&_gid=663937525.1665734004&_u=IEBAAEAAAAAAACAAI~&z=3636387
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 14 Oct 2022 07:53:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
-a5s-xpqOxO.js
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 380F 		160 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/-a5s-xpqOxO.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/V_wJ8EQu-vo.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5c1285a4ac2eadeaeb1861f7863adb0a97a0a601308d4247e7e81fd79fc611e8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
iNoBd4sMqv7uZxE7a8rNPg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
47814
x-fb-rlafr
0
x-fb-debug
SCX3plWbIvXLRy0YhSPScy63IGIxWyryVBGigMN3l//CHvr5IDU1+9sZuuN4jTYGIlSFSttq9K/z+P0GWE7t0A==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 13 Oct 2023 17:30:44 GMT
0iiVhQwJxVm.js
static.xx.fbcdn.net/rsrc.php/v3/y4/r/ Frame 380F 		369 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/0iiVhQwJxVm.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/V_wJ8EQu-vo.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a92379341fb4f1f929f52906cbed5f35bc474ad6e0dce7713768bc8d8c156af6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
xtCM50AYgTdsxWznXFe7ZQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
80390
x-fb-rlafr
0
x-fb-debug
dyKVxNqGSp4m13WhhM7S9PTlNiiaOG1GPyZTnt7E/YMoqSaD8r6qHh0z76ONr00KfX3O6lWhov+cLQgO3WSKGg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Tue, 03 Oct 2023 20:01:13 GMT
Sn-_BbYnlN4.js
static.xx.fbcdn.net/rsrc.php/v3/yK/r/ Frame 380F 		52 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/Sn-_BbYnlN4.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/V_wJ8EQu-vo.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
689061066181e2f80c455652eb892d5f2753f4efe880ac9b8924e305f1952f4c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
zI7TYFgzXoPKVi46GwXagg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
12883
x-fb-rlafr
0
x-fb-debug
JaA3YdnetZ2uwHWAlaLYzZ/YWzNChlZO4zGjMoaCrM/MTbkzYYqTxEAU+lLY+UoJldNnZL5jDPNYFbo7veFvxw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sat, 07 Oct 2023 18:58:23 GMT
ads.js
ad.holmesmind.com/adserver/ Frame 2E01 		2 KB
997 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FXV1QXD&n=143&o=1&d=1&b=2&ts=1&ii=3&FPCK=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&initver=210830P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.198.19.32 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-198-19-32.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
07ecc9f01b3d246e010f07853a87ab421327ef92c83b2e5c20d7861e8cf33159

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
access-control-allow-credentials
true
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame 2E01 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:00 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 09:25:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
34
etag
"6a605eea47197fa280f27aaf1fa1521d"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2773
x-amz-cf-id
-94QE7fef6ForuRnRc7mD2tELJxZRZV3BBbQRw17uZ6FgdNpXr1Bog==
appierV2.js
cdn.holmesmind.com/js/ Frame 2E01 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:46 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Thu, 11 Mar 2021 07:54:26 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
38
etag
"548ed610a8571343fb3022f543174735"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
3177
x-amz-cf-id
9qHlpGtCBaOQwQl-5w5kDiUocUwQ6z6juejKhe3-S7wj8_IlyOFa7g==
%E5%B0%81%E9%9D%A2%E5%9C%96%E8%A8%AD%E8%A8%88%EF%BC%9A%E4%B8%BB%E7%B6%B2%E4%B8%8A%E7%B7%9A%E5%9B%B0%E9%9B%A3%E9%87%8D%E9%87%8D%EF%BC%8CETHW%E8%B7%AF%E5%9C%A8%E4%BD%95%E6%96%B9%EF%BC%9F-2-750x375.jpg
www.rayskyinvest.com/wp-content/uploads/2022/10/ 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.rayskyinvest.com/wp-content/uploads/2022/10/%E5%B0%81%E9%9D%A2%E5%9C%96%E8%A8%AD%E8%A8%88%EF%BC%9A%E4%B8%BB%E7%B6%B2%E4%B8%8A%E7%B7%9A%E5%9B%B0%E9%9B%A3%E9%87%8D%E9%87%8D%EF%BC%8CETHW%E8%B7%AF%E5%9C%A8%E4%BD%95%E6%96%B9%EF%BC%9F-2-750x375.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.242.224.42 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
42.224.242.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
0f1a89ef64a5d0ffe85da9182cf068683678f5a37aebf6fad9a638ec73a98d50

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Fri, 14 Oct 2022 07:53:24 GMT
expires
Sat, 14 Oct 2023 04:14:11 GMT
last-modified
Fri, 14 Oct 2022 03:12:05 GMT
server
nginx
etag
"6348d385-f3c5"
content-type
image/jpeg
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
accept-ranges
bytes
content-length
62405
x-cdn-c
static
x-sg-cdn
1
2022101401410863.jpg
img.racingcharger.tw/wp-content/uploads/ 		434 KB
435 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.racingcharger.tw/wp-content/uploads/2022101401410863.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3767d3fcc403ab0f4d4fffbe0ab115077b2416dc640c25e6e4751550a9dae2df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
cf-cache-status
HIT
last-modified
Fri, 14 Oct 2022 01:41:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
13320
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f5tvT%2Bo1GmZrCEVqjXkAGMm0XFC8dLB2U07ObSj0hpdrNZZLGrBipnfmbK9upxGdR%2BvnHb5sytoTa15c1Skvl%2FeiUsLSNVssDV5bv6DiKpUfbtsOivyR1l6uBQg7bt2Onv8r0KAHy41dBzwpR6oElqqsRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=28800
accept-ranges
bytes
cf-ray
759ebdb75fd19c06-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
444138
2022-%E5%9B%9B%E5%A4%A7%E8%B6%85%E5%95%86%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2022/01/ 		57 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://creditcards.com.tw/wp-content/uploads/2022/01/2022-%E5%9B%9B%E5%A4%A7%E8%B6%85%E5%95%86%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg?crop=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.135 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
00629ef727c6c2f00185d9f431d757ffe961a78ec9296f04bde3245b0e56ecf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-ac
2.hhn _atomic_ams BYPASS
content-length
58804
x-nc
HIT bur 1
last-modified
Thu, 03 Feb 2022 15:18:40 GMT
server
nginx
etag
"94c8191a1b717f18"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
expires
Sun, 04 Feb 2024 03:18:40 GMT
The_Talented_Music_Producer_Kurt_Hugo_Schneider_Produced_An_Optical.jpg
mma.prnasia.com/media2/1905779/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mma.prnasia.com/media2/1905779/The_Talented_Music_Producer_Kurt_Hugo_Schneider_Produced_An_Optical.jpg?p=medium600
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:fd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
b558b7f14e7021dc92bb4995333c9c19fa03f01d9ae12876e2d7a52d9153b22e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
cf-cache-status
HIT
age
59312
x-powered-by
ASP.NET
server-timing
intid;desc=24ffd547ce267bfd
content-length
30713
cf-bgj
h2pri
last-modified
Thu, 13 Oct 2022 15:24:09 GMT
server
cloudflare
vary
*, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
759ebdb65b4c9b7c-FRA
access-control-allow-headers
Content-Type
expires
Thu, 13 Oct 2022 15:24:10 GMT
1665662422-5d6f69640e71e67481817b09e6e8792e-840x525.jpg
img.gbyhn.com.tw/2022/10/ 		99 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.gbyhn.com.tw/2022/10/1665662422-5d6f69640e71e67481817b09e6e8792e-840x525.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5de9039d18b59423c307972d26de6d415ef3c9fef1b16ff18a2c7503107b31bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
71391
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
101419
last-modified
Thu, 13 Oct 2022 12:00:22 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2F1UcW4RTfmxZrYPH2J33Q8Nx7lSxJx2udRqNXYL%2FOQ45TSOhuYR3Tf8UWv7PAcnCgZJTOOyug31wntg9%2BzoghAsiBar4P00SyW5C1DEBdtzsnz1A0WiL%2FTzKP6yJmISaqa0wVhEDumYYr7YUgOd"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
759ebdb659ccbb89-FRA
expires
Thu, 20 Oct 2022 12:01:43 GMT
file.png
static.wixstatic.com/media/08c74d_e8861568593b4c8485dd592e1ec6aa4e~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.wixstatic.com/media/08c74d_e8861568593b4c8485dd592e1ec6aa4e~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/file.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
23b56d8e72e99dcdb222d8a27949b10a2c4c9cefdfd6eed21373f10b62599183

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 12:39:19 GMT
via
1.1 google
server
openresty/1.21.4.1
age
155645
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000, immutable
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1466146
wix-tracer
2G2Eci3shKzbmnLID36KJ8pOxsr
x-seen-by
image-manipulator-5cdc794f79-js9lk
img_9445-scaled.jpg
i0.wp.com/golike.tw/wp-content/uploads/2022/09/ 		359 KB
360 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/golike.tw/wp-content/uploads/2022/09/img_9445-scaled.jpg?fit=2560%2C1920&ssl=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
ebc9d9a64fe0dcc52fe330bb52ea9701a4cf717dbd18b4e6f4e736fe5e45f872
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Fri, 14 Oct 2022 07:53:24 GMT
x-content-type-options
nosniff
last-modified
Mon, 10 Oct 2022 10:59:25 GMT
server
nginx
etag
"c136af34ba1d9617"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://golike.tw/wp-content/uploads/2022/09/img_9445-scaled.jpg>; rel="canonical"
content-length
367546
expires
Wed, 09 Oct 2024 22:59:25 GMT
%E4%BF%A1%E7%94%A8%E8%B2%B8%E6%AC%BE%E5%8F%AF%E4%BB%A5%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E5%97%8E%EF%BC%9F%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E7%AB%9F%E7%84%B6%E8%A6%81%E4%BB%98%E9%81%95%E7%B4%8...
blog.alphaloan.co/wp-content/uploads/2022/10/ 		133 KB
133 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.alphaloan.co/wp-content/uploads/2022/10/%E4%BF%A1%E7%94%A8%E8%B2%B8%E6%AC%BE%E5%8F%AF%E4%BB%A5%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E5%97%8E%EF%BC%9F%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E7%AB%9F%E7%84%B6%E8%A6%81%E4%BB%98%E9%81%95%E7%B4%84%E9%87%91%EF%BC%9F%E5%85%8D%E4%BB%98%E9%81%95%E7%B4%84%E9%87%91%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E6%96%B9%E5%BC%8F%E5%A4%A7%E5%85%AC%E9%96%8B%EF%BC%81.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.187 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
b3105908d85e5136b409669ee0615fcd3b289a8cef67dc3e2fd77fe7481775e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams BYPASS
last-modified
Mon, 03 Oct 2022 04:45:24 GMT
server
nginx
etag
"633a68e4-213ff"
access-control-allow-methods
GET, HEAD
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-length
136191
expires
Fri, 21 Oct 2022 07:53:24 GMT
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame C26A 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:24 GMT
access-control-allow-credentials
true
vary
Origin
access-control-max-age
3600
access-control-allow-methods
POST
bid
ad2.apx.appier.net/v1/prebid/ Frame C26A
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=TT3aD-mDCJSc9-0vdRVJYw
2 B
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=TT3aD-mDCJSc9-0vdRVJYw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Server
34.96.119.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.119.96.34.bc.googleusercontent.com
Software
nginx/1.19.0 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
via
1.1 google
server
nginx/1.19.0
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-store
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2

Redirect headers

date
Fri, 14 Oct 2022 07:53:25 GMT
server
nginx
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
null
location
https://ad2.apx.appier.net/v1/prebid/bid?acid=TT3aD-mDCJSc9-0vdRVJYw
cache-control
no-store
access-control-allow-credentials
true
content-length
0
bid
ad2.apx.appier.net/v1/prebid/ Frame C26A
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=PV1hLwwdAlqJPz9FdRVJYw
2 B
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=PV1hLwwdAlqJPz9FdRVJYw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Server
34.96.119.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.119.96.34.bc.googleusercontent.com
Software
nginx/1.19.0 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
via
1.1 google
server
nginx/1.19.0
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-store
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2

Redirect headers

date
Fri, 14 Oct 2022 07:53:25 GMT
server
nginx
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
null
location
https://ad2.apx.appier.net/v1/prebid/bid?acid=PV1hLwwdAlqJPz9FdRVJYw
cache-control
no-store
access-control-allow-credentials
true
content-length
0
prebid.aspx
prebid.scupio.com/recweb/ Frame C26A 		0
27 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.30488211784069374
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html
access-control-allow-origin
https://reurl.cc
cache-control
private
access-control-allow-credentials
true
prebid.aspx
prebid.scupio.com/recweb/ Frame C26A 		0
27 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.4508307144304804
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html
access-control-allow-origin
https://reurl.cc
cache-control
private
access-control-allow-credentials
true
currency.json
img.scupio.com/js/config/ Frame E566 		108 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/js/config/currency.json
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
dafd0e1a677a84abf3626d7123b1bcdf332d233f8be42b22577ac2383b095d4b

Request headers

Referer
https://img.scupio.com/html/ad.html?v=1.0.65
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 14 Oct 2022 07:50:16 GMT
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
last-modified
Thu, 13 Oct 2022 19:15:05 GMT
server
nginx/1.12.1
x-amz-cf-pop
TXL50-P4
age
254
etag
"634863b9-6c"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/json
cache-control
max-age=10800
accept-ranges
bytes
content-length
108
x-amz-cf-id
dxGlacqEyaTuSfaWM-6KtAWp0dcuDEynA7nIHYKnb4SWSmJDwX1FoQ==
expires
Fri, 14 Oct 2022 10:49:10 GMT
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=92490124.1665734004&jid=2018333405&_u=IEBAAEAAAAAAACAAI~&z=1567442408
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:24 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=92490124.1665734004&jid=2018333405&_u=IEBAAEAAAAAAACAAI~&z=1567442408
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:24 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
currency.json
img.scupio.com/js/config/ Frame 9F4F 		108 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/js/config/currency.json
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
dafd0e1a677a84abf3626d7123b1bcdf332d233f8be42b22577ac2383b095d4b

Request headers

Referer
https://img.scupio.com/html/ad.html?v=1.0.65
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 14 Oct 2022 07:50:16 GMT
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
last-modified
Thu, 13 Oct 2022 19:15:05 GMT
server
nginx/1.12.1
x-amz-cf-pop
TXL50-P4
age
254
etag
"634863b9-6c"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/json
cache-control
max-age=10800
accept-ranges
bytes
content-length
108
x-amz-cf-id
bvoCjJ8TvKK2zG0RHCPCLhUosDw0mmnq6mIgObf773Etr7INGpdIzg==
expires
Fri, 14 Oct 2022 10:49:10 GMT
cdb
bidder.criteo.com/ Frame C26A 		177 B
424 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=131&profileId=184&cb=6645137365
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
6fd5f1ad91ed2dfe6a83a80780e253f1bd116c716e6b3b6bb1d40fb13b864fcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
161
cdb
bidder.criteo.com/ Frame C26A 		177 B
426 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=131&profileId=184&cb=63081774304
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
67dae2684dbedae6cf0b115921d3fcc5a80dcc7bf784165b3f505642d319d19c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
164
prebid.json
ad.holmesmind.com/adserver/ Frame E566 		0
218 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/prebid.json?cb=1665734004154&hb=1&ver=1.21
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.198.19.32 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-198-19-32.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://img.scupio.com
date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
access-control-allow-credentials
true
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cdb
bidder.criteo.com/ Frame E566 		0
215 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=1834810904
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
access-control-allow-origin
https://img.scupio.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
prebid.aspx
prebid.scupio.com/recweb/ Frame E566 		0
27 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.36411077680811843
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html
access-control-allow-origin
https://img.scupio.com
cache-control
private
access-control-allow-credentials
true
header
hb.aralego.com/ Frame E566 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&pubcid=4839cb43-ed4e-4977-9810-5396a1548fa1&u=https%3A%2F%2Freurl.cc%2FXV1QXD&host=reurl.cc&xr=0&ao=https%3A%2F%2Freurl.cc&ucfUid=91ce24ae-97d9-4d75-9439-52f81e3a9242&w=300&h=250
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://img.scupio.com
date
Fri, 14 Oct 2022 07:53:24 GMT
access-control-allow-credentials
true
connection
close
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame E566 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://img.scupio.com
date
Fri, 14 Oct 2022 07:53:24 GMT
access-control-allow-credentials
true
vary
Origin
access-control-max-age
3600
access-control-allow-methods
POST
landing.php
fp.holmesmind.com/ Frame B369 		0
249 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
39.219.117.34.bc.googleusercontent.com
Software
nginx/1.20.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
x-requested-with,content-type
access-control-allow-methods
*
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:24 GMT
server
nginx/1.20.0
vary
Accept-Encoding
via
1.1 google
utag.js
t.ssp.hinet.net/ Frame C26A 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=0
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 06:51:32 GMT
server
nginx
etag
W/"62de3d74-134a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
expires
Fri, 14 Oct 2022 08:03:24 GMT
header
hb.aralego.com/ Frame 9F4F 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&pubcid=4839cb43-ed4e-4977-9810-5396a1548fa1&u=https%3A%2F%2Freurl.cc%2FXV1QXD&host=reurl.cc&xr=0&ao=https%3A%2F%2Freurl.cc&ucfUid=b4811b09-df6c-4a96-9201-e75b675163a0&w=970&h=250
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://img.scupio.com
date
Fri, 14 Oct 2022 07:53:24 GMT
access-control-allow-credentials
true
connection
close
prebid.json
ad.holmesmind.com/adserver/ Frame 9F4F 		0
219 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/prebid.json?cb=1665734004193&hb=1&ver=1.21
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.198.19.32 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-198-19-32.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://img.scupio.com
date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
access-control-allow-credentials
true
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame 9F4F 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://img.scupio.com
date
Fri, 14 Oct 2022 07:53:24 GMT
access-control-allow-credentials
true
vary
Origin
access-control-max-age
3600
access-control-allow-methods
POST
cdb
bidder.criteo.com/ Frame 9F4F 		0
215 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=10215883866
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
access-control-allow-origin
https://img.scupio.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
prebid.aspx
prebid.scupio.com/recweb/ Frame 9F4F 		0
44 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.6746606655533527
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html
access-control-allow-origin
https://img.scupio.com
cache-control
private
access-control-allow-credentials
true
/
www.facebook.com/pages/call_to_action/fetch_dialog_data/ Frame 380F 		907 B
556 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/pages/call_to_action/fetch_dialog_data/?id=136500184423162&surface=pagePlugin&unit_type=VIEWER
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/yx/l/de_DE/I52F_owkvX4.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c2d3f1333439c3aa23b5a3686e29b95766e4f178c70ad59816c77199113d2365
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

X-FB-LSD
1YijcChI5xSnGozOZZfrKG
Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 14 Oct 2022 07:53:24 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
ehsE4pPpCHQ/114pYcxxRg4drqjWD2GucsLjBQBeDIKMW2+pDmGLP4s0hotG8hJ/ruv7gm4Az2dUxiDqZVveVg==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
access-control-allow-methods
OPTIONS
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin, Accept-Encoding
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/platform/plugin/tab/renderer/ Frame 380F 		0
0
/
www.facebook.com/platform/plugin/page/logging/ Frame 380F 		907 B
552 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/platform/plugin/page/logging/
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/yx/l/de_DE/I52F_owkvX4.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
623d25e073df23fdc8130c27559c326e090bd8f5a95131be55a1bec463411b3d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

X-FB-LSD
1YijcChI5xSnGozOZZfrKG
Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 14 Oct 2022 07:53:24 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
AlNrgr7nKswFsdt0LpJfwzitfde4vek3My3DeYB3NVDwRLW/6zBBYoEBNQHd8pP3qJC2xYWa0XvwgQ/SyCALRg==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
access-control-allow-methods
OPTIONS
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin, Accept-Encoding
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
landing.php
fp.holmesmind.com/ Frame 6211 		0
82 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
39.219.117.34.bc.googleusercontent.com
Software
nginx/1.20.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
x-requested-with,content-type
access-control-allow-methods
*
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:24 GMT
server
nginx/1.20.0
vary
Accept-Encoding
via
1.1 google
utag.js
t.ssp.hinet.net/ Frame 2E01 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=0
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 06:51:32 GMT
server
nginx
etag
W/"62de3d74-134a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
expires
Fri, 14 Oct 2022 08:03:24 GMT
ksSG7BCGzVy.png
static.xx.fbcdn.net/rsrc.php/v3/y0/r/ Frame 380F 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/ksSG7BCGzVy.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yQ/l/0,cross/uNC9cVrg9ND.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
55e8c619d20bc3f1a22efd0fec83dba0d8bd9e898f0d5847eaff094f0887fad3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yQ/l/0,cross/uNC9cVrg9ND.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
x-content-type-options
nosniff
content-md5
uyn8DKg02tdFYyt7qV6IBg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
12111
x-fb-rlafr
0
x-fb-debug
sUPEE+rlfebhAiJ9uaVh9h1TaDxgAwdJZf5676yj2GO4qxOi78tV2GoDmyv6kp4zP/84cT1JvM5JkmoODwUG8g==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sun, 01 Oct 2023 03:51:41 GMT
xgVgalBG80z.png
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ Frame 380F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/xgVgalBG80z.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/Jhpam8SKQ3I.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/Jhpam8SKQ3I.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
x-content-type-options
nosniff
content-md5
rB4cTW8WNZcBsFntToJGtA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1315
x-fb-rlafr
0
x-fb-debug
2VoW4Jyyauh4PRXwJ536tFM6R5jLwYue8G6X+tj0Nd48/7NHVpXSL+2VP1FOY2LtXRSBQOq21VE94lIzUYYfAQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 04 Oct 2023 00:39:46 GMT
OZcLupMIkEN.js
static.xx.fbcdn.net/rsrc.php/v3/ya/r/ Frame 380F 		279 B
243 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ya/r/OZcLupMIkEN.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/V_wJ8EQu-vo.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
16089cad50034af52ebca1e2e7c310f76b4b6f625b89ad07d5b59ff377f332b0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
QusOzUJEj2HVYgmawONobw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
189
x-fb-rlafr
0
x-fb-debug
zxGw8Lh4DvPFpqnRUAei3PxuPAxDgSgpxCet9/W66VM7VhgWvge7uThtldZTOyw3+I2/WM+JwGbrXv4k4DJIMw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 12 Oct 2023 21:44:33 GMT
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame 2E01 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:24 GMT
access-control-allow-credentials
true
vary
Origin
access-control-max-age
3600
access-control-allow-methods
POST
events
bidder.criteo.com/csm/ Frame C26A 		0
209 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
events
bidder.criteo.com/csm/ Frame C26A 		0
209 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:23 GMT
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
ads.js
ad.holmesmind.com/adserver/ Frame A472 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FXV1QXD&n=445&o=1&d=1&b=2&ts=1&ii=3&FPCK=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&initver=210830P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.198.19.32 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-198-19-32.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
746ab55a875f8e4e34db4d32fa6430a9a7d0cfa08627feeae621ac83fc895b5f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
access-control-allow-credentials
true
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame A472 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:00 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 09:25:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
34
etag
"6a605eea47197fa280f27aaf1fa1521d"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2773
x-amz-cf-id
AkiVD4M4vTbKhQUhDRHuyhQlvePPVRxELjCT5MOEgMm02J2sxmBVFg==
publishertag.js
static.criteo.net/js/ld/ Frame A472 		121 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
119e37f6f9552a67b6f761070add78e7f93db654027478a7c51e9e34f955b841
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Sat, 01 Oct 2022 02:55:29 GMT
server
nginx
etag
W/"6337ac21-1e358"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Oct 2022 07:53:24 GMT
criteoV2.js
cdn.holmesmind.com/js/ Frame A472 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:47 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 09:25:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
38
etag
"e8f33fcb581483ced4a09b3c8e7550e4"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2443
x-amz-cf-id
q7G6alnipUPOzPivP835cTH62v5gkRslUyVr5farwK1m_4w6GGKSsg==
bridgewellV3.js
cdn.holmesmind.com/js/ Frame A472 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:24 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 20 Apr 2021 06:25:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
13
etag
"c3b948e5a48dd0ec20c265d6d8da7add"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
4530
x-amz-cf-id
lia14CMjBxSAV6OkEsiJ3L6St2E7MERQJIsmL44NGH5psxsrwbmoNw==
appierV2.js
cdn.holmesmind.com/js/ Frame A472 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:46 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Thu, 11 Mar 2021 07:54:26 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
38
etag
"548ed610a8571343fb3022f543174735"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
3177
x-amz-cf-id
RF6r9pM3pZ8aa0cpoyYHFNASqZZmGcgpRo7RFTmh0ESFfhKkyJFFog==
appier_mainV3.js
cdn.holmesmind.com/js/ Frame A472 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
13d69b634ceeee6647713a2568ba53d7f956abaf734f3cfad0ad1e35d1e988c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
fIQgLpkPc8Xa6hWRKpG2InO.92XkfeB1
date
Fri, 14 Oct 2022 07:53:02 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Wed, 12 Oct 2022 08:48:47 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
23
etag
"945b888de0f0e51f6997f84814931271"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
5760
x-amz-cf-id
cVBPzsrKuvSsQNnexoTIzTuKXACUGr3MVPUU3C_sF07AcCfBuoYsqw==
/
www.facebook.com/login/ Frame 380F 		0
0
/
www.facebook.com/login/ Frame 380F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FCreditCards.com.tw%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/V_wJ8EQu-vo.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 14 Oct 2022 07:53:24 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=0
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
U8oXAnbPwDqzO9lO+gdStdsnV8Lx2lt/Kbof4aqBOtyK6NbWCDnYcbZeln6DqipXd1fE/SkJjEU/xNqUDSqN4A==
x-frame-options
DENY
x-xss-protection
0
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame A472 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:24 GMT
access-control-allow-credentials
true
vary
Origin
access-control-max-age
3600
access-control-allow-methods
POST
prebid.aspx
prebid.scupio.com/recweb/ Frame A472 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.44406718845340465
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html
access-control-allow-origin
https://reurl.cc
cache-control
private
access-control-allow-credentials
true
bid
ad2.apx.appier.net/v1/prebid/ Frame A472
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=a7_3DPTbC9KbkGZXdRVJYw
2 B
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=a7_3DPTbC9KbkGZXdRVJYw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Server
34.96.119.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.119.96.34.bc.googleusercontent.com
Software
nginx/1.19.0 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
via
1.1 google
server
nginx/1.19.0
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-store
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2

Redirect headers

date
Fri, 14 Oct 2022 07:53:25 GMT
server
nginx
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
null
location
https://ad2.apx.appier.net/v1/prebid/bid?acid=a7_3DPTbC9KbkGZXdRVJYw
cache-control
no-store
access-control-allow-credentials
true
content-length
0
bid
ad2.apx.appier.net/v1/prebid/ Frame A472
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
2 B
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Server
34.96.119.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.119.96.34.bc.googleusercontent.com
Software
nginx/1.19.0 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
via
1.1 google
server
nginx/1.19.0
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-store
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2

Redirect headers

date
Fri, 14 Oct 2022 07:53:25 GMT
server
nginx
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
null
location
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
cache-control
no-store
access-control-allow-credentials
true
content-length
0
cdb
bidder.criteo.com/ Frame A472 		177 B
425 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=131&profileId=184&cb=99189841782
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
87ffe9ac50246b7a299ed65e71c4167243b9e7f0933b2cad262123efa24d455c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
163
events
bidder.criteo.com/csm/ Frame A472 		0
209 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
/
t.ssp.hinet.net/ 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
dd3f6ab528dc9fb96dd0943f7a833a94635b1c7c2debf76b58f55889fb64cef7
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
/
t.ssp.hinet.net/ Frame 4B45 		37 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
467c464a42f9126ed31ec784971e7766dee09d3d5912f8ea6f4fc898f8ab46a5
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://cdn.holmesmind.com
cache-control
no-cache, private
access-control-allow-credentials
true
/
t.ssp.hinet.net/ Frame C26A 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
02d63bd1339edd6bc06d1be33745c7d17a81608ff8ccb255edff068a597a4940
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
/
t.ssp.hinet.net/ Frame 2E01 		37 B
399 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73613838fa8df8e94256e1dd186120754a11e1ae1f810ee2a79d8e6b1ea6cd0f
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
landing.php
fp.holmesmind.com/ Frame 02B0 		0
37 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
39.219.117.34.bc.googleusercontent.com
Software
nginx/1.20.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
x-requested-with,content-type
access-control-allow-methods
*
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:24 GMT
server
nginx/1.20.0
vary
Accept-Encoding
via
1.1 google
utag.js
t.ssp.hinet.net/ Frame A472 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
strict-transport-security
max-age=0
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 06:51:32 GMT
server
nginx
etag
W/"62de3d74-134a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
expires
Fri, 14 Oct 2022 08:03:24 GMT
drawV2.js
cdn.holmesmind.com/js/ Frame 2E01 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FXV1QXD&n=143&o=1&d=1&b=2&ts=1&ii=3&FPCK=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&initver=210830P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:01 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 16 Oct 2020 09:58:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
37
etag
"84d8b1a745228113e60f5e62f0eff6d3"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
10359
x-amz-cf-id
EVz7ao0hSLoVI206LENepCiImwXzgrAesMsLaPsJEZfo3dqbgpGLRA==
emome2
t.ssp.hinet.net/ 		30 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=55835511-1955-4308-bc3a-ce1d9b0dfa99
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
emome2
t.ssp.hinet.net/ Frame 4B45 		30 B
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=c757bc5d-2de1-4a0e-88e5-c8b5d5017659
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://cdn.holmesmind.com
cache-control
no-cache, private
access-control-allow-credentials
true
emome2
t.ssp.hinet.net/ Frame C26A 		30 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=55835511-1955-4308-bc3a-ce1d9b0dfa99
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
emome2
t.ssp.hinet.net/ Frame 2E01 		30 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=55835511-1955-4308-bc3a-ce1d9b0dfa99
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
/
t.ssp.hinet.net/ Frame A472 		36 B
398 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7f41d233dc6a0837b8ddf926f097dd87563946a531b9fb82d036831cefc69119
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
adsbyscupio.js
img.scupio.com/js/ Frame CCD0 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/js/adsbyscupio.js?v=1.0.2
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
d7fc505653c3573f9bccca93a33e2ed14bd8b4586bdeca9180225dab01f1bbbe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:51:05 GMT
content-encoding
gzip
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
last-modified
Mon, 19 Apr 2021 03:30:31 GMT
server
nginx/1.12.1
x-amz-cf-pop
TXL50-P4
age
237
etag
W/"607cf957-11ab"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=10800
x-amz-cf-id
571Q1vj5cByt-7o4H6gqUhdYaF_2CSTBrMFp18wfiO2rQ4PCqhwVVw==
expires
Fri, 14 Oct 2022 10:49:28 GMT
bidinfo.aspx
bw.scupio.com/adpinline/ Frame E566 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bw.scupio.com/adpinline/bidinfo.aspx?cb=0.10948436054088884
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
210.59.219.180 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
714186f630a576d49cd511f5b369e52a89f81c1994ecc670825f0432ced4d569

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Fri, 14 Oct 2022 07:53:25 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
P3P
CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin
https://img.scupio.com
Content-Type
application/javascript; charset=utf-8
Cache-Control
private
Access-Control-Allow-Credentials
true
Content-Length
1480
truncated
/ Frame E566 		762 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ce81ecccefb27ce0f347ef564114da2ba450a9e1d9a7260b4597e62b1f71a72

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
drawV2.js
cdn.holmesmind.com/js/ Frame A472 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FXV1QXD&n=445&o=1&d=1&b=2&ts=1&ii=3&FPCK=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&initver=210830P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:01 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 16 Oct 2020 09:58:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
38
etag
"84d8b1a745228113e60f5e62f0eff6d3"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
10359
x-amz-cf-id
MQ66iGxbFo9vnXzx0-_b-4iBrbT17dSK2R705TXVlSlI90aejFpKxQ==
adsbyscupio.js
img.scupio.com/js/ Frame F09B 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/js/adsbyscupio.js?v=1.0.2
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
d7fc505653c3573f9bccca93a33e2ed14bd8b4586bdeca9180225dab01f1bbbe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:51:05 GMT
content-encoding
gzip
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
last-modified
Mon, 19 Apr 2021 03:30:31 GMT
server
nginx/1.12.1
x-amz-cf-pop
TXL50-P4
age
237
etag
W/"607cf957-11ab"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=10800
x-amz-cf-id
Su2YpVZN3XxLj91TwV17gfJa9NdzqXKUOwZJPWaKEZnygfpUKNFIQw==
expires
Fri, 14 Oct 2022 10:49:28 GMT
bidinfo.aspx
bw.scupio.com/adpinline/ Frame 9F4F 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bw.scupio.com/adpinline/bidinfo.aspx?cb=0.3842969372781382
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
210.59.219.180 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
b08fa3ef437100da224ddf7a33bb12f70a3b9dd0aa819f588fe2d115d37822ff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://img.scupio.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Fri, 14 Oct 2022 07:53:25 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
P3P
CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin
https://img.scupio.com
Content-Type
application/javascript; charset=utf-8
Cache-Control
private
Access-Control-Allow-Credentials
true
Content-Length
1612
truncated
/ Frame 9F4F 		762 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ce81ecccefb27ce0f347ef564114da2ba450a9e1d9a7260b4597e62b1f71a72

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
300x250.jpg
img.scupio.com/img/padding/ Frame CCD0 		56 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.scupio.com/img/padding/300x250.jpg
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
5e0c4b65a9aa656ce5484dee823c78de192e6b3fd64eab5317713ff31325c89c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:02:34 GMT
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
last-modified
Mon, 19 Apr 2021 03:31:40 GMT
server
nginx/1.12.1
x-amz-cf-pop
TXL50-P4
age
3186
etag
"607cf99c-e1ff"
vary
Origin
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
57855
x-amz-cf-id
oUHu05cX-LYw3Rl-p_ca3mXoNFlQajkCjVtao0Kp77W20G3kCMLGAQ==
expires
Sat, 14 Oct 2023 07:00:19 GMT
970x250.jpg
img.scupio.com/img/padding/ Frame F09B 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.scupio.com/img/padding/970x250.jpg
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
1219005b1ac715570be263a42b98d63280456e8fc7fcdfdf704536cfe5f9e9b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:48:45 GMT
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
last-modified
Mon, 19 Apr 2021 03:31:40 GMT
server
nginx/1.12.1
x-amz-cf-pop
TXL50-P4
age
280
etag
"607cf99c-b9b9"
vary
Origin
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
47545
x-amz-cf-id
DxxPl5fmVIVXgBXn4ytA_9yYvQdz3TCQh0fti6UyydPbvjWafWwpSA==
expires
Sat, 14 Oct 2023 07:48:45 GMT
cm
t.ssp.hinet.net/ 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=55835511-1955-4308-bc3a-ce1d9b0dfa99
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
server
nginx
vary
Origin
content-type
image/png
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
pixel
55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net/ 		0
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net/pixel?bd=55835511-1955-4308-bc3a-ce1d9b0dfa99&t=a546ca&referrer=%25%25%20referrer%20%25%25
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
content-length
0
content-type
image/png
cm
t.ssp.hinet.net/ Frame C26A 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&mp=55835511-1955-4308-bc3a-ce1d9b0dfa99
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
server
nginx
vary
Origin
content-type
image/png
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
pixel
55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net/ Frame C26A 		0
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net/pixel?bd=55835511-1955-4308-bc3a-ce1d9b0dfa99&t=50ef57&referrer=https%3A%2F%2Freurl.cc
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
content-length
0
content-type
image/png
pixel
55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net/ Frame 2E01 		0
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net/pixel?bd=55835511-1955-4308-bc3a-ce1d9b0dfa99&t=50ef57&referrer=https%3A%2F%2Freurl.cc
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
content-length
0
content-type
image/png
cm
t.ssp.hinet.net/ Frame 2E01 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&mp=55835511-1955-4308-bc3a-ce1d9b0dfa99
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
server
nginx
vary
Origin
content-type
image/png
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
cm
t.ssp.hinet.net/ Frame A472 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&mp=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
server
nginx
vary
Origin
content-type
image/png
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
pixel
fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/ Frame A472 		0
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/pixel?bd=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8&t=50ef57&referrer=https%3A%2F%2Freurl.cc
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
content-length
0
content-type
image/png
init.js
cdn.holmesmind.com/js/ Frame 2675 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
date
Fri, 14 Oct 2022 07:52:57 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 04 Mar 2022 10:10:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
41
etag
"439e160b698f1ec2efb45c3b6cd6b265"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
6552
x-amz-cf-id
7y09iHxW6QbQ9atCK7hsYmmW_Z0Cz7qBvNatUDnMTMQcOFaLX9yjMQ==
capmapping.htm
cdn.holmesmind.com/js/ Frame E269 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
26
content-length
4730
content-type
text/html
date
Fri, 14 Oct 2022 07:52:59 GMT
etag
"c36f5eb091d6195fe8b68f3b263f999b"
last-modified
Mon, 22 Aug 2022 03:00:17 GMT
server
AmazonS3
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
x-amz-cf-id
8L9-u8pP2a6unpbRFP7yCKfBaBwKflEhmvo3UXLuW7IU8qW5WnViqw==
x-amz-cf-pop
FRA60-P2
x-amz-version-id
9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
x-cache
Hit from cloudfront
edmp_init.js
cdn.holmesmind.com/js/ Frame 2675 		662 B
1003 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/edmp_init.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:59 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 12 Mar 2021 02:45:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
40
etag
"f58f8a90686f8ffb3325107e8a788b71"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
662
x-amz-cf-id
4xBpaMXhdB9KTmqncjTDXh5Y3OIoBrPPbIuiBoP9jBXjEJl-nfalsw==
presetfn.js
cdn.holmesmind.com/js/ Frame 5AF3 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
date
Fri, 14 Oct 2022 07:53:23 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Mon, 22 Aug 2022 03:00:16 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
6
etag
"ddf163a3d8381378b3e35e39339ad7ab"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
9530
x-amz-cf-id
uDFzBSnccWbvgMfpvlSN2AKMmZgLLlK_RTe7ANZcrFrn4pt2IQ_w_Q==
cm.php
fcm.holmesmind.com/ Frame 55AF 		95 B
333 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fcm.holmesmind.com/cm.php
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.67.95.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
b73e6cb22f3ae22bcbe36217e226c082f813a2a8a7961644093d849bcbd30294

Request headers

Referer
https://cdn.holmesmind.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
86
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:25 GMT
server
Apache/2.4.29 (Ubuntu)
vary
Accept-Encoding
via
1.1 google
utag.js
t.ssp.hinet.net/ Frame E269 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 06:51:32 GMT
server
nginx
etag
W/"62de3d74-134a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
expires
Fri, 14 Oct 2022 08:03:25 GMT
cm
c.holmesmind.com/ Frame E269 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
via
1.1 google
server
nginx/1.10.3 (Ubuntu)
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=UTF-8
google
m.holmesmind.com/ml/ Frame E269
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_tc=
  • https://m.holmesmind.com/ml/google?cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_gid=CAESEJxKvnHOR-5VheyqcfTVNGk&google_cver=1
0
480 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.holmesmind.com/ml/google?cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_gid=CAESEJxKvnHOR-5VheyqcfTVNGk&google_cver=1
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Server
35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
156.249.227.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
x-guploader-uploadid
ADPycdu3PhfYxYJsJEcrW59r_HkfGQ2tENtRxvKFUkpxloa-lxgCcPJVWt8FchnBQfTQvMjeLmtj9ZnKfiTnRL-SDkvXWxc4wrrS
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
last-modified
Wed, 21 Feb 2018 07:36:41 GMT
server
UploadServer
etag
"d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation
1519198601160228
content-type
image/png
x-goog-hash
crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
cache-control
public, max-age=3600
x-goog-stored-content-length
0
accept-ranges
bytes
expires
Fri, 14 Oct 2022 08:53:26 GMT

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:25 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://m.holmesmind.com/ml/google?cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_gid=CAESEJxKvnHOR-5VheyqcfTVNGk&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
358
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Preset.js
adcdn.holmesmind.com/adserver/ Frame 5AF3 		1 KB
753 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adcdn.holmesmind.com/adserver/Preset.js?z=13857
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:9200:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
a7cac69ff4c7b905552b1915305ba548a87acdf6205efe6e5bd1eef0d4700793

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:49:22 GMT
content-encoding
gzip
via
1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
server
nginx/1.14.0 (Ubuntu)
x-amz-cf-pop
FRA60-P2
age
243
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
x-amz-cf-id
sa8iwgBLj3Vcs4CU43SWDT02QKg9QCDBd1bwSnLujm5Z6KpyRikSeQ==
ads.js
ad.holmesmind.com/adserver/ Frame 5AF3 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FXV1QXD&n=725&o=1&d=1&b=2&ts=1&ii=2&FPCK=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&initver=210830P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.198.19.32 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-198-19-32.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
0a5767e70bbd4245fad85adca3304b2eb994f960fbe148f0937a4ec399da371a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:25 GMT
content-encoding
gzip
access-control-allow-credentials
true
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame 5AF3 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:00 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 09:25:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
35
etag
"6a605eea47197fa280f27aaf1fa1521d"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2773
x-amz-cf-id
rdRpVSTybotZaxrVk6nsue3fSdaZkLL8238wBzzbFCKPx-fYt1ih5g==
publishertag.js
static.criteo.net/js/ld/ Frame 5AF3 		121 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
119e37f6f9552a67b6f761070add78e7f93db654027478a7c51e9e34f955b841
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Sat, 01 Oct 2022 02:55:29 GMT
server
nginx
etag
W/"6337ac21-1e358"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Oct 2022 07:53:25 GMT
criteoV2.js
cdn.holmesmind.com/js/ Frame 5AF3 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:47 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 09:25:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
39
etag
"e8f33fcb581483ced4a09b3c8e7550e4"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2443
x-amz-cf-id
5JdNE-dTxBNRuMENZQX5t9wJIYJM4g_GuTZFI5YrnT1cFMho2WFJlA==
bridgewellV3.js
cdn.holmesmind.com/js/ Frame 5AF3 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:24 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 20 Apr 2021 06:25:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
14
etag
"c3b948e5a48dd0ec20c265d6d8da7add"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
4530
x-amz-cf-id
ibgQWD0LiKbN5H-ofewaBsPIppnauoSb339u4nir2M7vFm8HZCPP8g==
appierV2.js
cdn.holmesmind.com/js/ Frame 5AF3 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:46 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Thu, 11 Mar 2021 07:54:26 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
39
etag
"548ed610a8571343fb3022f543174735"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
3177
x-amz-cf-id
8_v3kJHq4h66IvvV3IYV_45JHNcw4qdjFhs52toW3-X9pl1bngeJiQ==
appier_mainV3.js
cdn.holmesmind.com/js/ Frame 5AF3 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
13d69b634ceeee6647713a2568ba53d7f956abaf734f3cfad0ad1e35d1e988c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
fIQgLpkPc8Xa6hWRKpG2InO.92XkfeB1
date
Fri, 14 Oct 2022 07:53:02 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Wed, 12 Oct 2022 08:48:47 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
24
etag
"945b888de0f0e51f6997f84814931271"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
5760
x-amz-cf-id
XIu75jLiEm0glODaEXOTAwqn5EPgDdPYyMNcyOwOKKQaB3oVlICEKQ==
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame 5AF3 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:25 GMT
access-control-allow-credentials
true
vary
Origin
access-control-max-age
3600
access-control-allow-methods
POST
prebid.aspx
prebid.scupio.com/recweb/ Frame 5AF3 		0
27 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.16774794521677872
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:24 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html
access-control-allow-origin
https://reurl.cc
cache-control
private
access-control-allow-credentials
true
bid
ad2.apx.appier.net/v1/prebid/ Frame 5AF3
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
2 B
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Server
34.96.119.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.119.96.34.bc.googleusercontent.com
Software
nginx/1.19.0 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
via
1.1 google
server
nginx/1.19.0
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-store
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2

Redirect headers

date
Fri, 14 Oct 2022 07:53:25 GMT
server
nginx
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
null
location
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
cache-control
no-store
access-control-allow-credentials
true
content-length
0
bid
ad2.apx.appier.net/v1/prebid/ Frame 5AF3
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
2 B
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Server
34.96.119.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.119.96.34.bc.googleusercontent.com
Software
nginx/1.19.0 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
via
1.1 google
server
nginx/1.19.0
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-store
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2

Redirect headers

date
Fri, 14 Oct 2022 07:53:25 GMT
server
nginx
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
null
location
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
cache-control
no-store
access-control-allow-credentials
true
content-length
0
cdb
bidder.criteo.com/ Frame 5AF3 		177 B
425 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=131&profileId=184&cb=90145583966
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
858d1934ffce0f42b45b11d2e0635d8c684801a91e8af11a142f6831840b47a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
163
events
bidder.criteo.com/csm/ Frame 5AF3 		0
209 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
/
t.ssp.hinet.net/ Frame E269 		36 B
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7f41d233dc6a0837b8ddf926f097dd87563946a531b9fb82d036831cefc69119
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://cdn.holmesmind.com
cache-control
no-cache, private
access-control-allow-credentials
true
landing.php
fp.holmesmind.com/ Frame E4CC 		0
37 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
39.219.117.34.bc.googleusercontent.com
Software
nginx/1.20.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
x-requested-with,content-type
access-control-allow-methods
*
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:25 GMT
server
nginx/1.20.0
vary
Accept-Encoding
via
1.1 google
utag.js
t.ssp.hinet.net/ Frame 5AF3 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 06:51:32 GMT
server
nginx
etag
W/"62de3d74-134a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
expires
Fri, 14 Oct 2022 08:03:25 GMT
init.js
cdn.holmesmind.com/js/ Frame 412D 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
date
Fri, 14 Oct 2022 07:52:57 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 04 Mar 2022 10:10:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
41
etag
"439e160b698f1ec2efb45c3b6cd6b265"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
6552
x-amz-cf-id
Bxatp_9v5MUnNl1ySlFVpB39qX5CHdW7X8_XivCKnI4Aq9aPO6pU5g==
capmapping.htm
cdn.holmesmind.com/js/ Frame 01BF 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
26
content-length
4730
content-type
text/html
date
Fri, 14 Oct 2022 07:52:59 GMT
etag
"c36f5eb091d6195fe8b68f3b263f999b"
last-modified
Mon, 22 Aug 2022 03:00:17 GMT
server
AmazonS3
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
x-amz-cf-id
_fhVzvYVejQ9YZKtf2-juOYjaNbHCeRHY2RrauXY8XpNp-NMH0GLVw==
x-amz-cf-pop
FRA60-P2
x-amz-version-id
9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
x-cache
Hit from cloudfront
edmp_init.js
cdn.holmesmind.com/js/ Frame 412D 		662 B
1004 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/edmp_init.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:59 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 12 Mar 2021 02:45:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
40
etag
"f58f8a90686f8ffb3325107e8a788b71"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
662
x-amz-cf-id
QJSu0vCTNxSsHrDD49bTlRvQUQ6I-A-4JNdBZD9p6RByT4rw7aWoeQ==
presetfn.js
cdn.holmesmind.com/js/ Frame AAE8 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
date
Fri, 14 Oct 2022 07:53:23 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Mon, 22 Aug 2022 03:00:16 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
6
etag
"ddf163a3d8381378b3e35e39339ad7ab"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
9530
x-amz-cf-id
hSyfJ7iUpDvqvdGuC30nMqtfCM9rNkXuaR9p-b6w9L_RdhKV9y16bQ==
cm
c.holmesmind.com/ Frame 01BF 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
via
1.1 google
server
nginx/1.10.3 (Ubuntu)
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=UTF-8
utag.js
t.ssp.hinet.net/ Frame 01BF 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=0
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 06:51:32 GMT
server
nginx
etag
W/"62de3d74-134a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
expires
Fri, 14 Oct 2022 08:03:25 GMT
google
m.holmesmind.com/ml/ Frame 01BF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined
  • https://m.holmesmind.com/ml/google?cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_gid=CAESEJxKvnHOR-5VheyqcfTVNGk&google_cver=1
0
142 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.holmesmind.com/ml/google?cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_gid=CAESEJxKvnHOR-5VheyqcfTVNGk&google_cver=1
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Server
35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
156.249.227.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
x-guploader-uploadid
ADPycdstP6NhgGfg4qAcaqoZlRh1B1I4CX7Ovd7H4EAoCWaa6T7lIZuJn-eKx5-aoGXIVhh-0YGgzokxPPpRXEsKsS5LhfFM9tnw
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
last-modified
Wed, 21 Feb 2018 07:36:41 GMT
server
UploadServer
etag
"d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation
1519198601160228
content-type
image/png
x-goog-hash
crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
cache-control
public, max-age=3600
x-goog-stored-content-length
0
accept-ranges
bytes
expires
Fri, 14 Oct 2022 08:53:26 GMT

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:25 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://m.holmesmind.com/ml/google?cf_uid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&uu_m=undefined&google_gid=CAESEJxKvnHOR-5VheyqcfTVNGk&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
358
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Preset.js
adcdn.holmesmind.com/adserver/ Frame AAE8 		1 KB
746 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adcdn.holmesmind.com/adserver/Preset.js?z=13849
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:9200:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
a7cac69ff4c7b905552b1915305ba548a87acdf6205efe6e5bd1eef0d4700793

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
content-encoding
gzip
via
1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
server
nginx/1.14.0 (Ubuntu)
x-amz-cf-pop
FRA60-P2
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
x-amz-cf-id
xUjQzkaGh92r8bsVpUbBOYfa3bMRLDCt6TEn1fs8HPxAh3yvbK6xjw==
drawV2.js
cdn.holmesmind.com/js/ Frame 5AF3 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FXV1QXD&n=725&o=1&d=1&b=2&ts=1&ii=2&FPCK=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&initver=210830P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:01 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 16 Oct 2020 09:58:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
38
etag
"84d8b1a745228113e60f5e62f0eff6d3"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
10359
x-amz-cf-id
EhEolYPigHBfElrSHQiyKRnKs-YuiUid0B-INPjzOWQX_AccV4ms-g==
publishertag.prebid.117.js
static.criteo.net/js/ld/ Frame E566 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.117.js
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 29 Dec 2021 12:30:46 GMT
server
nginx
etag
W/"61cc54f6-15c19"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Oct 2022 07:53:25 GMT
publishertag.prebid.117.js
static.criteo.net/js/ld/ Frame 9F4F 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.117.js
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 29 Dec 2021 12:30:46 GMT
server
nginx
etag
W/"61cc54f6-15c19"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Oct 2022 07:53:25 GMT
syncframe
gum.criteo.com/ Frame 4581 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://img.scupio.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:25 GMT
server
Kestrel
server-processing-duration-in-ticks
657241
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
publishertag.prebid.js
static.criteo.net/js/ld/ Frame E566 		88 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
b39c934479cfe0991a6eea4f9a0597eebea9da311d8ca1aebffd48fef946b5b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Sat, 01 Oct 2022 02:55:29 GMT
server
nginx
etag
W/"6337ac21-161a8"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Oct 2022 07:53:25 GMT
syncframe
gum.criteo.com/ Frame 5E03 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://img.scupio.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:25 GMT
server
Kestrel
server-processing-duration-in-ticks
958553
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
publishertag.prebid.js
static.criteo.net/js/ld/ Frame 9F4F 		88 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
b39c934479cfe0991a6eea4f9a0597eebea9da311d8ca1aebffd48fef946b5b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Sat, 01 Oct 2022 02:55:29 GMT
server
nginx
etag
W/"6337ac21-161a8"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Oct 2022 07:53:25 GMT
emome2
t.ssp.hinet.net/ Frame E269 		30 B
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://cdn.holmesmind.com
cache-control
no-cache, private
access-control-allow-credentials
true
sid
mug.criteo.com/ Frame 4581
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=mpKqZnwvSUJZM2JuVS9qbDBvemlFUjE3YisxWmk5YlliUzZFNS9CTzUvY0hYVTM2OTgra20wRXhTOFY4WWJ1U2lSUFdpRXk0b0VMTnhWWFBFbnVOTE9vbXQ0a0hLUzRkOUw4NXgxQUFlbndnQXlrd3hveHhSYU9iYkNwdk...
438 B
669 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=mpKqZnwvSUJZM2JuVS9qbDBvemlFUjE3YisxWmk5YlliUzZFNS9CTzUvY0hYVTM2OTgra20wRXhTOFY4WWJ1U2lSUFdpRXk0b0VMTnhWWFBFbnVOTE9vbXQ0a0hLUzRkOUw4NXgxQUFlbndnQXlrd3hveHhSYU9iYkNwdkdxdzJNbDlwWTFNVmJybGFxdStHM2d4WDhhYjlISGZDWGhJTkJrVk5KSFpQM3hZeGVXQmFMU29IVUZRWEpoY3Z3bHkwUzhGZVp6U1krS2tpWS9Xa01CTzNNL3ZkWld6NlQrNlg4UjZWL05ORUZpNncvcEFENHB4QmRucElpd2lEbGZ4cEZJcjhSd3VuMnZDd2RTeXNJeTZGeENIUnFTdmpTUVFZQ1ozUEU1NlpUWERpWCtYWT18&cppv=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
8974670645ed17265b446f112b8eec566705a96cb8ae63824ed04f270e3a7379
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2380233
expires
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=mpKqZnwvSUJZM2JuVS9qbDBvemlFUjE3YisxWmk5YlliUzZFNS9CTzUvY0hYVTM2OTgra20wRXhTOFY4WWJ1U2lSUFdpRXk0b0VMTnhWWFBFbnVOTE9vbXQ0a0hLUzRkOUw4NXgxQUFlbndnQXlrd3hveHhSYU9iYkNwdkdxdzJNbDlwWTFNVmJybGFxdStHM2d4WDhhYjlISGZDWGhJTkJrVk5KSFpQM3hZeGVXQmFMU29IVUZRWEpoY3Z3bHkwUzhGZVp6U1krS2tpWS9Xa01CTzNNL3ZkWld6NlQrNlg4UjZWL05ORUZpNncvcEFENHB4QmRucElpd2lEbGZ4cEZJcjhSd3VuMnZDd2RTeXNJeTZGeENIUnFTdmpTUVFZQ1ozUEU1NlpUWERpWCtYWT18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
677313
content-length
0
expires
0
sid
mug.criteo.com/ Frame 5E03
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=i2JCXHxhQjNIWEpxRlI4Vko4ZjJhM3ZxdVVhOUtmL0U0OVRqSTJEcHdmaGdPWTdGcUVydjZPK2VUOXluaGpMY0tQY0xHM3AweWdCL1hMVDlVbkxtVlpVc3ZTdW5yWU5GbDVwTUlrVFpDTGV0N21qMzJ1RVR5R1FnTU1xMF...
433 B
656 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=i2JCXHxhQjNIWEpxRlI4Vko4ZjJhM3ZxdVVhOUtmL0U0OVRqSTJEcHdmaGdPWTdGcUVydjZPK2VUOXluaGpMY0tQY0xHM3AweWdCL1hMVDlVbkxtVlpVc3ZTdW5yWU5GbDVwTUlrVFpDTGV0N21qMzJ1RVR5R1FnTU1xMFhobkFNc3VvdFpET00xYmFRdy9LeEtFdEp1R08wKy9aNThMSEFjWm82YVk0Q0lGaThaZDZQcmdZNGhnaFZ2UUpSODYwTlYwMDVFVWdiYkdyR3N3djdIU21CRVNZbm0vYjBXWnNydmJ1VU5uNEx2SGNTOW1ZU05aUGNLVTRiZEQwcHhwYzB5V3VJTjVva3RET2paSCthUjF2N0dSV0hieHVaSmUybVRzaUQySHZ6RkU5RE5Ydz18&cppv=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
693a36dd17228f0d4bbac4980d6051bcc863179dce526c719509218913b37b5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2146614
expires
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=i2JCXHxhQjNIWEpxRlI4Vko4ZjJhM3ZxdVVhOUtmL0U0OVRqSTJEcHdmaGdPWTdGcUVydjZPK2VUOXluaGpMY0tQY0xHM3AweWdCL1hMVDlVbkxtVlpVc3ZTdW5yWU5GbDVwTUlrVFpDTGV0N21qMzJ1RVR5R1FnTU1xMFhobkFNc3VvdFpET00xYmFRdy9LeEtFdEp1R08wKy9aNThMSEFjWm82YVk0Q0lGaThaZDZQcmdZNGhnaFZ2UUpSODYwTlYwMDVFVWdiYkdyR3N3djdIU21CRVNZbm0vYjBXWnNydmJ1VU5uNEx2SGNTOW1ZU05aUGNLVTRiZEQwcHhwYzB5V3VJTjVva3RET2paSCthUjF2N0dSV0hieHVaSmUybVRzaUQySHZ6RkU5RE5Ydz18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
640646
content-length
0
expires
0
/
t.ssp.hinet.net/ Frame 01BF 		36 B
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7f41d233dc6a0837b8ddf926f097dd87563946a531b9fb82d036831cefc69119
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://cdn.holmesmind.com
cache-control
no-cache, private
access-control-allow-credentials
true
ls.html
img.scupio.com/html/ Frame A0F8 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/html/ls.html
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
204b096d37249d9125a8b3450e44a31773cb148dba50c88d1fd26a0b914216ce

Request headers

Referer
https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2435
cache-control
max-age=604800
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 14 Oct 2022 07:12:58 GMT
etag
W/"583295c9-4dc"
expires
Fri, 21 Oct 2022 07:12:51 GMT
last-modified
Mon, 21 Nov 2016 06:35:53 GMT
server
nginx/1.12.1
vary
Origin
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
x-amz-cf-id
aXAv8ryNdySOc4HR9wsm8TGlQ4WjG-NbbKOYG3TYy8b1Pw3a8qkwHg==
x-amz-cf-pop
TXL50-P4
x-cache
Hit from cloudfront
ggid.aspx
rec.scupio.com/recweb/ Frame FE07
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q01BMjAyMjEwMTQxNTUzMjY0NDg5NjA%3d&layout=js
  • https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
0
551 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
HTTP/1.1
Server
210.59.219.175 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 14 Oct 2022 07:53:26 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
text/javascript
P3P
CP=" NOI DSP COR CUR ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA "
Cache-Control
private
Content-Length
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:26 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame BC71
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
  • https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
281 B
424 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.203.77.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-77-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://img.scupio.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
233
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:26 GMT
etag
"40014-119-5d32342a551c0"
last-modified
Tue, 14 Dec 2021 23:07:59 GMT
server
Apache/2.2.15 (CentOS)
unused62
8096267
vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 14 Oct 2022 07:53:26 GMT
location
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
server
AkamaiGHost
/
www.facebook.com/tr/ Frame FE07 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1588263144793165&ev=ViewContent&dl=https%3A%2F%2Fimg.scupio.com%2Fhtml%2Fad.html%3Fv%3D1.0.65&rl=https%3A%2F%2Fimg.scupio.com%2Fhtml%2Fad.html%3Fv%3D1.0.65&if=true&ts=1665734006261&cd[SBST]=17&cd[PuID]=reurl
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 14 Oct 2022 07:53:26 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
priority
u=3,i
/
sync.aralego.com/idSync/ Frame FE07 		35 B
413 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CMA20221014155326448960
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
connection
close
content-length
35
content-type
image/gif
cm
t.ssp.hinet.net/ Frame E269 		0
194 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=cf&cid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&mp=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
vary
Origin
content-type
image/png
access-control-allow-origin
https://cdn.holmesmind.com
cache-control
no-cache, private
access-control-allow-credentials
true
pixel
fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/ Frame E269 		0
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/pixel?bd=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8&t=cf&referrer=https%3A%2F%2Freurl.cc
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
content-length
0
content-type
image/png
emome2
t.ssp.hinet.net/ Frame 01BF 		30 B
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://cdn.holmesmind.com
cache-control
no-cache, private
access-control-allow-credentials
true
ads.js
ad.holmesmind.com/adserver/ Frame AAE8 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=13849&rf=https%3A%2F%2Freurl.cc%2FXV1QXD&n=571&o=1&d=1&b=2&ts=1&ii=2&FPCK=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&initver=210830P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.198.19.32 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-198-19-32.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
acd9a410405e0ae8ddc02e68898bc72145b6c31b4118226bb7dc8e342faaa24d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:26 GMT
content-encoding
gzip
access-control-allow-credentials
true
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame AAE8 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:00 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 09:25:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
36
etag
"6a605eea47197fa280f27aaf1fa1521d"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2773
x-amz-cf-id
3Rf5OPnUeJ3XkM_R-eJnDcQ9HwfEKbCWG91yPReNXsM-mggM_ACD6g==
publishertag.js
static.criteo.net/js/ld/ Frame AAE8 		121 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
119e37f6f9552a67b6f761070add78e7f93db654027478a7c51e9e34f955b841
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Sat, 01 Oct 2022 02:55:29 GMT
server
nginx
etag
W/"6337ac21-1e358"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Oct 2022 07:53:26 GMT
criteoV2.js
cdn.holmesmind.com/js/ Frame AAE8 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:47 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 09:25:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
40
etag
"e8f33fcb581483ced4a09b3c8e7550e4"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2443
x-amz-cf-id
DW2qaHAdy4fqzjbCMYU3cmOcco_pDBJtyD01lWZM64pDf_XtyJdpig==
bridgewellV3.js
cdn.holmesmind.com/js/ Frame AAE8 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:24 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Tue, 20 Apr 2021 06:25:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
15
etag
"c3b948e5a48dd0ec20c265d6d8da7add"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
4530
x-amz-cf-id
QoKnp6_MpDwdsvT6LYcNeveODdQkyzV9zXE8OJ3rjRNsArytmtbEKg==
appierV2.js
cdn.holmesmind.com/js/ Frame AAE8 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:52:46 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Thu, 11 Mar 2021 07:54:26 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
40
etag
"548ed610a8571343fb3022f543174735"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
3177
x-amz-cf-id
X9C55PTpIlibitiTthFFz1tmpMn-SBCFTh17HsGUGkGOgWCzMRv5PQ==
appier_mainV3.js
cdn.holmesmind.com/js/ Frame AAE8 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
13d69b634ceeee6647713a2568ba53d7f956abaf734f3cfad0ad1e35d1e988c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
fIQgLpkPc8Xa6hWRKpG2InO.92XkfeB1
date
Fri, 14 Oct 2022 07:53:02 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Wed, 12 Oct 2022 08:48:47 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
25
etag
"945b888de0f0e51f6997f84814931271"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
5760
x-amz-cf-id
74eiUkosI6PMUU-jTCqzTqjJZfEZixJy-dyO3oSLAUzQs7GJcUpaxg==
ls.html
img.scupio.com/html/ Frame 6556 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://img.scupio.com/html/ls.html
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-38.txl50.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
204b096d37249d9125a8b3450e44a31773cb148dba50c88d1fd26a0b914216ce

Request headers

Referer
https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2435
cache-control
max-age=604800
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 14 Oct 2022 07:12:58 GMT
etag
W/"583295c9-4dc"
expires
Fri, 21 Oct 2022 07:12:51 GMT
last-modified
Mon, 21 Nov 2016 06:35:53 GMT
server
nginx/1.12.1
vary
Origin
via
1.1 8609604d3fb8e0a5c875f1c74d985668.cloudfront.net (CloudFront)
x-amz-cf-id
qDmMnDFmbWXPOZp_m6JaPqKur_8_HfX2MZY_ezDQ74kNjcdfViMudw==
x-amz-cf-pop
TXL50-P4
x-cache
Hit from cloudfront
ggid.aspx
rec.scupio.com/recweb/ Frame 0D9D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q0lBMjAyMjEwMTQxNTUzMjYzNzcwMjc%3d&layout=js
  • https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
0
551 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
HTTP/1.1
Server
210.59.219.175 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 14 Oct 2022 07:53:26 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
text/javascript
P3P
CP=" NOI DSP COR CUR ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA "
Cache-Control
private
Content-Length
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:26 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESECWfFc_eydVJEuOLFMAbwLE&google_cver=1&google_ula=3918219,0
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 51DE
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
  • https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
281 B
424 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.203.77.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-77-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://img.scupio.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
233
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:26 GMT
etag
"40014-119-5d32342a551c0"
last-modified
Tue, 14 Dec 2021 23:07:59 GMT
server
Apache/2.2.15 (CentOS)
unused62
8096267
vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 14 Oct 2022 07:53:26 GMT
location
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
server
AkamaiGHost
/
www.facebook.com/tr/ Frame 0D9D 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=588795092476391&ev=ViewContent&dl=https%3A%2F%2Fimg.scupio.com%2Fhtml%2Fad.html%3Fv%3D1.0.65&rl=https%3A%2F%2Fimg.scupio.com%2Fhtml%2Fad.html%3Fv%3D1.0.65&if=true&ts=1665734006324&cd[SBST]=17&cd[PuID]=reurl&ud[external_id]=3961e3d27307a984615e5053ce3f0deb416fea081c66dfdda6a28b02ae6639c0
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 14 Oct 2022 07:53:26 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
priority
u=3,i
/
sync.aralego.com/idSync/ Frame 0D9D 		35 B
413 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CIA20221014155326377027
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
connection
close
content-length
35
content-type
image/gif
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame AAE8 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://reurl.cc
date
Fri, 14 Oct 2022 07:53:26 GMT
access-control-allow-credentials
true
vary
Origin
access-control-max-age
3600
access-control-allow-methods
POST
prebid.aspx
prebid.scupio.com/recweb/ Frame AAE8 		0
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.48798831114314845
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html
access-control-allow-origin
https://reurl.cc
cache-control
private
access-control-allow-credentials
true
bid
ad2.apx.appier.net/v1/prebid/ Frame AAE8
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
2 B
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Server
34.96.119.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.119.96.34.bc.googleusercontent.com
Software
nginx/1.19.0 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
via
1.1 google
server
nginx/1.19.0
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-store
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2

Redirect headers

date
Fri, 14 Oct 2022 07:53:26 GMT
server
nginx
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
null
location
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
cache-control
no-store
access-control-allow-credentials
true
content-length
0
bid
ad2.apx.appier.net/v1/prebid/ Frame AAE8
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
2 B
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Server
34.96.119.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.119.96.34.bc.googleusercontent.com
Software
nginx/1.19.0 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
via
1.1 google
server
nginx/1.19.0
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-store
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2

Redirect headers

date
Fri, 14 Oct 2022 07:53:26 GMT
server
nginx
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
null
location
https://ad2.apx.appier.net/v1/prebid/bid?acid=ieufHyQpDo6DV3i4dRVJYw
cache-control
no-store
access-control-allow-credentials
true
content-length
0
cdb
bidder.criteo.com/ Frame AAE8 		177 B
425 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=131&profileId=184&cb=98642584615
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
061e0c60e22a477d429212ddd5c9bc8fd037fe827cb74f195aff7a2366c24083
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
163
events
bidder.criteo.com/csm/ Frame AAE8 		0
209 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Oct 2022 07:53:25 GMT
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
usync.js
eus.rubiconproject.com/ Frame 51DE 		31 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.203.77.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-77-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
1219d714e27f186eb7bbf428f0553a2a5a32fd30e6321b10af81582c66fa173d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
content-encoding
gzip
last-modified
Thu, 15 Sep 2022 22:38:47 GMT
server
Apache/2.2.15 (CentOS)
x-powered-by
PHP/5.3.3
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control
max-age=51315
content-length
9421
expires
Fri, 14 Oct 2022 22:08:41 GMT
usync.js
eus.rubiconproject.com/ Frame BC71 		31 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.203.77.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-77-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
1219d714e27f186eb7bbf428f0553a2a5a32fd30e6321b10af81582c66fa173d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
content-encoding
gzip
last-modified
Thu, 15 Sep 2022 22:38:47 GMT
server
Apache/2.2.15 (CentOS)
x-powered-by
PHP/5.3.3
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control
max-age=51315
content-length
9421
expires
Fri, 14 Oct 2022 22:08:41 GMT
khaos.jpg
token.rubiconproject.com/ Frame 51DE 		284 B
536 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/khaos.jpg?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/jpg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
284
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
khaos.jpg
token.rubiconproject.com/ Frame BC71 		284 B
536 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/khaos.jpg?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/jpg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
284
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
sdk
cdn.aralego.net/ucfad/sdk/us-east/ Frame 2C55
Redirect Chain
  • https://ads.aralego.com/sdk
  • https://cdn.aralego.net/ucfad/sdk/us-east/sdk
43 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Server
2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28bf646c6e799ca96adb3a5b48fe882639d31e27102cad9ed2979555da55944a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5679
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43705
last-modified
Thu, 22 Sep 2022 10:05:53 GMT
server
cloudflare
etag
"632c3381-aab9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RtaJ6BIb3uy7D9tPyit3zgAYsr3D5CvR9MJ%2FD7%2Bs3I6HmfD1Eh%2BI9ACxeg0ha1eTO%2FHav0G20fGOyybBMcaLDqua9bnRIv3eEA%2BPIXTD4pmtErXtYpTMp2gz1DdY80Wl%2FFzJ7Wf7PklSc0t%2F0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
759ebdc72cf7bb83-FRA

Redirect headers

Location
https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection
close
Content-length
0
pixel
fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/ Frame 5AF3 		0
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/pixel?bd=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8&t=50ef57&referrer=https%3A%2F%2Freurl.cc
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
content-length
0
content-type
image/png
cm
t.ssp.hinet.net/ Frame 5AF3 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&mp=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
vary
Origin
content-type
image/png
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
landing.php
fp.holmesmind.com/ Frame 5703 		0
37 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&CFFPCKUUID=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&url=https%3A%2F%2Freurl.cc%2FXV1QXD&maindomain=reurl.cc
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
39.219.117.34.bc.googleusercontent.com
Software
nginx/1.20.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
x-requested-with,content-type
access-control-allow-methods
*
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 07:53:26 GMT
server
nginx/1.20.0
vary
Accept-Encoding
via
1.1 google
utag.js
t.ssp.hinet.net/ Frame AAE8 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 06:51:32 GMT
server
nginx
etag
W/"62de3d74-134a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=600
expires
Fri, 14 Oct 2022 08:03:26 GMT
sync.php
pixel-apac.rubiconproject.com/exchange/ Frame BC71 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4b9b5fe4fdc8ed94e0f7cdc225df187a
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cm
t.ssp.hinet.net/ Frame 01BF 		0
194 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=cf&cid=200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t&mp=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
vary
Origin
content-type
image/png
access-control-allow-origin
https://cdn.holmesmind.com
cache-control
no-cache, private
access-control-allow-credentials
true
pixel
fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/ Frame 01BF 		0
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/pixel?bd=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8&t=cf&referrer=https%3A%2F%2Freurl.cc
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.holmesmind.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
strict-transport-security
max-age=0
server
nginx
content-length
0
content-type
image/png
drawV2.js
cdn.holmesmind.com/js/ Frame AAE8 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13849&rf=https%3A%2F%2Freurl.cc%2FXV1QXD&n=571&o=1&d=1&b=2&ts=1&ii=2&FPCK=8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs&initver=210830P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:600:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
date
Fri, 14 Oct 2022 07:53:01 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
last-modified
Fri, 16 Oct 2020 09:58:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
39
etag
"84d8b1a745228113e60f5e62f0eff6d3"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
10359
x-amz-cf-id
vYu2dr-LaahMvBhJ94-QK6AFxUfyT61F3VjNBs0k8EtsPMLnc2K6UA==
ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 2C55 		975 B
814 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:26 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2461
cf-polished
origSize=1191
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Fri, 16 Mar 2018 07:19:46 GMT
server
cloudflare
etag
W/"5aab7012-4a7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8POtcV1lctaD1GrjtBLwmYofGpfMtNW433AW3557z1ZK1iWQTd5IHi7dwdUPW7hChZB7rUOJC4JUrUgAJ73TakgaMxfPybM%2BdXqSaCjJjjLSNQmrVW5cdY4W90q1P0WEryiIa%2FD3W%2B9Vdh2Qw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
759ebdc76ec25b98-FRA
idRequest
sync.aralego.com/ Frame 2C55 		46 B
486 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
5380f4ed239609dd2ae0076e2d7ca55df0e802194bbf21200df01dc4412e158a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
connection
close
content-length
46
ad_request
ads.aralego.com/ Frame 2C55 		552 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FXV1QXD&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.7507370015250627&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&ao=https%3A%2F%2Freurl.cc&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.96.200.41 Gaithersburg, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
99ec1b27528b2883154fd166e11c3fa740d28609937a1a0287d95674ea99c2bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 14 Oct 2022 07:53:27 GMT
X-Width
300
X-Height
250
X-AdStyle
banner
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
https://reurl.cc
Access-Control-Expose-Headers
X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Vary
Accept-Encoding
Access-Control-Allow-Credentials
true
X-AdSource
PSA
X-SspId
83c4f763-1455-3f36-a6b7-7df784d96f78
X-Adtype
html
Connection
close
Content-Length
552
cookieSyncIframe.html
cdn.aralego.net/ucfad/cookie/ Frame 9927 		714 B
774 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
886
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
759ebdc919a75b98-FRA
content-encoding
br
content-type
text/html
date
Fri, 14 Oct 2022 07:53:27 GMT
last-modified
Wed, 09 Feb 2022 05:59:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQE8HaAAfW2UPSxpEO5leUuQOxpVpXOD5R%2BvyALBIGoFa%2FJBAUV1xOB2YhPa2iHwdkBPa4RMPfs1PElswx7LEqP4brq2LioCN2h3myuZS2SuErvPaXB3dYyj%2FbEtDE8EZvzb4wdQUzT38rLIpg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
idsync
sync.aralego.com/ Frame 2C55 		35 B
384 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
connection
close
content-length
35
content-type
image/gif
sdk
cdn.aralego.net/ucfad/sdk/us-east/ Frame 466F
Redirect Chain
  • https://ads.aralego.com/sdk
  • https://cdn.aralego.net/ucfad/sdk/us-east/sdk
43 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Server
2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28bf646c6e799ca96adb3a5b48fe882639d31e27102cad9ed2979555da55944a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6809
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43705
last-modified
Thu, 22 Sep 2022 10:05:53 GMT
server
cloudflare
etag
"632c3381-aab9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F1yTEJ2B9CBrOHf2x0P89ahB2mbEVTZwCzSqmQ6zzFWyL2pOAfmh8gOY0xdH5NtBEQzvrJzdJsnuPUOm1yYK4NSn0gJ%2F5qOHb%2BySfk5GaXIRtAGSwCN9j4cO4LXj1LtLOgP3dQmZW20G1VvqHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
759ebdcb1c685b98-FRA

Redirect headers

Location
https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection
close
Content-length
0
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 9927 		79 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9dd5a1686b1578e52da458a593bc5cab845274bf4766aadec058af701eb45c64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27653
x-xss-protection
0
server
sffe
etag
"1363 / 727 of 1000 / last-modified: 1665698735"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 14 Oct 2022 07:53:27 GMT
cm
t.ssp.hinet.net/ Frame AAE8 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ&mp=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
strict-transport-security
max-age=0
server
nginx
vary
Origin
content-type
image/png
access-control-allow-origin
https://reurl.cc
cache-control
no-cache, private
access-control-allow-credentials
true
pixel
fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/ Frame AAE8 		0
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net/pixel?bd=fcd575b0-c945-45b0-95a7-1f9a1be8c6e8&t=50ef57&referrer=https%3A%2F%2Freurl.cc
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
strict-transport-security
max-age=0
server
nginx
content-length
0
content-type
image/png
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 6E08 		113 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1ad7a6394b7bc680678bf882eebb50aa69136cc540033d8c448a720b9cf985f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38109
x-xss-protection
0
server
cafe
etag
9972166763061339362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 14 Oct 2022 07:53:27 GMT
pubads_impl_2022101101.js
securepubads.g.doubleclick.net/gpt/ Frame 9927 		380 KB
128 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0adb253f1936a498f71414d7807eb2feb8fc7269a8eda6146ef73627aa0ea898
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 18:46:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
133630
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131337
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 08:35:46 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 12 Oct 2023 18:46:17 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/ Frame 6E08 		352 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3614b2e32967099f61c9669b5f745a295ec083deae84eeb22f9c19c77900a88b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118626
x-xss-protection
0
server
cafe
etag
16438702782925552059
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 14 Oct 2022 07:53:27 GMT
integrator.js
adservice.google.de/adsid/ Frame 9927 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=cdn.aralego.net
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 9927 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 9927 		492 B
263 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1725496695991858&correlator=1895216153776790&eid=31070340&output=ldjh&gdfp_req=1&vrg=2022101101&ptt=17&impl=fifs&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=64515409&sfv=1-0-38&fsapi=false&sc=1&cdm=cdn.aralego.net&abxe=1&dt=1665734007499&lmt=1644386353&dlt=1665734007254&idt=220&adxs=-12245933&adys=-12245933&biw=-12245933&bih=-12245933&scr_x=-12245933&scr_y=-12245933&ucis=utypkrgo07rz&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=5&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Freurl.cc%2F&top=https%3A%2F%2Freurl.cc%2F&frm=8&vis=1&psz=0x0&msz=0x-1&fws=256&ohw=0&ea=0&ga_vid=1905079201.1665734008&ga_sid=1665734008&ga_hid=723096449&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8c2f2840acb6cae65c808d1fb4f51deb456c2de24918295905d962778a3a0a81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
234
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://cdn.aralego.net
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
56e67421b456b8d3b999a2ace679ba12.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9D55 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://56e67421b456b8d3b999a2ace679ba12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cdn.aralego.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:27 GMT
expires
Sat, 14 Oct 2023 07:53:27 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 466F 		975 B
784 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2462
cf-polished
origSize=1191
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Fri, 16 Mar 2018 07:19:46 GMT
server
cloudflare
etag
W/"5aab7012-4a7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Se8E7bk%2BOimoOyiVt8M4NspCQN6WUOMYWFxMSTE9SJjOE8x3ea%2BDCKFxaD0h%2BxZkhPF3XBN7y8xx2JsH9CHB%2FOLNvyp8fNF6a8plvjobnfD2VTw1xT4i2Jd8dB7omrn4HmY3TSy%2B%2B9CSvf9cKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
759ebdcb4ccf5b98-FRA
idRequest
sync.aralego.com/ Frame 466F 		46 B
486 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sync.aralego.com/idRequest?ucfUid=83c4f763-1455-3f36-a6b7-7df784d96f78&lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
5380f4ed239609dd2ae0076e2d7ca55df0e802194bbf21200df01dc4412e158a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://reurl.cc
access-control-allow-credentials
true
connection
close
content-length
46
ad_request
ads.aralego.com/ Frame 466F 		555 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FXV1QXD&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.31664761302404276&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&ucfUid=83c4f763-1455-3f36-a6b7-7df784d96f78&format=300%2C250%3B&ao=https%3A%2F%2Freurl.cc&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.96.200.41 Gaithersburg, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
fdfa393e5fb39c4ab607d817e8d0b5fe3573a4a2e3e8554131fbade8d615bcbf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 14 Oct 2022 07:53:27 GMT
X-Width
300
X-Height
250
X-AdStyle
banner
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
https://reurl.cc
Access-Control-Expose-Headers
X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Vary
Accept-Encoding
Access-Control-Allow-Credentials
true
X-AdSource
PSA
X-SspId
83c4f763-1455-3f36-a6b7-7df784d96f78
X-Adtype
html
Connection
close
Content-Length
555
cookie.js
partner.googleadservices.com/gampad/ Frame 6E08 		383 B
694 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8b05b9c2aaf1cc6d93fc6f29bc5a1d1f74d63b3c0d37e4c87d82658b1b9cbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
249
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 6E08 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=reurl.cc
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 6E08 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=reurl.cc
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 9153 		20 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
d3371aea0eaea4d0dfdefd1a6c8d16479368182a4479d621d4ece5e9467b076e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
10490
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 9927 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022101101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
121b1db396e1968e2afa0825406cd0a6dbc9f6d8d3ddebf641db339ecbea2e50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11109
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 9927 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 14 Oct 2022 07:53:27 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0C77 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cdn.aralego.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1603
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:26:44 GMT
expires
Sat, 14 Oct 2023 07:26:44 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 05CB 		783 B
534 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
bdbb760df6285779846da6af8ff9b4dc605c8533ca84a5e13b0e5391c3ab99ef
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-2mMHH1nbcmsonPqY-9KQRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.aralego.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-2mMHH1nbcmsonPqY-9KQRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:27 GMT
expires
Fri, 14 Oct 2022 07:53:27 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cookieSyncIframe.html
cdn.aralego.net/ucfad/cookie/ Frame 12F7 		714 B
775 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
886
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
759ebdcd0f245b98-FRA
content-encoding
br
content-type
text/html
date
Fri, 14 Oct 2022 07:53:27 GMT
last-modified
Wed, 09 Feb 2022 05:59:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sSaWK51Z%2BRTwt4bdR%2Fs5hqpdvoZ2YZpl797ZPzbNBHDYCxxakkWkRLi8pFb517Gn09J1smS7BwljO0MkM3pSWKQoQqqH67upfXo%2BqwfoYpZTchQigZfWWzhNDBLFojriWhxdgnc3q5EKR%2BpFvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
idsync
sync.aralego.com/ Frame 466F 		35 B
384 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
connection
close
content-length
35
content-type
image/gif
ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
pagead2.googlesyndication.com/bg/ Frame 0C77 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
644b9d0302a6693369bc66e0b706d4908d326cacf62b00ad5e6a80a05e66caf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 19:19:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131629
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15800
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 12 Oct 2023 19:19:38 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 12F7 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9dd5a1686b1578e52da458a593bc5cab845274bf4766aadec058af701eb45c64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27653
x-xss-protection
0
server
sffe
etag
"1363 / 751 of 1000 / last-modified: 1665698735"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 14 Oct 2022 07:53:27 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 6926 		113 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ab51a4756e201cbfe9a5059fde50d9d40b183a987c6cbfbe4684bf4f2926beed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38109
x-xss-protection
0
server
cafe
etag
13251577637622591684
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 14 Oct 2022 07:53:27 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 05CB 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022101101&jk=1725496695991858&rc=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
pubads_impl_2022101101.js
securepubads.g.doubleclick.net/gpt/ Frame 12F7 		380 KB
128 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0adb253f1936a498f71414d7807eb2feb8fc7269a8eda6146ef73627aa0ea898
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 18:46:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
133630
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131337
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 08:35:46 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 12 Oct 2023 18:46:17 GMT
integrator.js
adservice.google.com/adsid/ Frame 12F7 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 12F7 		492 B
262 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2290761158502006&correlator=3270947357839551&eid=31060439%2C31068498%2C31070340%2C31069354%2C31069563&output=ldjh&gdfp_req=1&vrg=2022101101&ptt=17&impl=fifs&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=64515409&sfv=1-0-38&fsapi=false&sc=1&cdm=cdn.aralego.net&abxe=1&dt=1665734007988&lmt=1644386353&dlt=1665734007862&idt=113&adxs=-12245933&adys=-12245933&biw=-12245933&bih=-12245933&scr_x=-12245933&scr_y=-12245933&ucis=d6vc37nkzz6s&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=5&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Freurl.cc%2F&top=https%3A%2F%2Freurl.cc%2F&frm=8&vis=1&psz=0x0&msz=0x-1&fws=256&ohw=0&ea=0&ga_vid=2038865889.1665734008&ga_sid=1665734008&ga_hid=1046810730&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c7e0b8d303b7848e12c93a30082dab5a04d0b8deadc6221daf2006e43906fdc1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
233
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://cdn.aralego.net
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
1a2e2cd544940899bd7f4b34a5538995.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 825F 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1a2e2cd544940899bd7f4b34a5538995.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cdn.aralego.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:28 GMT
expires
Sat, 14 Oct 2023 07:53:28 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
generate_204
tpc.googlesyndication.com/ Frame 0C77 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?W6wTvw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/ Frame 6926 		352 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d21c3ee74fb0ae7062f25435467f24e470996643994b61b7e26639b332bd2ce1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118624
x-xss-protection
0
server
cafe
etag
13252277482087231771
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 14 Oct 2022 07:53:28 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 12F7 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022101101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
334822679590a7083f4f6182406fa0478f3cda67b555a4d48c42d1959453268c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11203
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 12F7 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101101.js?cb=31070340
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 14 Oct 2022 07:53:28 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 6926 		12 B
53 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 6926 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=reurl.cc
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 6926 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=reurl.cc
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame D7E3 		17 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
6d22993ec7349420b3d5a8db07a8096e97808283b7e81b4b3d5e847cc582b30e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
9699
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://img.scupio.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://img.scupio.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 14 Oct 2022 07:53:27 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
430389
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/ Frame E566
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1
  • https://mug.criteo.com/sid?cpp=lOsA3Hw2d0RMa3pEVXU5UXU3SGR0NXp0WEJZcnZnNVFoYVI0djBXVDhRMjF4cG1rTTltNHVrRHBFMmtvRXRvSFE5c2hENmpxVmZWaytVdlFkQ1JXamczOEp5Q09RaWNsbVl4T1BkVzZNb3g5aForU1lrRnV2aUsvb0E3S3...
429 B
714 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=lOsA3Hw2d0RMa3pEVXU5UXU3SGR0NXp0WEJZcnZnNVFoYVI0djBXVDhRMjF4cG1rTTltNHVrRHBFMmtvRXRvSFE5c2hENmpxVmZWaytVdlFkQ1JXamczOEp5Q09RaWNsbVl4T1BkVzZNb3g5aForU1lrRnV2aUsvb0E3S3psSE5wdXFUREhjKzV3VzNvMmdDNldFcWRua0hVdFpEdTVGWXJzeGNzdVNxRldta1dpdS9vSDAxZ2tvaWJJOFBwOWVqS3FCOUcrbHBqSUh2WTdXYmdxM043VlU5VndVdzVDM3lmem5LdmxaM2p3NjAyOXloQm1mVHpWdEtya0Z2ZjQzM0kvN2FaSHRKVG1wNGNybm9VQzhvb0VnSmpqTWtJOTA2bmZRdkxhK0VabDM4a205ST18&cppv=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
00e0bba408af5ef83bd996bcc9a7d1c42949e4eb88ffe30a4d28ad35e1bdfb36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:27 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2499892
expires
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:27 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
access-control-allow-methods
GET
location
https://mug.criteo.com/sid?cpp=lOsA3Hw2d0RMa3pEVXU5UXU3SGR0NXp0WEJZcnZnNVFoYVI0djBXVDhRMjF4cG1rTTltNHVrRHBFMmtvRXRvSFE5c2hENmpxVmZWaytVdlFkQ1JXamczOEp5Q09RaWNsbVl4T1BkVzZNb3g5aForU1lrRnV2aUsvb0E3S3psSE5wdXFUREhjKzV3VzNvMmdDNldFcWRua0hVdFpEdTVGWXJzeGNzdVNxRldta1dpdS9vSDAxZ2tvaWJJOFBwOWVqS3FCOUcrbHBqSUh2WTdXYmdxM043VlU5VndVdzVDM3lmem5LdmxaM2p3NjAyOXloQm1mVHpWdEtya0Z2ZjQzM0kvN2FaSHRKVG1wNGNybm9VQzhvb0VnSmpqTWtJOTA2bmZRdkxhK0VabDM4a205ST18&cppv=2
access-control-allow-origin
https://img.scupio.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
612237
content-length
0
expires
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9153 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bw8Pl1GSc8BRzA48mTtYph5JzNnbTWadciAwhSHs1TeNPMi_DPLGFdbKmArORUoOmwj6Qe9QJhgEsYV6UjJVy1j6rrtO-CosIAN7aQ-g8Y_hzrNEA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame 9153 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:22:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1886
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Oct 2022 07:22:02 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame 9153 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 18:55:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46697
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7570
x-xss-protection
0
server
cafe
etag
17992891929817281641
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 27 Oct 2022 18:55:11 GMT
l
www.google.com/ads/measurement/ Frame 9153 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSdDoamwE6UtenUtG5YMXkSBmFnyyYgNAmpN3GZYwzfwX_7a5dgAvheczvIIh7zfHFsX1wuEXEnDClhCVHH-UNdpIJAdA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9153 		152 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47415
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1665574756386403"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 14 Oct 2022 07:53:28 GMT
cm
c.holmesmind.com/ Frame E566 		0
13 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
via
1.1 google
server
nginx/1.10.3 (Ubuntu)
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=UTF-8
idSync
sync.aralego.com/ Frame E566 		35 B
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.aralego.com/idSync
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
connection
close
content-length
35
content-type
image/gif
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://img.scupio.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://img.scupio.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 14 Oct 2022 07:53:27 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
430823
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 9F4F
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1
  • https://mug.criteo.com/sid?cpp=0BM9H3xQMk0yOFE2MkJwZW8rOWN5bmhNTSsxd200UFpqek1jSUNpV2xBR3NtaTYvbDZlQ1ErekFvVkpjcUd4Sm9BcWt0TFpaWHRxVDJxK0JuVU56Q09UVmdWVllydlZQeFVvL3hDbkF4czd0ZEZKaEd2cUxORGhocno1SW...
437 B
717 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=0BM9H3xQMk0yOFE2MkJwZW8rOWN5bmhNTSsxd200UFpqek1jSUNpV2xBR3NtaTYvbDZlQ1ErekFvVkpjcUd4Sm9BcWt0TFpaWHRxVDJxK0JuVU56Q09UVmdWVllydlZQeFVvL3hDbkF4czd0ZEZKaEd2cUxORGhocno1SW4vV2FFSDFRb3BuQk93VDNEWjJyZVduSURPa21Uc2Q1THpISFNGM0R6anByNkpnRnhqRWJKczFuQlkvZ3ZlNkVXNXduc2djN3ozSDlyUGRiQUU0blRQMmw1YkQvSlE5Y0F0OHFNYmJOcHh2dVRHODlKRFdHVTQ0NWFINFhOUkg4MmR2bzVhMzJvTmU4VFdLM3NQaHVOR3hxZ0FuVWU5cFBhVkl2aXBiRVpuckhmM2MyWFVJRT18&cppv=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
8128c02f772afdc3af7054708292df925eabfc6301c2c9bf8de77f1f8dd470a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:27 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2147631
expires
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:27 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
access-control-allow-methods
GET
location
https://mug.criteo.com/sid?cpp=0BM9H3xQMk0yOFE2MkJwZW8rOWN5bmhNTSsxd200UFpqek1jSUNpV2xBR3NtaTYvbDZlQ1ErekFvVkpjcUd4Sm9BcWt0TFpaWHRxVDJxK0JuVU56Q09UVmdWVllydlZQeFVvL3hDbkF4czd0ZEZKaEd2cUxORGhocno1SW4vV2FFSDFRb3BuQk93VDNEWjJyZVduSURPa21Uc2Q1THpISFNGM0R6anByNkpnRnhqRWJKczFuQlkvZ3ZlNkVXNXduc2djN3ozSDlyUGRiQUU0blRQMmw1YkQvSlE5Y0F0OHFNYmJOcHh2dVRHODlKRFdHVTQ0NWFINFhOUkg4MmR2bzVhMzJvTmU4VFdLM3NQaHVOR3hxZ0FuVWU5cFBhVkl2aXBiRVpuckhmM2MyWFVJRT18&cppv=2
access-control-allow-origin
https://img.scupio.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
648414
content-length
0
expires
0
idSync
sync.aralego.com/ Frame 9F4F 		35 B
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.aralego.com/idSync
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Rockville, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
connection
close
content-length
35
content-type
image/gif
cm
c.holmesmind.com/ Frame 9F4F 		0
13 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.holmesmind.com/cm
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
93.76.201.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://img.scupio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
via
1.1 google
server
nginx/1.10.3 (Ubuntu)
x-powered-by
PHP/7.0.18-0ubuntu0.17.04.1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=UTF-8
pixel
googleads.g.doubleclick.net/xbbe/ Frame BC34 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNXgKIcfw2guU0pdE829VeANUM2DetqzQJ_rnoxI3cdFggk_ZpR8R8uTwqFOI8ocF41L7FX3V5LqfX-mcblasWYMgmzoOnZ8FJpdpUsKZRtXBPGLHUFIY4JL8YdBcsPUYyjBA-OCWRPNn7QYh_C3SiVMrnvX103tKNrnlTnrdAtm3fqi4UE
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 9153 		86 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A7wnMXoln2IaKOKXXyOrr_ldQipsMJPUU4MHueoCgrGCW93VSTju3jMRsGCpeE7xpqx4ADM8dOOo289IHapkCMxpfcxA&cry=1&dbm_d=AKAmf-AOK2yHVPGNFKa6zgzaCYlZ08i2zVXGnJtgrYVdpzqGbpotjxOMBNQnKQYriYVvzlM97BGwSA1EI37bUFdrd44V0cp9oDYQMGzraHMKc1RhwSbNNR1GmX1JXC0aIW3gINe1LTmghkmkD0j658Npj5E6d6SXVM0-Bxnbp5vNypSMtB4w3cXQcDfBElXkZPG1qwQmjq3PbcNirw_vjOpNmBxEkgJCQlIhm9SLzybLSvztmeYGjkYHtnypp4MDXtNZ8iEyct7A29Vg45Md5a42Yw1gQDxcUo3seYplKmFSeAOs5C04Vxn0CgjnTtIt_Wto-qli7FUjsgFZzT8xmZk-xoIH80TV8S05tpEm5KUK7DnTjR2QHI2rWLOJO68_Jy7DPL4HPDvr8gxH-ZBFOOPaANwuwEt0mer1c4niPs1nqdYvygteoDkKpDK-QvtM1m4NKI-2M14vzPQ1VBedjCB-3EVcuiR_IKiz_ChNKyykBtk-bRcAKG7WSbQLlHxJQaua-Tj6tHWXu_IzgFS4QHuzK_Jx9Ncj9q5z_UbefA0n6WsGDNN95_GQ6eaV6006jkTSBBhHzqvJFI0-QLmdvYDQ0MY9WGbgJmU9xK6hZs2rik6gn58hwGTBUDklGM4onGSFoFzHI2TKQy39G_biqNFT-lFzqNygOxKm51_mwI-d0KOH2Dc7fHzG4zqIvLUTaYHXxcLhAiSo5jwpRpYBvCbyDBXnPxUkw8YE3yZEYPgepqK0_hqouWeXKzJ75aXeJ3lcvyWodDvBixpNjKJROLquvcI0SiBVCK3mvz12Q08Vj4ghzX_NvGDTKD8eIEd8dZObiRYNi0e0GI__JE232m7K2JcqaL6muYMiehvnE6cOFz2yzQM7vmBZN_CJY-16UBY4_mXKHMdQYqEt19-iRbA3mKeIFcV0cpQeLvCNlAP3tmRnbBaOvIVsIkzZS0j6mv8DY0Og1B2GO4p6gupIkSsJwEA-U54li38nkv1YsiFtoRvEqmqjKCEhGEbrtpjQhc1vszI5_Eo5nk8Rqfx78MvAwxhlTDV1Ohhk4dbFXsw8-fLkbcB90pGpU29Q_kzQvs6JZsrvPtcpRp7LansC49xjROf0DhpPUyyQkIsps5WKpHBRn7huZMfcWpbx0ldpzbk1aHfucFAtvJWHimsu_7ApCy_v-2FoY457nkKoNNNlPMW5Kn-Mf64tAMsIT66QWmmLI2Iu3_OaCPyXQUQoMkynWUlAgXwiFezQnW_T5D0zcb9bznJtucYcf6wN0NMjSkn2l4XhuyvHu7P-FsZZxe5bd5CIkQeyqqVfqXifw9Zk82tlWVE_RM5DorHftF9Ywo37vCnNuJfQpZGZ_YmmxG2IfHV1LZnIPshHLvxBVn-5-j74doZUtUWK42kBhTEiJ-BCUX6rEQ7zmiATRJEHYjfPUvuhYd9ZsXVeCmdvs-egwCiHLHEFNyWkC48CUerXevC2ujPztNQQlmyRyrhTRXRCe8H9nfYVAbwYwppY2vkqj9v43zLFq6CSMJH-PYq4t3GaVuApgpytrpBq2AglqD3awTcy-HtNdDXInt3qzXVTaviKZ8eUTKH_OL1rpS9REQJPp2kQPcc0hEgCDg-sGYBzotRPkw9hdXdkWvYp4pAHNnlJyXO76dTrDHdK5vSf9-cZrXG-3eVHC3BR_pOHKcgndthJxWyNa_eiKRXIsawI7lY2Z_qgXwQSPLm7hlPal2Nk_sdPHoS2wOvWh8edg1XYIeP8jHDOWN1ucf1Ry7dMSXpE1zjGrORAFeLdgIukrMw01_ImRkJcTdtA3NhDG2a2DdyaMfwnmcoTH9qWuneS1-ZuF_FTipE1bPR5b_3pPXnMz3PSo-WHQqoCqnQ11-v4F_6lav4b47sT1S_H63T7Y8MgzxOGTXHQOPWqpNCAfkggeuubIbLxa5fNfWTRHA49k3b9SuITyPydqzVH0eK5COr5T_ZJrpMLYurEzDP28Yp03YoiwBtoBrd1o8FJflP5aeBKYxuAIpqMvtXly-KGah-PHforZZCppTGlxS0JQH5_Ak1cEyOgMiKhSJN49TcNNdSZFYuKSTpJ-HAsmwDG4DNEVcObprXBZRYH_Ov6ha-qfNMkFO3r_HTZXc5nBIOx5iJRf8Fd2asG6rfWhJNL3iQlY-dsYHVJdTCsvza9DC2zCSSY9itOr8yk-aIYVbeXYg799YtI5IHn9iwMcPv7SAF_egP3rDNR17ZcXw24_Uk2fC9vccC73bsXmPVqRczf6gL9VjTBtrUUNuteCwYJ98s5cQcy1hmvNQMgH8iDtSstBW9l8iRwpxaNj_PZAMIrh6e8mQfVv2bEWhvzw28PcariAEmkbCkPRxB068cBOpCUSMcAENlhEsjmpzoqyvr0_nAworZv33U1kE6Fr-wHGfXzE8mCsJFQ62yRRXsuJ8iFCo9NSiwA7WsDinl0lpdn1BvI6aUBEqE-H5msVbZdNdQSuT-BkW96EbIqZdCZVKopbo0r09FXc9vYsW3U3gRJsh4BIU4r-pY-bKg-CN-wY81KdxGEu9aSP9pEWwn0GHPs9e-TbhvSecNyr1silJwcET3peIrxGYn0qL75O2Q83F2dfE67g2xfCLuM1MrC6FiVq3bIRY3O4XSDdP2uuSWmOHtY8UwZDO3t1RXCpa25n5_ecqKvRO2ln9foXmGkoqx3eAyphMJgJimZ4L-Prwq4b3Chg1CPlDkPhNFeeYNUFV_mUEMft2DM8hAcMVgMdMoLMnK5WpAjPR-KKTWfqftWnZqXfaCPc4Zv01TEAKHoPeFKzIROKjjFcCCvhdqNNIJZsBPmMXCUZZoK0CN-kPmNtI7Mdsauk8SCDVxHQI-9HcWdpcw67yySE3dkLc7JylPhE6gOQ62mQL1aQ7u5vxV9T3-g4ykwxjF0e5HR58pvowCWXEPhV3WhCZ2ewnsAB06Af0gc52mR8ZTB3Kt_K-jxWbMdKZqxAGCwwHM9RkNbCc4z9Sople9mTbgO4XDFUkG-LaPJU2LWlj7-o3-_TQrEZkPfqeZgkEvMBkT-lpC-omBevxlDr0J6Z9Mgx2cIBIn-KiqieY-qtYpsXLoQ1zsgjrTOgIF53G8ZH15ba5nZM_k32Pg7-oJLHFR1f4NXeM_u30iy48N53xCzU47NdHM50hImYPPQ39-fWNNukivIcAQKHzKp_cwMgzppQc864H2cX8Z91jj_6njUdwwR0CmOpDfAxO648VTN5dSJm6WTTcyHCVgdoZzT8oOqLybolC-NSrJ5mLciouc89q6cEks9doID_LPRN62Z74B4LDjG-Tv5yhCRlxtmQkRbeioJs8mgCgQZgCgSp7kLfNXyV3SgGi1r4DXkrSy2NJf-osOTxdnkATyqhcA&cid=CAQSKQDq26N9qlzZNC7I1Wml48N5uKRKKY-8oS7eWHFpIjXvwZseEmFHjrp-GAEgDg&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
22954b60623e7315aace575dd5bb9a98e6d1ad882eaf3712f587bbfe79197353
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34938
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D35A 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cdn.aralego.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1604
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:26:44 GMT
expires
Sat, 14 Oct 2023 07:26:44 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame AE47 		783 B
534 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f15f29ee59b8b98eeb3d9bda8f5b6ea7183ddee520b20cbdd4185918b8bd7917
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-45lKSR1In_oravOUyzEPew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.aralego.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-45lKSR1In_oravOUyzEPew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:28 GMT
expires
Fri, 14 Oct 2022 07:53:28 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=lOsA3Hw2d0RMa3pEVXU5UXU3SGR0NXp0WEJZcnZnNVFoYVI0djBXVDhRMjF4cG1rTTltNHVrRHBFMmtvRXRvSFE5c2hENmpxVmZWaytVdlFkQ1JXamczOEp5Q09RaWNsbVl4T1BkVzZNb3g5aForU1lrRnV2aUsvb0E3S3psSE5wdXFUREhjKzV3VzNvMmdDNldFcWRua0hVdFpEdTVGWXJzeGNzdVNxRldta1dpdS9vSDAxZ2tvaWJJOFBwOWVqS3FCOUcrbHBqSUh2WTdXYmdxM043VlU5VndVdzVDM3lmem5LdmxaM2p3NjAyOXloQm1mVHpWdEtya0Z2ZjQzM0kvN2FaSHRKVG1wNGNybm9VQzhvb0VnSmpqTWtJOTA2bmZRdkxhK0VabDM4a205ST18&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 14 Oct 2022 07:53:27 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
510535
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=0BM9H3xQMk0yOFE2MkJwZW8rOWN5bmhNTSsxd200UFpqek1jSUNpV2xBR3NtaTYvbDZlQ1ErekFvVkpjcUd4Sm9BcWt0TFpaWHRxVDJxK0JuVU56Q09UVmdWVllydlZQeFVvL3hDbkF4czd0ZEZKaEd2cUxORGhocno1SW4vV2FFSDFRb3BuQk93VDNEWjJyZVduSURPa21Uc2Q1THpISFNGM0R6anByNkpnRnhqRWJKczFuQlkvZ3ZlNkVXNXduc2djN3ozSDlyUGRiQUU0blRQMmw1YkQvSlE5Y0F0OHFNYmJOcHh2dVRHODlKRFdHVTQ0NWFINFhOUkg4MmR2bzVhMzJvTmU4VFdLM3NQaHVOR3hxZ0FuVWU5cFBhVkl2aXBiRVpuckhmM2MyWFVJRT18&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 14 Oct 2022 07:53:28 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
486081
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
rum
dsum-sec.casalemedia.com/ Frame BC34
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1&C=1
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNXgKIcfw2guU0pdE829VeANUM2DetqzQJ_rnoxI3cdFggk_ZpR8R8uTwqFOI8ocF41L7FX3V5LqfX-mcblasWYMgmzoOnZ8FJpdpUsKZRtXBPGLHUFIY4JL8YdBcsPUYyjBA-OCWRPNn7QYh_C3SiVMrnvX103tKNrnlTnrdAtm3fqi4UE
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 14 Oct 2022 07:53:28 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 14 Oct 2022 07:53:28 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1&C=1
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
0
Expires
0
rum
dsum-sec.casalemedia.com/ Frame BC34
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y0kVeCxO1yvDGR8.vW1VbwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1&google_hm=2
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNXgKIcfw2guU0pdE829VeANUM2DetqzQJ_rnoxI3cdFggk_ZpR8R8uTwqFOI8ocF41L7FX3V5LqfX-mcblasWYMgmzoOnZ8FJpdpUsKZRtXBPGLHUFIY4JL8YdBcsPUYyjBA-OCWRPNn7QYh_C3SiVMrnvX103tKNrnlTnrdAtm3fqi4UE
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 14 Oct 2022 07:53:28 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEJJRyCluodqadH_C_LUaaw&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bounce
ib.adnxs.com/ Frame BC34
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEOacqMiF_Er1UkuoA9HQeSU&google_cver=1
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOacqMiF_Er1UkuoA9HQeSU%26google_cver%3D1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOacqMiF_Er1UkuoA9HQeSU%26google_cver%3D1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNXgKIcfw2guU0pdE829VeANUM2DetqzQJ_rnoxI3cdFggk_ZpR8R8uTwqFOI8ocF41L7FX3V5LqfX-mcblasWYMgmzoOnZ8FJpdpUsKZRtXBPGLHUFIY4JL8YdBcsPUYyjBA-OCWRPNn7QYh_C3SiVMrnvX103tKNrnlTnrdAtm3fqi4UE
Protocol
HTTP/1.1
Server
185.89.211.132 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 14 Oct 2022 07:53:28 GMT
AN-X-Request-Uuid
404c5d2b-2600-4f2e-ba0a-12ba6a2f7027
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
178.162.209.131; 178.162.209.131; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 14 Oct 2022 07:53:28 GMT
AN-X-Request-Uuid
ee073a7b-1a96-46a9-85c9-99c9a46ff19f
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOacqMiF_Er1UkuoA9HQeSU%26google_cver%3D1
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
178.162.209.131; 178.162.209.131; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame BC34
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI0NjQ0MzUzNjI2Nzg3MDM%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI0NjQ0MzUzNjI2Nzg3MDM%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNXgKIcfw2guU0pdE829VeANUM2DetqzQJ_rnoxI3cdFggk_ZpR8R8uTwqFOI8ocF41L7FX3V5LqfX-mcblasWYMgmzoOnZ8FJpdpUsKZRtXBPGLHUFIY4JL8YdBcsPUYyjBA-OCWRPNn7QYh_C3SiVMrnvX103tKNrnlTnrdAtm3fqi4UE
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 14 Oct 2022 07:53:28 GMT
AN-X-Request-Uuid
16f80d2f-d7fc-4037-bf0e-aa7506503a23
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI0NjQ0MzUzNjI2Nzg3MDM%3D
Connection
keep-alive
X-Proxy-Origin
178.162.209.131; 178.162.209.131; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
pagead2.googlesyndication.com/bg/ Frame D35A 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
644b9d0302a6693369bc66e0b706d4908d326cacf62b00ad5e6a80a05e66caf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 19:19:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131630
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15800
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 12 Oct 2023 19:19:38 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame AE47 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022101101&jk=2290761158502006&rc=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
express_html_obb_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 9153 		119 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed44e345a8354731787a4fc575c66363aac13eebd6007b88aecd8a1deea341df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 03:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16416
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42405
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:28 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 15 Oct 2022 03:19:52 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221012/r20110914/elements/html/ Frame 9153 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221012/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A7wnMXoln2IaKOKXXyOrr_ldQipsMJPUU4MHueoCgrGCW93VSTju3jMRsGCpeE7xpqx4ADM8dOOo289IHapkCMxpfcxA&cry=1&dbm_d=AKAmf-AOK2yHVPGNFKa6zgzaCYlZ08i2zVXGnJtgrYVdpzqGbpotjxOMBNQnKQYriYVvzlM97BGwSA1EI37bUFdrd44V0cp9oDYQMGzraHMKc1RhwSbNNR1GmX1JXC0aIW3gINe1LTmghkmkD0j658Npj5E6d6SXVM0-Bxnbp5vNypSMtB4w3cXQcDfBElXkZPG1qwQmjq3PbcNirw_vjOpNmBxEkgJCQlIhm9SLzybLSvztmeYGjkYHtnypp4MDXtNZ8iEyct7A29Vg45Md5a42Yw1gQDxcUo3seYplKmFSeAOs5C04Vxn0CgjnTtIt_Wto-qli7FUjsgFZzT8xmZk-xoIH80TV8S05tpEm5KUK7DnTjR2QHI2rWLOJO68_Jy7DPL4HPDvr8gxH-ZBFOOPaANwuwEt0mer1c4niPs1nqdYvygteoDkKpDK-QvtM1m4NKI-2M14vzPQ1VBedjCB-3EVcuiR_IKiz_ChNKyykBtk-bRcAKG7WSbQLlHxJQaua-Tj6tHWXu_IzgFS4QHuzK_Jx9Ncj9q5z_UbefA0n6WsGDNN95_GQ6eaV6006jkTSBBhHzqvJFI0-QLmdvYDQ0MY9WGbgJmU9xK6hZs2rik6gn58hwGTBUDklGM4onGSFoFzHI2TKQy39G_biqNFT-lFzqNygOxKm51_mwI-d0KOH2Dc7fHzG4zqIvLUTaYHXxcLhAiSo5jwpRpYBvCbyDBXnPxUkw8YE3yZEYPgepqK0_hqouWeXKzJ75aXeJ3lcvyWodDvBixpNjKJROLquvcI0SiBVCK3mvz12Q08Vj4ghzX_NvGDTKD8eIEd8dZObiRYNi0e0GI__JE232m7K2JcqaL6muYMiehvnE6cOFz2yzQM7vmBZN_CJY-16UBY4_mXKHMdQYqEt19-iRbA3mKeIFcV0cpQeLvCNlAP3tmRnbBaOvIVsIkzZS0j6mv8DY0Og1B2GO4p6gupIkSsJwEA-U54li38nkv1YsiFtoRvEqmqjKCEhGEbrtpjQhc1vszI5_Eo5nk8Rqfx78MvAwxhlTDV1Ohhk4dbFXsw8-fLkbcB90pGpU29Q_kzQvs6JZsrvPtcpRp7LansC49xjROf0DhpPUyyQkIsps5WKpHBRn7huZMfcWpbx0ldpzbk1aHfucFAtvJWHimsu_7ApCy_v-2FoY457nkKoNNNlPMW5Kn-Mf64tAMsIT66QWmmLI2Iu3_OaCPyXQUQoMkynWUlAgXwiFezQnW_T5D0zcb9bznJtucYcf6wN0NMjSkn2l4XhuyvHu7P-FsZZxe5bd5CIkQeyqqVfqXifw9Zk82tlWVE_RM5DorHftF9Ywo37vCnNuJfQpZGZ_YmmxG2IfHV1LZnIPshHLvxBVn-5-j74doZUtUWK42kBhTEiJ-BCUX6rEQ7zmiATRJEHYjfPUvuhYd9ZsXVeCmdvs-egwCiHLHEFNyWkC48CUerXevC2ujPztNQQlmyRyrhTRXRCe8H9nfYVAbwYwppY2vkqj9v43zLFq6CSMJH-PYq4t3GaVuApgpytrpBq2AglqD3awTcy-HtNdDXInt3qzXVTaviKZ8eUTKH_OL1rpS9REQJPp2kQPcc0hEgCDg-sGYBzotRPkw9hdXdkWvYp4pAHNnlJyXO76dTrDHdK5vSf9-cZrXG-3eVHC3BR_pOHKcgndthJxWyNa_eiKRXIsawI7lY2Z_qgXwQSPLm7hlPal2Nk_sdPHoS2wOvWh8edg1XYIeP8jHDOWN1ucf1Ry7dMSXpE1zjGrORAFeLdgIukrMw01_ImRkJcTdtA3NhDG2a2DdyaMfwnmcoTH9qWuneS1-ZuF_FTipE1bPR5b_3pPXnMz3PSo-WHQqoCqnQ11-v4F_6lav4b47sT1S_H63T7Y8MgzxOGTXHQOPWqpNCAfkggeuubIbLxa5fNfWTRHA49k3b9SuITyPydqzVH0eK5COr5T_ZJrpMLYurEzDP28Yp03YoiwBtoBrd1o8FJflP5aeBKYxuAIpqMvtXly-KGah-PHforZZCppTGlxS0JQH5_Ak1cEyOgMiKhSJN49TcNNdSZFYuKSTpJ-HAsmwDG4DNEVcObprXBZRYH_Ov6ha-qfNMkFO3r_HTZXc5nBIOx5iJRf8Fd2asG6rfWhJNL3iQlY-dsYHVJdTCsvza9DC2zCSSY9itOr8yk-aIYVbeXYg799YtI5IHn9iwMcPv7SAF_egP3rDNR17ZcXw24_Uk2fC9vccC73bsXmPVqRczf6gL9VjTBtrUUNuteCwYJ98s5cQcy1hmvNQMgH8iDtSstBW9l8iRwpxaNj_PZAMIrh6e8mQfVv2bEWhvzw28PcariAEmkbCkPRxB068cBOpCUSMcAENlhEsjmpzoqyvr0_nAworZv33U1kE6Fr-wHGfXzE8mCsJFQ62yRRXsuJ8iFCo9NSiwA7WsDinl0lpdn1BvI6aUBEqE-H5msVbZdNdQSuT-BkW96EbIqZdCZVKopbo0r09FXc9vYsW3U3gRJsh4BIU4r-pY-bKg-CN-wY81KdxGEu9aSP9pEWwn0GHPs9e-TbhvSecNyr1silJwcET3peIrxGYn0qL75O2Q83F2dfE67g2xfCLuM1MrC6FiVq3bIRY3O4XSDdP2uuSWmOHtY8UwZDO3t1RXCpa25n5_ecqKvRO2ln9foXmGkoqx3eAyphMJgJimZ4L-Prwq4b3Chg1CPlDkPhNFeeYNUFV_mUEMft2DM8hAcMVgMdMoLMnK5WpAjPR-KKTWfqftWnZqXfaCPc4Zv01TEAKHoPeFKzIROKjjFcCCvhdqNNIJZsBPmMXCUZZoK0CN-kPmNtI7Mdsauk8SCDVxHQI-9HcWdpcw67yySE3dkLc7JylPhE6gOQ62mQL1aQ7u5vxV9T3-g4ykwxjF0e5HR58pvowCWXEPhV3WhCZ2ewnsAB06Af0gc52mR8ZTB3Kt_K-jxWbMdKZqxAGCwwHM9RkNbCc4z9Sople9mTbgO4XDFUkG-LaPJU2LWlj7-o3-_TQrEZkPfqeZgkEvMBkT-lpC-omBevxlDr0J6Z9Mgx2cIBIn-KiqieY-qtYpsXLoQ1zsgjrTOgIF53G8ZH15ba5nZM_k32Pg7-oJLHFR1f4NXeM_u30iy48N53xCzU47NdHM50hImYPPQ39-fWNNukivIcAQKHzKp_cwMgzppQc864H2cX8Z91jj_6njUdwwR0CmOpDfAxO648VTN5dSJm6WTTcyHCVgdoZzT8oOqLybolC-NSrJ5mLciouc89q6cEks9doID_LPRN62Z74B4LDjG-Tv5yhCRlxtmQkRbeioJs8mgCgQZgCgSp7kLfNXyV3SgGi1r4DXkrSy2NJf-osOTxdnkATyqhcA&cid=CAQSKQDq26N9qlzZNC7I1Wml48N5uKRKKY-8oS7eWHFpIjXvwZseEmFHjrp-GAEgDg&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 18:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46814
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 27 Oct 2022 18:53:14 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221012/r20110914/ Frame 9153 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221012/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A7wnMXoln2IaKOKXXyOrr_ldQipsMJPUU4MHueoCgrGCW93VSTju3jMRsGCpeE7xpqx4ADM8dOOo289IHapkCMxpfcxA&cry=1&dbm_d=AKAmf-AOK2yHVPGNFKa6zgzaCYlZ08i2zVXGnJtgrYVdpzqGbpotjxOMBNQnKQYriYVvzlM97BGwSA1EI37bUFdrd44V0cp9oDYQMGzraHMKc1RhwSbNNR1GmX1JXC0aIW3gINe1LTmghkmkD0j658Npj5E6d6SXVM0-Bxnbp5vNypSMtB4w3cXQcDfBElXkZPG1qwQmjq3PbcNirw_vjOpNmBxEkgJCQlIhm9SLzybLSvztmeYGjkYHtnypp4MDXtNZ8iEyct7A29Vg45Md5a42Yw1gQDxcUo3seYplKmFSeAOs5C04Vxn0CgjnTtIt_Wto-qli7FUjsgFZzT8xmZk-xoIH80TV8S05tpEm5KUK7DnTjR2QHI2rWLOJO68_Jy7DPL4HPDvr8gxH-ZBFOOPaANwuwEt0mer1c4niPs1nqdYvygteoDkKpDK-QvtM1m4NKI-2M14vzPQ1VBedjCB-3EVcuiR_IKiz_ChNKyykBtk-bRcAKG7WSbQLlHxJQaua-Tj6tHWXu_IzgFS4QHuzK_Jx9Ncj9q5z_UbefA0n6WsGDNN95_GQ6eaV6006jkTSBBhHzqvJFI0-QLmdvYDQ0MY9WGbgJmU9xK6hZs2rik6gn58hwGTBUDklGM4onGSFoFzHI2TKQy39G_biqNFT-lFzqNygOxKm51_mwI-d0KOH2Dc7fHzG4zqIvLUTaYHXxcLhAiSo5jwpRpYBvCbyDBXnPxUkw8YE3yZEYPgepqK0_hqouWeXKzJ75aXeJ3lcvyWodDvBixpNjKJROLquvcI0SiBVCK3mvz12Q08Vj4ghzX_NvGDTKD8eIEd8dZObiRYNi0e0GI__JE232m7K2JcqaL6muYMiehvnE6cOFz2yzQM7vmBZN_CJY-16UBY4_mXKHMdQYqEt19-iRbA3mKeIFcV0cpQeLvCNlAP3tmRnbBaOvIVsIkzZS0j6mv8DY0Og1B2GO4p6gupIkSsJwEA-U54li38nkv1YsiFtoRvEqmqjKCEhGEbrtpjQhc1vszI5_Eo5nk8Rqfx78MvAwxhlTDV1Ohhk4dbFXsw8-fLkbcB90pGpU29Q_kzQvs6JZsrvPtcpRp7LansC49xjROf0DhpPUyyQkIsps5WKpHBRn7huZMfcWpbx0ldpzbk1aHfucFAtvJWHimsu_7ApCy_v-2FoY457nkKoNNNlPMW5Kn-Mf64tAMsIT66QWmmLI2Iu3_OaCPyXQUQoMkynWUlAgXwiFezQnW_T5D0zcb9bznJtucYcf6wN0NMjSkn2l4XhuyvHu7P-FsZZxe5bd5CIkQeyqqVfqXifw9Zk82tlWVE_RM5DorHftF9Ywo37vCnNuJfQpZGZ_YmmxG2IfHV1LZnIPshHLvxBVn-5-j74doZUtUWK42kBhTEiJ-BCUX6rEQ7zmiATRJEHYjfPUvuhYd9ZsXVeCmdvs-egwCiHLHEFNyWkC48CUerXevC2ujPztNQQlmyRyrhTRXRCe8H9nfYVAbwYwppY2vkqj9v43zLFq6CSMJH-PYq4t3GaVuApgpytrpBq2AglqD3awTcy-HtNdDXInt3qzXVTaviKZ8eUTKH_OL1rpS9REQJPp2kQPcc0hEgCDg-sGYBzotRPkw9hdXdkWvYp4pAHNnlJyXO76dTrDHdK5vSf9-cZrXG-3eVHC3BR_pOHKcgndthJxWyNa_eiKRXIsawI7lY2Z_qgXwQSPLm7hlPal2Nk_sdPHoS2wOvWh8edg1XYIeP8jHDOWN1ucf1Ry7dMSXpE1zjGrORAFeLdgIukrMw01_ImRkJcTdtA3NhDG2a2DdyaMfwnmcoTH9qWuneS1-ZuF_FTipE1bPR5b_3pPXnMz3PSo-WHQqoCqnQ11-v4F_6lav4b47sT1S_H63T7Y8MgzxOGTXHQOPWqpNCAfkggeuubIbLxa5fNfWTRHA49k3b9SuITyPydqzVH0eK5COr5T_ZJrpMLYurEzDP28Yp03YoiwBtoBrd1o8FJflP5aeBKYxuAIpqMvtXly-KGah-PHforZZCppTGlxS0JQH5_Ak1cEyOgMiKhSJN49TcNNdSZFYuKSTpJ-HAsmwDG4DNEVcObprXBZRYH_Ov6ha-qfNMkFO3r_HTZXc5nBIOx5iJRf8Fd2asG6rfWhJNL3iQlY-dsYHVJdTCsvza9DC2zCSSY9itOr8yk-aIYVbeXYg799YtI5IHn9iwMcPv7SAF_egP3rDNR17ZcXw24_Uk2fC9vccC73bsXmPVqRczf6gL9VjTBtrUUNuteCwYJ98s5cQcy1hmvNQMgH8iDtSstBW9l8iRwpxaNj_PZAMIrh6e8mQfVv2bEWhvzw28PcariAEmkbCkPRxB068cBOpCUSMcAENlhEsjmpzoqyvr0_nAworZv33U1kE6Fr-wHGfXzE8mCsJFQ62yRRXsuJ8iFCo9NSiwA7WsDinl0lpdn1BvI6aUBEqE-H5msVbZdNdQSuT-BkW96EbIqZdCZVKopbo0r09FXc9vYsW3U3gRJsh4BIU4r-pY-bKg-CN-wY81KdxGEu9aSP9pEWwn0GHPs9e-TbhvSecNyr1silJwcET3peIrxGYn0qL75O2Q83F2dfE67g2xfCLuM1MrC6FiVq3bIRY3O4XSDdP2uuSWmOHtY8UwZDO3t1RXCpa25n5_ecqKvRO2ln9foXmGkoqx3eAyphMJgJimZ4L-Prwq4b3Chg1CPlDkPhNFeeYNUFV_mUEMft2DM8hAcMVgMdMoLMnK5WpAjPR-KKTWfqftWnZqXfaCPc4Zv01TEAKHoPeFKzIROKjjFcCCvhdqNNIJZsBPmMXCUZZoK0CN-kPmNtI7Mdsauk8SCDVxHQI-9HcWdpcw67yySE3dkLc7JylPhE6gOQ62mQL1aQ7u5vxV9T3-g4ykwxjF0e5HR58pvowCWXEPhV3WhCZ2ewnsAB06Af0gc52mR8ZTB3Kt_K-jxWbMdKZqxAGCwwHM9RkNbCc4z9Sople9mTbgO4XDFUkG-LaPJU2LWlj7-o3-_TQrEZkPfqeZgkEvMBkT-lpC-omBevxlDr0J6Z9Mgx2cIBIn-KiqieY-qtYpsXLoQ1zsgjrTOgIF53G8ZH15ba5nZM_k32Pg7-oJLHFR1f4NXeM_u30iy48N53xCzU47NdHM50hImYPPQ39-fWNNukivIcAQKHzKp_cwMgzppQc864H2cX8Z91jj_6njUdwwR0CmOpDfAxO648VTN5dSJm6WTTcyHCVgdoZzT8oOqLybolC-NSrJ5mLciouc89q6cEks9doID_LPRN62Z74B4LDjG-Tv5yhCRlxtmQkRbeioJs8mgCgQZgCgSp7kLfNXyV3SgGi1r4DXkrSy2NJf-osOTxdnkATyqhcA&cid=CAQSKQDq26N9qlzZNC7I1Wml48N5uKRKKY-8oS7eWHFpIjXvwZseEmFHjrp-GAEgDg&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b3c218f921126409f2f4a82b74458117039037330ffb76b30df5c6062b353a90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 18:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46814
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11730
x-xss-protection
0
server
cafe
etag
9319256901541695429
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 27 Oct 2022 18:53:14 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 9153 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:22:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77459
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Oct 2023 10:22:29 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame C135 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
39979
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 13 Oct 2022 20:47:09 GMT
etag
48472445140208031
expires
Fri, 14 Oct 2022 20:47:09 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 9153 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5bc8324d7164b9bc0edc9c0d8a779c6271356cc51ac504bacbac1283e877da9b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
index.html
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/ Frame 8DED 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
39236128fe5c0e392d70d5f7408240e5cbde2a6458e70e025b5c50781aee8270
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
77037
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
1679
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 13 Oct 2022 10:29:31 GMT
expires
Fri, 13 Oct 2023 10:29:31 GMT
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 9153 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstluVdC27nDXMC7C7snMwAp3_C_HKaPI6axS-OBUjRX7PN5mzUQfWuvhgkzIHknlVZw7hUda5sKXtJDcbX4NSX8Ax0qPaDlNWsKNcXAEUQSzCs0dIlAKkSQRvEN1Irb0lQXM283diy8XCGKhvy8px0Y16hLZcDEmlqGmHIZ8L9liqpjiChhOpeZn5SI-4FaEnn1f9TFZ-Y26UwX6ImsBS0LHW8OftgHRZUni8vNBBSu9gvUQcDRUH8yvj5m1mdYAJuO-DKOPRdW6cKXhE2W7Ae8fk2zBQiEn_8K9_c570iNUPeHAPw_L0m1XK_CX36inRkkCiqFjukz0GO0eZhBF_vw87wbQtV3oelHxe0IfLlM8Ad0zDCqdn3GA1dyBP0HDyy4lrbcDPKsV44b-8wvKu3jI9Ks12ZKoPPZqaDqlTe3suoqEQg7gzkzYbWA8r-FlGOmQYY6vJ1DbAxDuxN8bqSx2sKamTeUGmh5YjVEwvqO-SZasRo_0jit0GYHJaKaQrmeCHEmcybo2y32GKRZvaxJGvaj8cq6AfRsm3VRMSETgYP3Ar4WgWoX4B28Bg9cWSQsltLfi8vI-JI85HFvNh95tt5FWa5Xv4aNCPZBXG1O9fZdzJamAZh-8dK9YlVyPb7LRUbTm-EPvNyO-aDjiCOkrRtEhcpWFGoKRI8PJJgNVCmdSrI4BFM91TnwGEg5mPzahkmaWr6pVupvZXvBCVH8XPU4BhgpC8yfelSm37rewFCEZn_Zutpk3mUbK8Bti727X-lPsXBsEs3FLQiO7tfbk2cru8uM5LplOBAKCIKW_eO_du8MAguJYAYecMNRUih52gjFzD59qxdfkvJHT6po113Jqrc722yDIi1Wjf9J-zxPARIP0kuW0PSeLeajtrnEYJGSjGnpv2x0mwVwGNlEicr80HP4iB1tEEEy4yxyej_jPSvToOy2qvpIk9UzVvhVU05uwRU3F_as_sgQpzNa5JSKdKcwnkK_yZb_HXh8mw-Y2SRbAArygkwUUgvRNe6wFP7PatkqYCT4hPAGdOLhXs-G-7y4ieWxfrw9exOxT6TgObbAhmF0XUPu6gof2-lpcwg6h8lHIA82rVoSuY-EHtLq606oZGRugQOFMYm_oqTC6ytlpdAADyCVKjOdXJ_3bWbWIWNKuAGJpTU9qQwL6oS24DYAJb2VDTWWu8aqIscKqvgnoMBuZ9EHx01v3Do9leEYNfEcR1EOtmPgAa9W0IiiAfh2GPwXHR_ku2mdCMvvwSkduFZoYozIiBOZdDGE5NRfxXb6ajIg0CA88MEm4oYgURQjx4jKri9kxhpctw&sai=AMfl-YRJJB1zCT60Uf5RiPa6sYYl42uY6tcz1GcSUodWMqSl1b-t1Ob5L7ZVbUwPy5Ec-062e-eEw88haOs4gKHbkaAYJCgZljLo7ksICpzWhu1co9BzwZyX3OgcvXfuVFEsTkOGmUBK18mq1qNwYorfaazc9fikE8uLMIJBrqtxB40K-cHKVYTKuupfng1piBBQPKFZvPUQL7cuHYuie9I&sig=Cg0ArKJSzJO9vmNYfL21EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=192&cbvp=1&cstd=188&cisv=r20221012.29356&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Fri, 14 Oct 2022 07:53:28 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame CB30 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
210
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:49:58 GMT
expires
Sat, 14 Oct 2023 07:49:58 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame C135
Redirect Chain
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESECUqT_CPQScF0vNnEFAjmcQ&google_cver=1&google_push=AZmPxg-0efUwE-Nka2JRxTSplPVUPNRfKQiQgjYglx8zPw7p-yYsFeEBl5Z8zj9n8xX86GwKU3RhEiIbexCN6cA-vH4bo5ExvgU
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjUyODY2NDU1MjYyMDg5NTYyMg==&gdpr=&gdpr_consent=
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECUqT_CPQScF0vNnEFAjmcQ&google_cver=1
43 B
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECUqT_CPQScF0vNnEFAjmcQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H2
Server
2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Fri, 14 Oct 2022 07:53:27 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECUqT_CPQScF0vNnEFAjmcQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame C135
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKLuVpqYc5E2Fg4AVSzGhlQ&google_cver=1&google_push=AZmPxg_1SkGciL6e17J7OCcQRUH5dynqIH8tx7Dj5rxWScqyr0qAhXCYTorhQmPR_gLaCES5WhO_lVLVz5LNcKrY2JivXaN...
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg_1SkGciL6e17J7OCcQRUH5dynqIH8tx7Dj5rxWScqyr0qAhXCYTorhQmPR_gLaCES5WhO_lVLVz5LNcKrY2JivXaN3LPY5&google_hm=Mjc1MDcwMTI1NzE3MzAyMT...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg_1SkGciL6e17J7OCcQRUH5dynqIH8tx7Dj5rxWScqyr0qAhXCYTorhQmPR_gLaCES5WhO_lVLVz5LNcKrY2JivXaN3LPY5&google_hm=Mjc1MDcwMTI1NzE3MzAyMTQzMw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 14 Oct 2022 07:53:28 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg_1SkGciL6e17J7OCcQRUH5dynqIH8tx7Dj5rxWScqyr0qAhXCYTorhQmPR_gLaCES5WhO_lVLVz5LNcKrY2JivXaN3LPY5&google_hm=Mjc1MDcwMTI1NzE3MzAyMTQzMw%3D%3D
content-length
0
pixel
cm.g.doubleclick.net/ Frame C135
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_hm=Y0kVeCxO1yvDGR8-vW1VbwAABLAAAAAB&google_nid=index&google_push=AZmPxg_i8pWh62gcEe6Zi2x3lVYPzl-t8m1ND...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_hm=Y0kVeCxO1yvDGR8-vW1VbwAABLAAAAAB&google_nid=index&google_push=AZmPxg_i8pWh62gcEe6Zi2x3lVYPzl-t8m1NDzHMwOHjEATOxaeig0KDPr3iaH7Ua01gZcwGq1bLdrGTG2qWXn2j2w54Wi2pIYbo
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHjKqT5f8nKB%2BOIyYvaA3jmzklgLz3%2FErLT7QYRFACizQ0WHnY0QSqP3t%2BCJPebBwvG%2B%2FzARft2GWTrbqzuGs31OlKrFcwBZdhq7flVYqbNRgDEDqTaTeu9pbrqXhHWHyV60lszntG3Q7w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_hm=Y0kVeCxO1yvDGR8-vW1VbwAABLAAAAAB&google_nid=index&google_push=AZmPxg_i8pWh62gcEe6Zi2x3lVYPzl-t8m1NDzHMwOHjEATOxaeig0KDPr3iaH7Ua01gZcwGq1bLdrGTG2qWXn2j2w54Wi2pIYbo
cache-control
no-cache
cf-ray
759ebdd15cd25caa-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
pixel
cm.g.doubleclick.net/ Frame C135
Redirect Chain
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMHjZaJFCdvW8a2meHirPno&google_cver=1&google_push=AZmPxg8JP1-gtte6kGk3xoQ-YNl71uZj5QXZtR7SrtPFM4_3Irx5n3av8bU2-lknYOYervbCxDI3pjcCFSLgYWS0X...
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMHjZaJFCdvW8a2meHirPno&google_cver=1&google_push=AZmPxg8JP1-gtte6kGk3xoQ-YNl71uZj5QXZtR7SrtPFM4_3Irx5n3av8bU2-lknYOYervbCxDI3pjcCFSLgYWS0X...
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AZmPxg8JP1-gtte6kGk3xoQ-YNl71uZj5QXZtR7SrtPFM4_3Irx5n3av8bU2-lknYOYervbCxDI3pjcCFSLgYWS0XL-T6ZOmIb_6&google_hm=Fen5tGZHCnJQ-cJTTku1G-vg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AZmPxg8JP1-gtte6kGk3xoQ-YNl71uZj5QXZtR7SrtPFM4_3Irx5n3av8bU2-lknYOYervbCxDI3pjcCFSLgYWS0XL-T6ZOmIb_6&google_hm=Fen5tGZHCnJQ-cJTTku1G-vg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 14 Oct 2022 07:53:28 GMT
pod
X-Sovrn-Pod: ad_ap5ams1
access-control-allow-methods
GET, POST, DELETE, PUT
location
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AZmPxg8JP1-gtte6kGk3xoQ-YNl71uZj5QXZtR7SrtPFM4_3Irx5n3av8bU2-lknYOYervbCxDI3pjcCFSLgYWS0XL-T6ZOmIb_6&google_hm=Fen5tGZHCnJQ-cJTTku1G-vg
access-control-allow-origin
*
access-control-allow-credentials
true
connection
close
access-control-allow-headers
X-Requested-With, Content-Type
pixel
cm.g.doubleclick.net/ Frame C135
Redirect Chain
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEALi--wkzGiXvOY_kvN1XvM&google_cver=1&google_push=AZmPxg-Kr_2NbBSMfIWXoDudGw5mMhc48EzN8V8d9g5EV92K0yqcP34sX2nKqSu--wi_BjnVir5E7HQLnE0RLRjK...
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AZmPxg-Kr_2NbBSMfIWXoDudGw5mMhc48EzN8V8d9g5EV92K0yqcP34sX2nKqSu--wi_BjnVir5E7HQLnE0RLRjKAqkCrtLSWXk2
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AZmPxg-Kr_2NbBSMfIWXoDudGw5mMhc48EzN8V8d9g5EV92K0yqcP34sX2nKqSu--wi_BjnVir5E7HQLnE0RLRjKAqkCrtLSWXk2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 14 Oct 2022 07:53:28 GMT
via
1.1 bfeb5de1b362acd366f42059fc9dbbbc.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
TXL50-P2
x-cache
FunctionGeneratedResponse from cloudfront
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AZmPxg-Kr_2NbBSMfIWXoDudGw5mMhc48EzN8V8d9g5EV92K0yqcP34sX2nKqSu--wi_BjnVir5E7HQLnE0RLRjKAqkCrtLSWXk2
cache-control
no-cache, must-revalidate
content-length
0
x-amz-cf-id
F24mIvXj97oq7yW5vB0022hMcg8NRlAf9zZD1eBIJxEdhC5qED0gHw==
report
sync.teads.tv/um/ Frame C135
Redirect Chain
  • https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIxZzxWzJtAwlq3Jb_rc3NU&google_cver=1&google_p...
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AZmPxg-Tglrl7_DPRADm-hg8ZKQvHcTE66uji2K3svdWwWO69vEgBB1FdvKlTeMpu2LzUhx16mgmcJ1wwPAV1jVNxn7iFITQOfSfDg
  • https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H2
Server
104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-75.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.9 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Fri, 14 Oct 2022 07:53:28 GMT
pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
cache-control
max-age=0, no-cache, no-store
server
akka-http/10.2.9
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
260
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame C135
Redirect Chain
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26&google_push=AZmPxg8g8fmu--tsRbOvYkMlHzkzo-UkwMfeVcaI...
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26&google_push=AZmPxg8g8fmu--tsRbOvYkMlHzkzo-UkwM...
  • https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=3de31375-26b5-4c85-8ae9-50a0a1cc35c3&&google_push=AZmPxg8g8fmu--tsRbOvYkMlHzkzo-UkwMfeVcaIShWK6v67FpcxDXjgCewzecLs0k8oB91PYv...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=3de31375-26b5-4c85-8ae9-50a0a1cc35c3&&google_push=AZmPxg8g8fmu--tsRbOvYkMlHzkzo-UkwMfeVcaIShWK6v67FpcxDXjgCewzecLs0k8oB91PYv8w-sYePV9WarjiguALQAgJAYOGqQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=3de31375-26b5-4c85-8ae9-50a0a1cc35c3&&google_push=AZmPxg8g8fmu--tsRbOvYkMlHzkzo-UkwMfeVcaIShWK6v67FpcxDXjgCewzecLs0k8oB91PYv8w-sYePV9WarjiguALQAgJAYOGqQ
Date
Fri, 14 Oct 2022 07:53:28 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
attr
cm.g.doubleclick.net/pixel/ Frame C135 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KfFtoQMOsOG8T8FzeRgNfWmbxqeBDJrA6i2EgPxYtq-Gdn0sXVf0QVLhgGtA9sd7lwgjgDr1o
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
gen_204
pagead2.googlesyndication.com/pagead/ Frame D7E3 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bnft2m_1D0kgRFMEQ4n0xNUonV4SHNwJx74uYxwUawx2ojhLqeFgO53GOMx5kSMukHJDyBNO8SEuSt6Hh_oZl0Tr7S1TnCTJlTlK7SbD1cCFniyEE
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame D7E3 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:22:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1886
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Oct 2022 07:22:02 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame D7E3 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 18:55:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46697
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7570
x-xss-protection
0
server
cafe
etag
17992891929817281641
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 27 Oct 2022 18:55:11 GMT
l
www.google.com/ads/measurement/ Frame D7E3 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQieLktkxH7v_JLsv4ZeA-dEQWBHN4c0xWSwBkdFtwoULvp1VEnnpv10d2uDgmZEpSaLKSTu6FwVaQ1vsKkqdx-QkpLAg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D7E3 		152 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47415
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1665574756386403"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 14 Oct 2022 07:53:28 GMT
ad.css
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/css/ Frame 8DED 		1 KB
494 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/css/ad.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e980978372ef893e791fa10ac60561adda47a13b2fa5a10557e491808259633f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
465
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
img1.jpg
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/img1.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
16ec50bac671d303d46d078347192e3defdfebd1488991288f6182f4b6fe1488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36078
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
img2.jpg
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/img2.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b9fff3f99dc21e4051a54b10c589611a6b4c56b78079c275cc9279d996950468
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45194
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
img3.jpg
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/img3.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
93b3c4a595bd63cb41b20bfa3feed5a0515c0b1ad5b943d12c50e37dcea64696
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36124
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
img4.jpg
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/img4.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e064bae416609c3a889384a353c1fccad530f6a9169a2dd3702aa54813d88443
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44662
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt1.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6369d32085728856813df2a0debbfed9a2338698cbba75737849c9805a9570f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6882
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt1b.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt1b.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
adfb4cad9ff9a338742a03254c75f3bb152534d4209c0eacf2175f4a3091d667
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5429
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt2.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb7a31f16a1a9bda77fe3d3f1201ac7e238101cd1022b68e93580fa39394fbcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7176
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt2b.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt2b.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bcb5c5298e2439eacc8bbbd3a20f56b1cb005614bb4af475a9510124c33aa3ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3772
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt3.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt3.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ad2ae14f9e3a0b0f5a8ce19fef6938a770fd218074ed858feaf48cb2986c4372
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9401
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt3b.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt3b.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cde1e812a0335654f8b799dc109ef9c0254c72de4e35f40c20a2bdded0be19c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4662
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt4.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt4.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e7878bbb1a0d8199e68adf0a7ffdf82a162b0a24207a696b0c5a8c3f64acc4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7513
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt4b.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt4b.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85d8b565ec1b8140a0f3dd1801e149bc09ee8fd650539cb35ae5aeb86faa29c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 18:50:21 GMT
x-content-type-options
nosniff
age
565387
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7018
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 07 Oct 2023 18:50:21 GMT
cta_img1.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/cta_img1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c7f7b6ccfbf79cae50825d1c5bb299e19e6dcf08322824815ac50a223949b7e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3710
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
cta_img2.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/cta_img2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
06d5536790e8d7944356feaf9ae77fa4796addcfeade125e8ec10bb4b7491a5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 14:00:04 GMT
x-content-type-options
nosniff
age
582804
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3821
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 07 Oct 2023 14:00:04 GMT
logo.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 8DED 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/logo.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e8acb14506260c4c012ca16081656a17cbf162224ddf70d31e48e6cefb7fb6cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4246
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 8DED 		105 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35824
x-xss-protection
0
last-modified
Fri, 09 Oct 2015 14:01:28 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 14 Oct 2022 07:53:28 GMT
ad.js
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/js/ Frame 8DED 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/js/ad.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8c64f55a5448751409418c195c34fdb8cab1dfa25b41eacf7e08f1dbab8c7555
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2735
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 18EE 		640 B
316 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNUVYV9WnFQZrWMHfOs3SbqX9AHtcdrAv3Q_q4RsRcV7dxLBVAjylzkMItgD_OWoMPk5OC7FwSSrZZ2hGF9ghFuHoGQZXLYKcpB2ETw2x0PcQ-PQBYpB8TuUR-HlULqquZ2aupSULkT3RypSHiSjlXurQAoqMONv6l-uYqYSN4bNq5D9K_A
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
295
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame D7E3 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DP4FMevaOKJ0zONeCqB_2TZUDv7BPCWEqC2WzoyUJbRR5sERSC4DNPtVip1QJiKk_TG6-autMnhB1XsQh1XvZ53gPwWg&cry=1&dbm_d=AKAmf-DT-gSYzwL0maJ-kaa2sfsGlKnr-qrG12KL5EiLxNAJKQ1J6h0gWRdNQevF38ywD1bT1NnMS_Gt1lnNDiMQl-SmSaK8CYXlUUAkiNAPQqA3_S8n3WEbjmeGqLB0qI8b1iubUDTblItDZilYhNFR1r5AZ7xBkBaLdK1t-_e0YpGDC49NYVu7Y-5BAeXJSgWGCROpSTB4GSeCQ6TCdULFMp-daTcKijTV2EgIIk-r2bO3wCdPaZmfrqdLLRghQZoihJgYxh6tc7D16SBZpOi3jljQeRJb8-Jk3CU0amqNL3ZjRcC8JuUTLQI3XpS26Nvje5Ot7dofKM5Q-Ljn6wyb5XrL6HRXnNcLL9TEs2YTUr-Zm1VoMWLD7kEv6gZOHETLByfp43pPL9GAD4hGgnr9IO79X4SdRHTeccH5b8WyGDnL3ZhMAJnA5lhoDrQR2HUieJ-WVuKAr66hus_ZGobrCYsCPgvXfcQg3e44waxjNMjjS8XD9kc6-DjIwzer6qCGGgWIwG8xJyX5MFrsRJ-U8VjXFrk12yqDz6b83f2h-ec2VJz-MS7hfyizQ5SQ-Ndo-XX6zlHcMelsfFiTSx0t-FYr3xB4R8unD4kemA6G0jNiA8AZCBaq5Zq4yEMDTbpGkpqf89YkUqEN73cf2PTUoFLxDEXYerEAf9Ad1pLfsLQ2Sa6MklZIeyoQaNEHKfTwUmvSa41swwmG2R9ll2IWwLBBM6RA6CS6Gz1EyA6jeBFi3HqTHfy5dRnXm9qHs-flS38B60SqJXMQkLcTY0QSNEhykS0gazq5YpN04WQD2dBeUMQQkc-1L8vGtZfBwgJ0OQ1AJbIg9YXMDvejLnyBy5K_1V7yJZ1gMWQ5fLWs0A4x1oZKtyAld6O-a7r7uDhszRIWul_Q3E4am3zi4CXPJguWmoB9wDBuWrjUjQECntGaDGqMh8ISHpcB7PBF0gNwcXZf9dZP0TLetWB_dOM2hKwh1JVtYD6gjjwqj-vcoocXeHTJxdLjPkkxD5QoTr9RB4hMGyx4CnjU_krR4VDMrwOu53oXbilJ4v2afqfIsP5cLppaH-nBSv9wEptjr4fWRruj-XwGOaOzWtXq6XIUw-E5pl8As79z5kjdvmAN3oW3WHoi94u2QJm8eVCcFteX58Fs4e6RHZQ2sT41rsXx_gDczyTzGg7nqGHJk8LmfkMMr1Nd-gtp0C_X9WeImdDstwflFgdAGFGEgozX9bweWPBdkJXyXczEgSDZZQ-dJNzyyyf4Bt_ZaNj-0TkuQnB6kfCok8vdSCCYvLf4HiW_XDxYBJrBX5GE9ow-HYWejMGIHbrDGaubaE8FemGcmFj72lBcdZBsexMqCnkwZq8fDnrzOfmmimvma4ivJYpisqapzN9DKA_deMKf_Tju952svU7AuieBdQmbvgKoWeDU_iGak4cmcEpZnWvxEc6yh90D5Xrvjfvh9Glp3VFndkMUZwote2BfJXAT3D9xUYRCH4vQGcQXLGC0CHojxXpOPgKOpsOkm3iOREvWBAzfqhZNKpR59LK4MSUIa8XFQeZgAPuD3jSSZQf5crAVraidogJQwei_oT7yjyHtd9cWoX3oyF4XGpWu7HHZPG_rXEB0v3JYBWgDmV-GCOXjjWm6L2WBDTy7FFZy1kI0GZNppnJJQcVcMRgqfY0F87TuG4isE6sPifqbNaCdzj0qTQYH-DI_E9e1rknWvmr3qVM1UBAI3AMfFMc3zZvyJuAnmpV3nc-VQgxBnLwTSx3vf4Q8J79bkuJV6Y1gj2SZb62QjTykKQdyti49sHRCApHlEAqnP_cfTG9SmpoRmRI9KKo6_h12lDOjgLPT_JNTTllqWZ8D4jxczG-PDey1QM4HMfQ98-G-t2WTQrpa_b36w_8W_7FvzIbLIEtqiINBKp-filq95AbZgQRvmqYOaD5qSquooQcYu-vm0JdPq67hB_ts_FR7x2kNquy7BtkVFL5bvpiiIexD1gN0zf1oy0fO-ppF-L3nRPWZNGnUWPwHC2U6n2CBRn6RV3XgdiABcOQd9DkwG8J0xDXQdBaHQlwq8zBGd5_XdxG3Cl8zoc_GG5t_WRF2B1SUjB0XsAnkBZ4q3NuEbh4D3hYyAyvrwgMCkK5XOidfMD5wGb3iKd-WQ9SoFGCUSuXqqmjpWHyHo0s4YrceNf-LFKfUrSxyxskGzWGMWIOpRJk62KN7D1H55vY867MlYOU_Q8vvMaAMb38lCYLdmSooZuvtfgRXFO3GMTNzwmUPSrD3PmnBbRxUOqtw82GS-tKd_Xfllmr-jepZOAlAQKOA0Nt03ADgzdMDHvza5ApHeVxZBlorsBgJyir_UocqYFaX12iqkeAzlAfjoLv25LujmIO3eRIa0etIuJeZ1NvcNySiNKxklydk9iOMknWdZWlx1LRug-7NUBHmieuYZduA2ONMTjAZz5J3yAglH-d3fKt3cVk_xSKBCftuVFFp9LN08BHO6quMdOiy82s6iC8I3CYmiZFnS0wC56DbUJHIW7iiaNICoRJnp2xafSy0hMNjBqCOnUeJMkZ_RM75S7IUgr9VwNalwEry--slDDMW7ZyJwjXYJlB3RxBogaYCG6egIJBmj6UlaaaUjfnbtFvZQRxnQ-hv5evrlZ4ieFhKWL1g4n2SiUTVXgnURjepDMYcWa-xIRnKfS6wzVhCC-sw1LrDDuvRKpON27S5K4d1JAybeIdSCC0Kpbqr0uZ1gdVEyLjEv1JFtnkaOEoGAuM5Z2FrlyNe2vJGVjfYd9Qp9p699PPxxS7dfaSClnTpCtPOqag2l6FJagfVsK2g1kl7r7_WUYSSCQ9p-7mLFk0-rbZRmmZmP3e1b127uJ6KJNb23QBaf43tLsQFPH85X42uQ81w9uX2fr94y9lC7foPyBK3qgtmsi1Vv45m8YyrLxxftjc6m5VLpZ9lxT99NjUgx-66L6SFbxFnolfMcFW6HyClDxuskyJweGtcBi4XTsJad4GF_YvtHIBAKuHn_ZnkgeJ7SP_8c1FTeCZg4WwyhpHo5Gjro-zLgFeFp2L7zbu8rueFY0qeg0LnpRLuKp07ioNNJBs7LTu2Qjz1whFinvgehEKpiqATMW9bHhhllZhJ84A6f4wAPD8FVxQeC7pXqMYWcUVEuvp4_9eEk8XdMPu7LeV-yG_0x2uz9_-uHHVyShXdxLqYNo30u2gfTMXHk2bIdWkAWVhmeZU_Kkw3XXw_MKOs0RzqPas8FzPMYTlj-9JmKr_uw4NPRjrnRGS4XEydv1ZSUBo4Wz6GkXlKnyUuldLUfMxCzwTAAV9R-DIyeRLaFbWIp1eSadVA6Hpy2sJWYufJfCYx_jmDeu3kbbJJcJ-JMp457JIsPH8nwr3tBQ_bihjlTQWPeFPFkSqIhG6T&cid=CAQSOwDq26N90Jfy8O7El6tgODOX8-QnB1sIXWMyLTrlm3uNM_gr5KgFYG8F56jJNRDJ8vgLpq-oTCZOxQFKGAEgDg&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
207fdae40b03d63a5811c3c2b3920c828fe69444bef61b0b7696f48ec5b66994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35188
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js
pagead2.googlesyndication.com/bg/ Frame CB30 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:22:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1884
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16112
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 14 Oct 2023 07:22:04 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 9927 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022101101&jk=1725496695991858&bg=!cnGlcTXNAAYeOJy_Pjg7ACkAdvg8WjB2q9_1N6yXS3OGYkizGstNs8wU-jcRKC7EK7mY0486nQa23wIAAACiUgAAAAJoAQeZAv-2k-O8iDtQZgo1_8KhUYlul4Fjymz_nbKGwQtqn_wk4WFsBfKAawUGajmQAupqpbT53BWsNRwkGHd7cJem6quEmmsYY-17JXzhw3XqLArJm638eMNSAoBFjh5cPdidpsxswnnj2Sqx4mMXpd7zLVD8DxnHRZoikjJ6DYnNyjJG3e-NhyhdrD2x9lqyujCX9WxaJZuQDixGkeuJXipjO72x6A0PLmbVebEFkLuOpgB6cc57ty5b61sEbcOfs269b4HsxQY3bJ74rowZofmlxdEeTi8bei7AvVRpDJgA6gbGbSeKJeJmGIKSLtcQ8_cbSLssAsGjOkfb28QlslhyhMiGt_9EEn2IVnu8mXBmjNyrzPGGe1UUEg4-zhEOwWTKWqwMa_hPaR7g8NsFAQefjsk9nGeT68Wkykaw5WlLilljz2j5C4UrZ2Igpmor12xDrmkX7xkktTjX3sYQAIr4SWdKwGIMyTo_uMTcgf8C6D8EBQYbMUdG8hLa4HL0fqjsB-vj2r3TR1YZ-Ww3bopPCLCxIqyCmVQxm1ubM01kYcKeBwoGTFuzPXc4suCInCWvzvR5dymOV6uq1J_o8ThjxuuGyeTvV9dhYrHpHC82kCIcinKHJCj7IACJNlGbECzviv6tmowH8_Ri_Kv83LrfvAB7fCfcvyorqJziOEPQvolhYF10_5V_e43g4q2dikz97PMRKrq3xarWtWQC0jT8ZFQiRyMHsK8fT60A016fFjWSRQp1F7G7I2fLbVO2hsn0tzT0UWsHBz8-MCCpC0un1oApzXKeaxCt67c4JHBTeEnxkEAA4cTXpXoqUecwDxPKEtdaOK5wmWaN2pSR4EtKPUbmwwO4ax3MQZRFHU1PUbViXUlq_xDWI_0LAnOFcGqAJE2mnI7Btwi0pJPSFcDuT73nyURa1YiXQdO3xeMf1F-0_tW6Y8uTKuFHR2xWZJFvdId7QwFFtQ1KB2mERNabHesc-6T__YbjTemZuupHiWukZFhCdmx1eAhFe-_T97AYfw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame D35A 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?ou3nLA
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sd
us-u.openx.net/w/1.0/ Frame 18EE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJFCt-qAbtnNQGdqybQPOYQ&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJFCt-qAbtnNQGdqybQPOYQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNUVYV9WnFQZrWMHfOs3SbqX9AHtcdrAv3Q_q4RsRcV7dxLBVAjylzkMItgD_OWoMPk5OC7FwSSrZZ2hGF9ghFuHoGQZXLYKcpB2ETw2x0PcQ-PQBYpB8TuUR-HlULqquZ2aupSULkT3RypSHiSjlXurQAoqMONv6l-uYqYSN4bNq5D9K_A
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJFCt-qAbtnNQGdqybQPOYQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame 18EE 		43 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNUVYV9WnFQZrWMHfOs3SbqX9AHtcdrAv3Q_q4RsRcV7dxLBVAjylzkMItgD_OWoMPk5OC7FwSSrZZ2hGF9ghFuHoGQZXLYKcpB2ETw2x0PcQ-PQBYpB8TuUR-HlULqquZ2aupSULkT3RypSHiSjlXurQAoqMONv6l-uYqYSN4bNq5D9K_A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame 18EE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESECesOACdXP0TO_55tNdxfHc&google_cver=1
23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESECesOACdXP0TO_55tNdxfHc&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNUVYV9WnFQZrWMHfOs3SbqX9AHtcdrAv3Q_q4RsRcV7dxLBVAjylzkMItgD_OWoMPk5OC7FwSSrZZ2hGF9ghFuHoGQZXLYKcpB2ETw2x0PcQ-PQBYpB8TuUR-HlULqquZ2aupSULkT3RypSHiSjlXurQAoqMONv6l-uYqYSN4bNq5D9K_A
Protocol
H2
Server
104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-75.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.9 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Fri, 14 Oct 2022 07:53:28 GMT
pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
cache-control
max-age=0, no-cache, no-store
server
akka-http/10.2.9
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.teads.tv/um?eid=3&uid=CAESECesOACdXP0TO_55tNdxfHc&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame 18EE 		23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGK6lmMcBMAE&v=APEucNUVYV9WnFQZrWMHfOs3SbqX9AHtcdrAv3Q_q4RsRcV7dxLBVAjylzkMItgD_OWoMPk5OC7FwSSrZZ2hGF9ghFuHoGQZXLYKcpB2ETw2x0PcQ-PQBYpB8TuUR-HlULqquZ2aupSULkT3RypSHiSjlXurQAoqMONv6l-uYqYSN4bNq5D9K_A
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-75.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.9 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Fri, 14 Oct 2022 07:53:28 GMT
pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
cache-control
max-age=0, no-cache, no-store
server
akka-http/10.2.9
content-length
23
content-type
image/gif
express_html_obb_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame D7E3 		119 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed44e345a8354731787a4fc575c66363aac13eebd6007b88aecd8a1deea341df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 03:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16416
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42405
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:28 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 15 Oct 2022 03:19:52 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221012/r20110914/elements/html/ Frame D7E3 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221012/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DP4FMevaOKJ0zONeCqB_2TZUDv7BPCWEqC2WzoyUJbRR5sERSC4DNPtVip1QJiKk_TG6-autMnhB1XsQh1XvZ53gPwWg&cry=1&dbm_d=AKAmf-DT-gSYzwL0maJ-kaa2sfsGlKnr-qrG12KL5EiLxNAJKQ1J6h0gWRdNQevF38ywD1bT1NnMS_Gt1lnNDiMQl-SmSaK8CYXlUUAkiNAPQqA3_S8n3WEbjmeGqLB0qI8b1iubUDTblItDZilYhNFR1r5AZ7xBkBaLdK1t-_e0YpGDC49NYVu7Y-5BAeXJSgWGCROpSTB4GSeCQ6TCdULFMp-daTcKijTV2EgIIk-r2bO3wCdPaZmfrqdLLRghQZoihJgYxh6tc7D16SBZpOi3jljQeRJb8-Jk3CU0amqNL3ZjRcC8JuUTLQI3XpS26Nvje5Ot7dofKM5Q-Ljn6wyb5XrL6HRXnNcLL9TEs2YTUr-Zm1VoMWLD7kEv6gZOHETLByfp43pPL9GAD4hGgnr9IO79X4SdRHTeccH5b8WyGDnL3ZhMAJnA5lhoDrQR2HUieJ-WVuKAr66hus_ZGobrCYsCPgvXfcQg3e44waxjNMjjS8XD9kc6-DjIwzer6qCGGgWIwG8xJyX5MFrsRJ-U8VjXFrk12yqDz6b83f2h-ec2VJz-MS7hfyizQ5SQ-Ndo-XX6zlHcMelsfFiTSx0t-FYr3xB4R8unD4kemA6G0jNiA8AZCBaq5Zq4yEMDTbpGkpqf89YkUqEN73cf2PTUoFLxDEXYerEAf9Ad1pLfsLQ2Sa6MklZIeyoQaNEHKfTwUmvSa41swwmG2R9ll2IWwLBBM6RA6CS6Gz1EyA6jeBFi3HqTHfy5dRnXm9qHs-flS38B60SqJXMQkLcTY0QSNEhykS0gazq5YpN04WQD2dBeUMQQkc-1L8vGtZfBwgJ0OQ1AJbIg9YXMDvejLnyBy5K_1V7yJZ1gMWQ5fLWs0A4x1oZKtyAld6O-a7r7uDhszRIWul_Q3E4am3zi4CXPJguWmoB9wDBuWrjUjQECntGaDGqMh8ISHpcB7PBF0gNwcXZf9dZP0TLetWB_dOM2hKwh1JVtYD6gjjwqj-vcoocXeHTJxdLjPkkxD5QoTr9RB4hMGyx4CnjU_krR4VDMrwOu53oXbilJ4v2afqfIsP5cLppaH-nBSv9wEptjr4fWRruj-XwGOaOzWtXq6XIUw-E5pl8As79z5kjdvmAN3oW3WHoi94u2QJm8eVCcFteX58Fs4e6RHZQ2sT41rsXx_gDczyTzGg7nqGHJk8LmfkMMr1Nd-gtp0C_X9WeImdDstwflFgdAGFGEgozX9bweWPBdkJXyXczEgSDZZQ-dJNzyyyf4Bt_ZaNj-0TkuQnB6kfCok8vdSCCYvLf4HiW_XDxYBJrBX5GE9ow-HYWejMGIHbrDGaubaE8FemGcmFj72lBcdZBsexMqCnkwZq8fDnrzOfmmimvma4ivJYpisqapzN9DKA_deMKf_Tju952svU7AuieBdQmbvgKoWeDU_iGak4cmcEpZnWvxEc6yh90D5Xrvjfvh9Glp3VFndkMUZwote2BfJXAT3D9xUYRCH4vQGcQXLGC0CHojxXpOPgKOpsOkm3iOREvWBAzfqhZNKpR59LK4MSUIa8XFQeZgAPuD3jSSZQf5crAVraidogJQwei_oT7yjyHtd9cWoX3oyF4XGpWu7HHZPG_rXEB0v3JYBWgDmV-GCOXjjWm6L2WBDTy7FFZy1kI0GZNppnJJQcVcMRgqfY0F87TuG4isE6sPifqbNaCdzj0qTQYH-DI_E9e1rknWvmr3qVM1UBAI3AMfFMc3zZvyJuAnmpV3nc-VQgxBnLwTSx3vf4Q8J79bkuJV6Y1gj2SZb62QjTykKQdyti49sHRCApHlEAqnP_cfTG9SmpoRmRI9KKo6_h12lDOjgLPT_JNTTllqWZ8D4jxczG-PDey1QM4HMfQ98-G-t2WTQrpa_b36w_8W_7FvzIbLIEtqiINBKp-filq95AbZgQRvmqYOaD5qSquooQcYu-vm0JdPq67hB_ts_FR7x2kNquy7BtkVFL5bvpiiIexD1gN0zf1oy0fO-ppF-L3nRPWZNGnUWPwHC2U6n2CBRn6RV3XgdiABcOQd9DkwG8J0xDXQdBaHQlwq8zBGd5_XdxG3Cl8zoc_GG5t_WRF2B1SUjB0XsAnkBZ4q3NuEbh4D3hYyAyvrwgMCkK5XOidfMD5wGb3iKd-WQ9SoFGCUSuXqqmjpWHyHo0s4YrceNf-LFKfUrSxyxskGzWGMWIOpRJk62KN7D1H55vY867MlYOU_Q8vvMaAMb38lCYLdmSooZuvtfgRXFO3GMTNzwmUPSrD3PmnBbRxUOqtw82GS-tKd_Xfllmr-jepZOAlAQKOA0Nt03ADgzdMDHvza5ApHeVxZBlorsBgJyir_UocqYFaX12iqkeAzlAfjoLv25LujmIO3eRIa0etIuJeZ1NvcNySiNKxklydk9iOMknWdZWlx1LRug-7NUBHmieuYZduA2ONMTjAZz5J3yAglH-d3fKt3cVk_xSKBCftuVFFp9LN08BHO6quMdOiy82s6iC8I3CYmiZFnS0wC56DbUJHIW7iiaNICoRJnp2xafSy0hMNjBqCOnUeJMkZ_RM75S7IUgr9VwNalwEry--slDDMW7ZyJwjXYJlB3RxBogaYCG6egIJBmj6UlaaaUjfnbtFvZQRxnQ-hv5evrlZ4ieFhKWL1g4n2SiUTVXgnURjepDMYcWa-xIRnKfS6wzVhCC-sw1LrDDuvRKpON27S5K4d1JAybeIdSCC0Kpbqr0uZ1gdVEyLjEv1JFtnkaOEoGAuM5Z2FrlyNe2vJGVjfYd9Qp9p699PPxxS7dfaSClnTpCtPOqag2l6FJagfVsK2g1kl7r7_WUYSSCQ9p-7mLFk0-rbZRmmZmP3e1b127uJ6KJNb23QBaf43tLsQFPH85X42uQ81w9uX2fr94y9lC7foPyBK3qgtmsi1Vv45m8YyrLxxftjc6m5VLpZ9lxT99NjUgx-66L6SFbxFnolfMcFW6HyClDxuskyJweGtcBi4XTsJad4GF_YvtHIBAKuHn_ZnkgeJ7SP_8c1FTeCZg4WwyhpHo5Gjro-zLgFeFp2L7zbu8rueFY0qeg0LnpRLuKp07ioNNJBs7LTu2Qjz1whFinvgehEKpiqATMW9bHhhllZhJ84A6f4wAPD8FVxQeC7pXqMYWcUVEuvp4_9eEk8XdMPu7LeV-yG_0x2uz9_-uHHVyShXdxLqYNo30u2gfTMXHk2bIdWkAWVhmeZU_Kkw3XXw_MKOs0RzqPas8FzPMYTlj-9JmKr_uw4NPRjrnRGS4XEydv1ZSUBo4Wz6GkXlKnyUuldLUfMxCzwTAAV9R-DIyeRLaFbWIp1eSadVA6Hpy2sJWYufJfCYx_jmDeu3kbbJJcJ-JMp457JIsPH8nwr3tBQ_bihjlTQWPeFPFkSqIhG6T&cid=CAQSOwDq26N90Jfy8O7El6tgODOX8-QnB1sIXWMyLTrlm3uNM_gr5KgFYG8F56jJNRDJ8vgLpq-oTCZOxQFKGAEgDg&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 18:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46814
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 27 Oct 2022 18:53:14 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221012/r20110914/ Frame D7E3 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221012/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DP4FMevaOKJ0zONeCqB_2TZUDv7BPCWEqC2WzoyUJbRR5sERSC4DNPtVip1QJiKk_TG6-autMnhB1XsQh1XvZ53gPwWg&cry=1&dbm_d=AKAmf-DT-gSYzwL0maJ-kaa2sfsGlKnr-qrG12KL5EiLxNAJKQ1J6h0gWRdNQevF38ywD1bT1NnMS_Gt1lnNDiMQl-SmSaK8CYXlUUAkiNAPQqA3_S8n3WEbjmeGqLB0qI8b1iubUDTblItDZilYhNFR1r5AZ7xBkBaLdK1t-_e0YpGDC49NYVu7Y-5BAeXJSgWGCROpSTB4GSeCQ6TCdULFMp-daTcKijTV2EgIIk-r2bO3wCdPaZmfrqdLLRghQZoihJgYxh6tc7D16SBZpOi3jljQeRJb8-Jk3CU0amqNL3ZjRcC8JuUTLQI3XpS26Nvje5Ot7dofKM5Q-Ljn6wyb5XrL6HRXnNcLL9TEs2YTUr-Zm1VoMWLD7kEv6gZOHETLByfp43pPL9GAD4hGgnr9IO79X4SdRHTeccH5b8WyGDnL3ZhMAJnA5lhoDrQR2HUieJ-WVuKAr66hus_ZGobrCYsCPgvXfcQg3e44waxjNMjjS8XD9kc6-DjIwzer6qCGGgWIwG8xJyX5MFrsRJ-U8VjXFrk12yqDz6b83f2h-ec2VJz-MS7hfyizQ5SQ-Ndo-XX6zlHcMelsfFiTSx0t-FYr3xB4R8unD4kemA6G0jNiA8AZCBaq5Zq4yEMDTbpGkpqf89YkUqEN73cf2PTUoFLxDEXYerEAf9Ad1pLfsLQ2Sa6MklZIeyoQaNEHKfTwUmvSa41swwmG2R9ll2IWwLBBM6RA6CS6Gz1EyA6jeBFi3HqTHfy5dRnXm9qHs-flS38B60SqJXMQkLcTY0QSNEhykS0gazq5YpN04WQD2dBeUMQQkc-1L8vGtZfBwgJ0OQ1AJbIg9YXMDvejLnyBy5K_1V7yJZ1gMWQ5fLWs0A4x1oZKtyAld6O-a7r7uDhszRIWul_Q3E4am3zi4CXPJguWmoB9wDBuWrjUjQECntGaDGqMh8ISHpcB7PBF0gNwcXZf9dZP0TLetWB_dOM2hKwh1JVtYD6gjjwqj-vcoocXeHTJxdLjPkkxD5QoTr9RB4hMGyx4CnjU_krR4VDMrwOu53oXbilJ4v2afqfIsP5cLppaH-nBSv9wEptjr4fWRruj-XwGOaOzWtXq6XIUw-E5pl8As79z5kjdvmAN3oW3WHoi94u2QJm8eVCcFteX58Fs4e6RHZQ2sT41rsXx_gDczyTzGg7nqGHJk8LmfkMMr1Nd-gtp0C_X9WeImdDstwflFgdAGFGEgozX9bweWPBdkJXyXczEgSDZZQ-dJNzyyyf4Bt_ZaNj-0TkuQnB6kfCok8vdSCCYvLf4HiW_XDxYBJrBX5GE9ow-HYWejMGIHbrDGaubaE8FemGcmFj72lBcdZBsexMqCnkwZq8fDnrzOfmmimvma4ivJYpisqapzN9DKA_deMKf_Tju952svU7AuieBdQmbvgKoWeDU_iGak4cmcEpZnWvxEc6yh90D5Xrvjfvh9Glp3VFndkMUZwote2BfJXAT3D9xUYRCH4vQGcQXLGC0CHojxXpOPgKOpsOkm3iOREvWBAzfqhZNKpR59LK4MSUIa8XFQeZgAPuD3jSSZQf5crAVraidogJQwei_oT7yjyHtd9cWoX3oyF4XGpWu7HHZPG_rXEB0v3JYBWgDmV-GCOXjjWm6L2WBDTy7FFZy1kI0GZNppnJJQcVcMRgqfY0F87TuG4isE6sPifqbNaCdzj0qTQYH-DI_E9e1rknWvmr3qVM1UBAI3AMfFMc3zZvyJuAnmpV3nc-VQgxBnLwTSx3vf4Q8J79bkuJV6Y1gj2SZb62QjTykKQdyti49sHRCApHlEAqnP_cfTG9SmpoRmRI9KKo6_h12lDOjgLPT_JNTTllqWZ8D4jxczG-PDey1QM4HMfQ98-G-t2WTQrpa_b36w_8W_7FvzIbLIEtqiINBKp-filq95AbZgQRvmqYOaD5qSquooQcYu-vm0JdPq67hB_ts_FR7x2kNquy7BtkVFL5bvpiiIexD1gN0zf1oy0fO-ppF-L3nRPWZNGnUWPwHC2U6n2CBRn6RV3XgdiABcOQd9DkwG8J0xDXQdBaHQlwq8zBGd5_XdxG3Cl8zoc_GG5t_WRF2B1SUjB0XsAnkBZ4q3NuEbh4D3hYyAyvrwgMCkK5XOidfMD5wGb3iKd-WQ9SoFGCUSuXqqmjpWHyHo0s4YrceNf-LFKfUrSxyxskGzWGMWIOpRJk62KN7D1H55vY867MlYOU_Q8vvMaAMb38lCYLdmSooZuvtfgRXFO3GMTNzwmUPSrD3PmnBbRxUOqtw82GS-tKd_Xfllmr-jepZOAlAQKOA0Nt03ADgzdMDHvza5ApHeVxZBlorsBgJyir_UocqYFaX12iqkeAzlAfjoLv25LujmIO3eRIa0etIuJeZ1NvcNySiNKxklydk9iOMknWdZWlx1LRug-7NUBHmieuYZduA2ONMTjAZz5J3yAglH-d3fKt3cVk_xSKBCftuVFFp9LN08BHO6quMdOiy82s6iC8I3CYmiZFnS0wC56DbUJHIW7iiaNICoRJnp2xafSy0hMNjBqCOnUeJMkZ_RM75S7IUgr9VwNalwEry--slDDMW7ZyJwjXYJlB3RxBogaYCG6egIJBmj6UlaaaUjfnbtFvZQRxnQ-hv5evrlZ4ieFhKWL1g4n2SiUTVXgnURjepDMYcWa-xIRnKfS6wzVhCC-sw1LrDDuvRKpON27S5K4d1JAybeIdSCC0Kpbqr0uZ1gdVEyLjEv1JFtnkaOEoGAuM5Z2FrlyNe2vJGVjfYd9Qp9p699PPxxS7dfaSClnTpCtPOqag2l6FJagfVsK2g1kl7r7_WUYSSCQ9p-7mLFk0-rbZRmmZmP3e1b127uJ6KJNb23QBaf43tLsQFPH85X42uQ81w9uX2fr94y9lC7foPyBK3qgtmsi1Vv45m8YyrLxxftjc6m5VLpZ9lxT99NjUgx-66L6SFbxFnolfMcFW6HyClDxuskyJweGtcBi4XTsJad4GF_YvtHIBAKuHn_ZnkgeJ7SP_8c1FTeCZg4WwyhpHo5Gjro-zLgFeFp2L7zbu8rueFY0qeg0LnpRLuKp07ioNNJBs7LTu2Qjz1whFinvgehEKpiqATMW9bHhhllZhJ84A6f4wAPD8FVxQeC7pXqMYWcUVEuvp4_9eEk8XdMPu7LeV-yG_0x2uz9_-uHHVyShXdxLqYNo30u2gfTMXHk2bIdWkAWVhmeZU_Kkw3XXw_MKOs0RzqPas8FzPMYTlj-9JmKr_uw4NPRjrnRGS4XEydv1ZSUBo4Wz6GkXlKnyUuldLUfMxCzwTAAV9R-DIyeRLaFbWIp1eSadVA6Hpy2sJWYufJfCYx_jmDeu3kbbJJcJ-JMp457JIsPH8nwr3tBQ_bihjlTQWPeFPFkSqIhG6T&cid=CAQSOwDq26N90Jfy8O7El6tgODOX8-QnB1sIXWMyLTrlm3uNM_gr5KgFYG8F56jJNRDJ8vgLpq-oTCZOxQFKGAEgDg&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b3c218f921126409f2f4a82b74458117039037330ffb76b30df5c6062b353a90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 18:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46814
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11730
x-xss-protection
0
server
cafe
etag
9319256901541695429
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 27 Oct 2022 18:53:14 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 9153 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstluVdC27nDXMC7C7snMwAp3_C_HKaPI6axS-OBUjRX7PN5mzUQfWuvhgkzIHknlVZw7hUda5sKXtJDcbX4NSX8Ax0qPaDlNWsKNcXAEUQSzCs0dIlAKkSQRvEN1Irb0lQXM283diy8XCGKhvy8px0Y16hLZcDEmlqGmHIZ8L9liqpjiChhOpeZn5SI-4FaEnn1f9TFZ-Y26UwX6ImsBS0LHW8OftgHRZUni8vNBBSu9gvUQcDRUH8yvj5m1mdYAJuO-DKOPRdW6cKXhE2W7Ae8fk2zBQiEn_8K9_c570iNUPeHAPw_L0m1XK_CX36inRkkCiqFjukz0GO0eZhBF_vw87wbQtV3oelHxe0IfLlM8Ad0zDCqdn3GA1dyBP0HDyy4lrbcDPKsV44b-8wvKu3jI9Ks12ZKoPPZqaDqlTe3suoqEQg7gzkzYbWA8r-FlGOmQYY6vJ1DbAxDuxN8bqSx2sKamTeUGmh5YjVEwvqO-SZasRo_0jit0GYHJaKaQrmeCHEmcybo2y32GKRZvaxJGvaj8cq6AfRsm3VRMSETgYP3Ar4WgWoX4B28Bg9cWSQsltLfi8vI-JI85HFvNh95tt5FWa5Xv4aNCPZBXG1O9fZdzJamAZh-8dK9YlVyPb7LRUbTm-EPvNyO-aDjiCOkrRtEhcpWFGoKRI8PJJgNVCmdSrI4BFM91TnwGEg5mPzahkmaWr6pVupvZXvBCVH8XPU4BhgpC8yfelSm37rewFCEZn_Zutpk3mUbK8Bti727X-lPsXBsEs3FLQiO7tfbk2cru8uM5LplOBAKCIKW_eO_du8MAguJYAYecMNRUih52gjFzD59qxdfkvJHT6po113Jqrc722yDIi1Wjf9J-zxPARIP0kuW0PSeLeajtrnEYJGSjGnpv2x0mwVwGNlEicr80HP4iB1tEEEy4yxyej_jPSvToOy2qvpIk9UzVvhVU05uwRU3F_as_sgQpzNa5JSKdKcwnkK_yZb_HXh8mw-Y2SRbAArygkwUUgvRNe6wFP7PatkqYCT4hPAGdOLhXs-G-7y4ieWxfrw9exOxT6TgObbAhmF0XUPu6gof2-lpcwg6h8lHIA82rVoSuY-EHtLq606oZGRugQOFMYm_oqTC6ytlpdAADyCVKjOdXJ_3bWbWIWNKuAGJpTU9qQwL6oS24DYAJb2VDTWWu8aqIscKqvgnoMBuZ9EHx01v3Do9leEYNfEcR1EOtmPgAa9W0IiiAfh2GPwXHR_ku2mdCMvvwSkduFZoYozIiBOZdDGE5NRfxXb6ajIg0CA88MEm4oYgURQjx4jKri9kxhpctw&sai=AMfl-YRJJB1zCT60Uf5RiPa6sYYl42uY6tcz1GcSUodWMqSl1b-t1Ob5L7ZVbUwPy5Ec-062e-eEw88haOs4gKHbkaAYJCgZljLo7ksICpzWhu1co9BzwZyX3OgcvXfuVFEsTkOGmUBK18mq1qNwYorfaazc9fikE8uLMIJBrqtxB40K-cHKVYTKuupfng1piBBQPKFZvPUQL7cuHYuie9I&sig=Cg0ArKJSzJO9vmNYfL21EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=440&vt=11&dtpt=248&dett=3&cstd=188&cisv=r20221012.29356&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 9153 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=latest&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
503065fa938aaf774537c160f0c11e50dc35bd15bf29cd03a9a8d33037dbe022
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5628
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 6E08 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221012&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3772469c0442ef6ef3a53665def938a97d80e1ed48ecefc93357615cacd9756d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11117
x-xss-protection
0
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame 9153 		63 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1665734007&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734007440&bpp=16&bdt=501&idt=160&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&correlator=4743840626201&rume=1&frm=23&ife=1&pv=2&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1295345333&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=4086511263&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770766%2C21066434%2C31061691%2C31061693&oid=2&pvsid=2690718978347617&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.2391sdzalarw&fsb=1&dtd=187
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a139caebc5a7c4bf78945ba3f22a3ae9981e5e8d6f10a2f6235d07a438eb0c41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:48:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
279
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23659
x-xss-protection
0
server
cafe
etag
898360552121563568
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Fri, 14 Oct 2022 08:48:49 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame D7E3 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:22:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77459
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Oct 2023 10:22:29 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 21EC 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
39979
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 13 Oct 2022 20:47:09 GMT
etag
48472445140208031
expires
Fri, 14 Oct 2022 20:47:09 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame D7E3 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9f9d38a368eab86ca0facc5f3c4d398aa8ae3f4e72983ccea299c9567d9861af

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
index.html
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/ Frame 1E09 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
39236128fe5c0e392d70d5f7408240e5cbde2a6458e70e025b5c50781aee8270
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
77037
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
1679
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 13 Oct 2022 10:29:31 GMT
expires
Fri, 13 Oct 2023 10:29:31 GMT
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame D7E3 		0
27 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstg4muTeVPibaK_mdehsdsXjCULH3sOsalF3AN89mH6ZDeTBxEmocJwy8nx28kv0p4P4WL7vsVdblYQ9YRvonqt8PfDUOxJgG48VZ0OgqpYhdqgTvJS01tqUMXZtiE5eKJ1TIv_Y8PuwJqqenNUau9Ju4AdNNw0U8nbps1HTLJjjZ5hM3Ox2Ek9LtNJhI3VfHzEuV7_IyWp75poSNHFEAJQcEK3gGErTeSWH1CGyGQh8E1NnqfGzhm-DWpFnGzMsxpsW-8c8qCDS_XrcJg8bLnRepBan74luPM9Gu4ZrPzTS5fIjrwnnEFBi-VKqGNAxRSqFZraF_HMgM7FpSXeh_ZJjTikzxATjl3_Sj159E-JxP4FEyajS22NEqFpqfj1s0Sg6ZjA-5jHSfbzuC8tIf6R0yeWUGuF_OA7kpe4XzZQeM6rVPafmp9qDmypbZfM7dvg2CoyNk7f1BBQeBcfm9GJNLE6DrlJ25zAKmp32Ba0B37qm8Pd_FwpQCSZNG4xYFnNYIT0PGMfNTD1V6sHvz0XZyrU629jwTzbUKXkVVOSSEqZn7DXipVrbzmt0nPYIHyoNBExSXbwbIAF1ausfIsv6bHMHiO_ldxuirhj5D43q9VixzpT91VAPp-xZR285iNugfyKeKcy1bXI6wtUo8rOKoZDlK-_GfVJ4XsP9yy5T9NPgsg0LLxexBLGJW6O2n24JZ0LCn3344DMZJJ4xswTJ8T_kZ5onG56dP2jKb2cIfQ4yj0EdhT6JcDiIyx-CNFy5BDw5JhSuktNKsI6Zn6C2A8IlwGZ5zEAWKNwnyDUgO_K6ntIuPO6eoAQcAkRSnqYOm4jcXOCqKBJO7QAvFGFupjJL1ps_8V6m5eY7oyXd4qRxGq_lma79yur8Z9auKH2vLhhJyREAjKEgkW5uVwWdJupE4uF5oz51K1LcPmMKs_z9G198JyVYdxlqgsW90aELO6BU1c8sYMfXhySMRAUyQ6O9a0nS3sm1pAr1gtD-lQJl1AfpbABSDcGw4HXwx5N3e9gHhaRfx_FGTVvR_XaAIgwLr21p58txmw9k34AhVub_81KdaLcw3Qg9xvkCGqIIwx_yjvGnQWt91jiIuHsXQWwr9jRBHnqIZc-r-7FCoZnH2itc9i_3x_sx0Cp4-1T10oAH_KHhNMOPlL61m1j7JnXYNd1yky4ahLYM0k4Xumla_E157UbK2x9v2_Oaj5J6f_u0ystirkjOccbh9sVUzzfJMhIwdEX0Zsci5UbrhhQpNVGCjTYgotdPLZimZabtpMLIrSAxhRgs_aI3iinTunjh8DtYAjW4mIKZJZ-YA&sai=AMfl-YTf4OluWxkMY2z_VMbQT6Nq6mphjIuu9OjLlidxGT-POSjn82Ae9XZlp0cBhc9OgQ18p82tX-mjFrdPBYLtLM8YM1p6txPjIJtJOEAKYL6Bo7_kSQxaf7yOBwfblvfmyMVJICttE8Ak0wKl2EGHGgUO5XkPWbY0dcj37MPrGTB8SAvWFYqNbzeVsK2jLJCrYw25ZIgJiQBRaAdhgg22sRiAcU8uf5zLJNXzpatzDgccpMQDrYV97UENM1b20PRtMwKOi3dtOL4&sig=Cg0ArKJSzFJuEfAUgYlsEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=105&cbvp=1&cstd=103&cisv=r20221012.86335&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Fri, 14 Oct 2022 07:53:28 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 9153 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 14 Oct 2022 07:53:28 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 6E08 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 14 Oct 2022 07:53:28 GMT
ad.css
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/css/ Frame 1E09 		1 KB
494 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/css/ad.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e980978372ef893e791fa10ac60561adda47a13b2fa5a10557e491808259633f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
465
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
img1.jpg
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/img1.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
16ec50bac671d303d46d078347192e3defdfebd1488991288f6182f4b6fe1488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36078
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
img2.jpg
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/img2.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b9fff3f99dc21e4051a54b10c589611a6b4c56b78079c275cc9279d996950468
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45194
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
img3.jpg
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/img3.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
93b3c4a595bd63cb41b20bfa3feed5a0515c0b1ad5b943d12c50e37dcea64696
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36124
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
img4.jpg
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/img4.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e064bae416609c3a889384a353c1fccad530f6a9169a2dd3702aa54813d88443
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44662
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt1.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6369d32085728856813df2a0debbfed9a2338698cbba75737849c9805a9570f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6882
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt1b.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt1b.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
adfb4cad9ff9a338742a03254c75f3bb152534d4209c0eacf2175f4a3091d667
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5429
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt2.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb7a31f16a1a9bda77fe3d3f1201ac7e238101cd1022b68e93580fa39394fbcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7176
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt2b.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt2b.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bcb5c5298e2439eacc8bbbd3a20f56b1cb005614bb4af475a9510124c33aa3ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3772
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt3.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt3.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ad2ae14f9e3a0b0f5a8ce19fef6938a770fd218074ed858feaf48cb2986c4372
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9401
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt3b.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt3b.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cde1e812a0335654f8b799dc109ef9c0254c72de4e35f40c20a2bdded0be19c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4662
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt4.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt4.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e7878bbb1a0d8199e68adf0a7ffdf82a162b0a24207a696b0c5a8c3f64acc4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7513
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
txt4b.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/txt4b.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85d8b565ec1b8140a0f3dd1801e149bc09ee8fd650539cb35ae5aeb86faa29c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 18:50:21 GMT
x-content-type-options
nosniff
age
565387
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7018
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 07 Oct 2023 18:50:21 GMT
cta_img1.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/cta_img1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c7f7b6ccfbf79cae50825d1c5bb299e19e6dcf08322824815ac50a223949b7e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3710
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
cta_img2.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/cta_img2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
06d5536790e8d7944356feaf9ae77fa4796addcfeade125e8ec10bb4b7491a5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 14:00:04 GMT
x-content-type-options
nosniff
age
582804
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3821
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 07 Oct 2023 14:00:04 GMT
logo.png
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/ Frame 1E09 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/img/logo.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e8acb14506260c4c012ca16081656a17cbf162224ddf70d31e48e6cefb7fb6cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4246
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 1E09 		105 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35824
x-xss-protection
0
last-modified
Fri, 09 Oct 2015 14:01:28 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 14 Oct 2022 07:53:28 GMT
ad.js
s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/js/ Frame 1E09 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/js/ad.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8c64f55a5448751409418c195c34fdb8cab1dfa25b41eacf7e08f1dbab8c7555
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6053516823263476268/002_0_5_6MediumRectangle_300x250_BondCX-30__Allgemein_AlwaysOnQ2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 10:29:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2735
x-xss-protection
0
last-modified
Thu, 06 Oct 2022 09:06:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 13 Oct 2023 10:29:31 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame C0F9 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
210
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:49:58 GMT
expires
Sat, 14 Oct 2023 07:49:58 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
current
dclk-match.dotomi.com/match/bounce/ Frame 21EC 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEAI8uhi5t_YnVNH3mFykjuA&google_cver=1&google_push=AZmPxg8ULwVWpULzzWPX2hIp-EHyhDEo0p9TwGXD0P4Jpf27xYQ0q7tepNqsCiCUCM_8wyOgpQEr999VsBwetpfpy9I21xUCn5M
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1370 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame 21EC
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEOA7gQFJsFCovzB-AnHTDVo&google_cver=1&google_push=AZmPxg9QgK3haptRINM9QVrO8V-rRxLBlgsRfctw2tC5fbjLlqUZ7woLdRrO9O0ko5kyZunAdFDDuI0ptXSgAjbp...
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AZmPxg9QgK3haptRINM9QVrO8V-rRxLBlgsRfctw2tC5fbjLlqUZ7woLdRrO9O0ko5kyZunAdFDDuI0ptXSgAjbpHrb8hu_y4h0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AZmPxg9QgK3haptRINM9QVrO8V-rRxLBlgsRfctw2tC5fbjLlqUZ7woLdRrO9O0ko5kyZunAdFDDuI0ptXSgAjbpHrb8hu_y4h0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Fri, 14 Oct 2022 07:53:28 GMT
Server
MT3 4539 98cc2da master zrh-pixel-x5 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AZmPxg9QgK3haptRINM9QVrO8V-rRxLBlgsRfctw2tC5fbjLlqUZ7woLdRrO9O0ko5kyZunAdFDDuI0ptXSgAjbpHrb8hu_y4h0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 14 Oct 2022 07:53:27 GMT
pixel
cm.g.doubleclick.net/ Frame 21EC
Redirect Chain
  • https://d5p.de17a.com/cookies/google?google_gid=CAESENtSzOuNPpSjQm-VFSDOL-Q&google_cver=1&google_push=AZmPxg_UBPn6hlIyLXiI28QAtc1XmgGjj1WW3l1Sp-Y5Amq5V9p4-QmILyXHpng0yIhLdCEDVibhnf0urJ2jDy4NmzFBEl1UMw
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESENtSzOuNPpSjQm-VFSDOL-Q&google_cver=1&google_push=AZmPxg_UBPn6hlIyLXiI28QAtc1XmgGjj1WW3l1Sp-Y5Amq5V9p4-QmILyXHpng0yIhLdCEDVibhnf0urJ2jDy4NmzFBE...
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AZmPxg_UBPn6hlIyLXiI28QAtc1XmgGjj1WW3l1Sp-Y5Amq5V9p4-QmILyXHpng0yIhLdCEDVibhnf0urJ2jDy4NmzFBEl1UMw
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AZmPxg_UBPn6hlIyLXiI28QAtc1XmgGjj1WW3l1Sp-Y5Amq5V9p4-QmILyXHpng0yIhLdCEDVibhnf0urJ2jDy4NmzFBEl1UMw
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AZmPxg_UBPn6hlIyLXiI28QAtc1XmgGjj1WW3l1Sp-Y5Amq5V9p4-QmILyXHpng0yIhLdCEDVibhnf0urJ2jDy4NmzFBEl1UMw
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
dds
rtb.openx.net/sync/ Frame 21EC 		43 B
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEIHfHvtXQzYQ-M2TaK7la0E&google_cver=1&google_push=AZmPxg9FxcTwiV4cr-uUuQgf-K9iJuXCM5xu2aoxzYCvZgen2bW0GDpG0_vTIabUgKGP_xDVLMldMueNaMUMCZSNv8vz42I71sA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 -, , ASN (),
Reverse DNS
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
2616bljac1i49qqd3dqua2ut7uogob8u
pixel
cm.g.doubleclick.net/ Frame 21EC
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPTFH-u9DMOYJlIGRT9u6u4&google_cver=1&google_push=AZmPxg8xf4qZSFrCSleKO3PWy6RYdycy1Np_QlMm5lMWeEohkwzk9gZlqGqusvhK8Z0O9qn9UnQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDk4NzBSNFItUi00VE9O&google_push=AZmPxg8xf4qZSFrCSleKO3PWy6RYdycy1Np_QlMm5lMWeEohkwzk9gZlqGqusvhK8Z0O9qn9UnQRQ7_0m4g2ggo-0kn4I3_MOGM
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDk4NzBSNFItUi00VE9O&google_push=AZmPxg8xf4qZSFrCSleKO3PWy6RYdycy1Np_QlMm5lMWeEohkwzk9gZlqGqusvhK8Z0O9qn9UnQRQ7_0m4g2ggo-0kn4I3_MOGM
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDk4NzBSNFItUi00VE9O&google_push=AZmPxg8xf4qZSFrCSleKO3PWy6RYdycy1Np_QlMm5lMWeEohkwzk9gZlqGqusvhK8Z0O9qn9UnQRQ7_0m4g2ggo-0kn4I3_MOGM
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Expires
0
pixel
cm.g.doubleclick.net/ Frame 21EC
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_hm=Y0kVeCxO1yvDGR8-vW1VbwAABLAAAAAB&google_nid=index&google_push=AZmPxg-ktR5A3Wl3J3vveOp6EX3IzN8uPyAH8...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_hm=Y0kVeCxO1yvDGR8-vW1VbwAABLAAAAAB&google_nid=index&google_push=AZmPxg-ktR5A3Wl3J3vveOp6EX3IzN8uPyAH8GaUeePFRgFNSZABanVZ8WK3Rjf5zkSYK0d4lTuAPjXopyIG0u6n8VSELj6avwk
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cbddxT%2B0RoUXTwLAgKH5Wf0XNn0LuCfBNsI%2F77%2F0lpXKwpYur0iGYQSZ%2FHz3f%2BYr3jZEKcGUjpHDbXkEbInkgXBruMVwv6EhoYfs%2BVTu7RuddHBNSq3yCl9Su671bnwCmcPVpC7Nxt2S2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPwKf5u0aDOer0KEI3_uxjk&google_hm=Y0kVeCxO1yvDGR8-vW1VbwAABLAAAAAB&google_nid=index&google_push=AZmPxg-ktR5A3Wl3J3vveOp6EX3IzN8uPyAH8GaUeePFRgFNSZABanVZ8WK3Rjf5zkSYK0d4lTuAPjXopyIG0u6n8VSELj6avwk
cache-control
no-cache
cf-ray
759ebdd379519978-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
pixel
cm.g.doubleclick.net/ Frame 21EC
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOXOWh1DCQUmBJ54DYgZVaI&google_cver=1&google_push=AZmPxg8qY_bJwdCKXs2BGpz-dQw8kqZI12JqP0AlZJyzlO3uGjl63YtgmjL9hkj1_cN-N_UGJu08K4-9MhwZMxAvgVbNjlTcji4
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AZmPxg8qY_bJwdCKXs2BGpz-dQw8kqZI12JqP0AlZJyzlO3uGjl63YtgmjL9hkj1_cN-N_UGJu08K4-9MhwZMxAvgVbNjlTcji4...
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTE0MTkzNjAwMzUyMDUwMTY3MDg5&google_push=AZmPxg8qY_bJwdCKXs2BGpz-dQw8kqZI12JqP0AlZJyzlO3uGjl63YtgmjL9hkj1...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTE0MTkzNjAwMzUyMDUwMTY3MDg5&google_push=AZmPxg8qY_bJwdCKXs2BGpz-dQw8kqZI12JqP0AlZJyzlO3uGjl63YtgmjL9hkj1_cN-N_UGJu08K4-9MhwZMxAvgVbNjlTcji4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTE0MTkzNjAwMzUyMDUwMTY3MDg5&google_push=AZmPxg8qY_bJwdCKXs2BGpz-dQw8kqZI12JqP0AlZJyzlO3uGjl63YtgmjL9hkj1_cN-N_UGJu08K4-9MhwZMxAvgVbNjlTcji4
date
Fri, 14 Oct 2022 07:53:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
attr
cm.g.doubleclick.net/pixel/ Frame 21EC 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IDRW5M5gukUB7cvVvcv-Vxtt0vsNaFW0z9VsPEAq-pkFMb93YEZxRVrIHFC2kdBKVL3X3w
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1665734008&url=https%3A%2F%2Freurl.cc%2FXV1QXD&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665734008022&bpp=15&bdt=454&idt=104&shv=r20221012&mjsv=m202210100101&ptt=5&saldr=sa&cookie=ID%3D47ca471796d7c28c-2216bf1045ce00fa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg&gpic=UID%3D00000b72930e23aa%3AT%3D1665734007%3ART%3D1665734007%3AS%3DALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA&correlator=4743840626201&frm=23&ife=1&pv=1&ga_vid=92490124.1665734004&ga_sid=1665734008&ga_hid=1006686281&ga_fc=1&nhd=5&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=226&biw=1600&bih=1200&isw=300&ish=250&ifk=1031835242&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C21066434&oid=2&pvsid=4242739103229239&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.kvwxazewypz2&fsb=1&dtd=129
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:28 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
csi
csi.gstatic.com/ Frame 9153 		0
327 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~l9870r2l&chm=1&ctx=2&gqid=dxVJY4idJ5iw1gaI7Y3QAg&qqid=CIOExd6e3_oCFVXpmgodAtMPcQ&met.4=fb.fq~lb.kl~cmrload.oc~ol.uo~bdt.-j6~bpp.-4t~idt.-t~dtd.-2~dt.-59&met.3=733.ks~742.kr_1~748.ls~739.mg~374.og~749.oi_7~736.oq~735.pf_2~738.uo~113.xu_6~112.xt_7&met.1=1.l9870q4t~6.0~7.0~8.0~9.0~10.0~12.2~13.e4~14.e7~15.ez~16.mg~17.mg~18.mg~19.ul~20.uo~21.uo~22.m3~23.m3&met.7=CAUQCBgBKAEw_wM40AhoAnD8A3imVIAB-lGIAaqgAbABAbgBAw~CBwQBhgBIKQEKKQEMNkEODRoqARw1wR41gKAASqIASqwAQG4AQM~CB4QChgBIKUEKKUEMMEEOBxoqARwtQR4-wyAAc8KiAGxFbABAbgBAw~CBwQChgBIKUEKKUEMNcEODJoyQRw1gR4vj2AAZI7iAGTigGwAQG4AQM~CBsQBhgBIKUEKKUEMN4EODk~CCoQChgBIKUEKKUEMLAFOIsB~CCgQBRgBILgEKLgEMOMEOCxoygRw4gR4wASAAZQCiAHwBLABAbgBAw~CCgQChgBILsEKLsEMIoFOE9oygRwgwV4ppMCgAH6kAKIAaKyBbABAbgBAw~CCkQChgBII8FKI8FMNMFOERAkAVIkAVQkAVYtQVgnAVotQVwwwV40c0CgAGlywKIAYu2B7ABAbgBAw~CBwQChgBIJAFKJAFMKAFOBBokQVwngV4mRuAAe0YiAHhP7ABAbgBAw~CAkQChgBIJcFKJcFMKcFOBBomAVwpQV4_l2AAdJbiAG57gGwAQG4AQM~CCcQChgBIN8FKN8FMPAFOBFo4AVw7QV4k3mAAed2iAGKxQKwAQG4AQM~CBwQBRgBIOEFKOEFMPEFOBBo4wVw8AV4gAiAAdQFiAGWCbABAbgBAw~CB8QBRgBINMGKNMGMIMHODBQ1wZY8wZg1wZo8wZwggd4uw-AAY8NiAGIK7ABAbgBAw~CCIQARgBINUGKNUGMMgHOHNA1gZI5AZQ5AZYiQdg8gZoigdwxwd4rAKwAQG4AQM~CCcQBRgBIOcGKOcGMPgGOBFo6QZw9wZ490OAActBiAHqsgGwAQG4AQM~CCIQARgBIMwIKMwIMKoJOF1QzQhY6QhgzQho6QhwqQl4rAKwAQG4AQM~CCcQDRgBIM8IKM8IMOoIOBto0Qhw6gh4qC6AAfwriAHYObABAbgBAw~CCgQChgBIOAIKOAIMPAIOBBo4Ahw7Qh4l7sBgAHruAGIAdv3A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4001:c14::78 -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
pagead2.googlesyndication.com/bg/ Frame AC01 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
644b9d0302a6693369bc66e0b706d4908d326cacf62b00ad5e6a80a05e66caf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 19:19:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131630
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15800
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 12 Oct 2023 19:19:38 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E633 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1604
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:26:44 GMT
expires
Sat, 14 Oct 2023 07:26:44 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 04C4 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
58495f390f339b9154686d69a738f33796152444378ad5fec8217ae9eda0452f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-U9dA8Cy-yH18GUyr3XuG5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-U9dA8Cy-yH18GUyr3XuG5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:28 GMT
expires
Fri, 14 Oct 2022 07:53:28 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js
pagead2.googlesyndication.com/bg/ Frame C0F9 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:22:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1885
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16112
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 14 Oct 2023 07:22:04 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame CB30 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5eb0eBVJY9yxDvmE9u8P5PyzuA4AAAAAOAHgBAI&bg=!sbKlsvbNAAYeOJy_Pjg7ACkAdvg8WgzyXGj4X4liY2SCM9Y1XjiFOW2Aygx67AvGKvE2AsNSsKMoEgIAAAEGUgAAAAJoAQeZAxbRifYEV-yyMLIbJAvx5B6AyzHhrle7hgq7F7qfLPy-6lu-3HBXrsZqSGbvLuOoyLwMRSlgWu7MrmdcgoUV1-wt30wLXIqlHGAhx1JCH9z5p41zcfJyK6UpCjIEaCmfl0vi0hYHXipMcxyniKdr75u0Paxt4HTTM2rAhWlGcaYZv5umUFDVv4jh5m3druYbgq-X9vqRwFzV7iZrdIJ0K-Lcn2-1oe88E7AHtW93rcSh2SnBzBn7QmM865PQyi_VXXC-ZDUSvtlHSupHEYFY5lZT6WhOuNIIMD7qP7Jfy2Wda58koF4a7ntgGwXGSR3QTLMoMPa9xL5nRIL_Y1F6gDO4p7V55SGWxLYVKOtRjGGD-OP673JhDDyo1HarFowvPXRY75HujeDpQMPIA_GJw71PrrQNoikAkbyKNhDtcTwSl_tXPolOdroQ5EET16B0Kr3-uQAbDm_3r6RFBIbbqZTyTsRi9lZMQbekSLj20T0SiyreqT0BXe5MeIUzAspI72XQ7eLW8dblRVYQ4Wegk8pP-OGYC8WYc3bn0h1pjZwr9fCbqWRcX8lz819NC2DmUwxQz4_frNup0N4f9NOBaURjA07KU1khOHLX7DW3Fu29r9AHZ2uYuDCm5xuyOdC_yM8zL-Cr6V93HHkTquxy7tlVSHsmv_ywKVrsRknrY2MbMDEV5SOYOBv4oahB9RQ8dMlcwj75OSlneWhyZqTYzCcvpOB4ln0gPxm1RLRC1zXLxY6YDr-4DO0-l56Hi6qtIDipqqLuvS9SNhY4dZDMzZFPqcLhvbg2o63Hz3khgzxOUsp11_FPS731DNl-j3niO_7nmT7oXy7c3kfnDR6R5n6_dvDnGNPGbxehn3qNwXf4ftu9Dskx0kRnSKp85_pV4JMgF7crYRbAZy_XWcmIATgTH4ufPKd1kWdcEBJgInZ77YbqEsv332cTN6i1itZxB6CIHzzb-Llx-bn8npB6hAa6Mls7WOyZvvnW7zBsumub8aq4SIh-uMrGs4OnmfAxKCBiNPRyyPVWRRpHyQWXV__4hAJFw5tu
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame D7E3 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstg4muTeVPibaK_mdehsdsXjCULH3sOsalF3AN89mH6ZDeTBxEmocJwy8nx28kv0p4P4WL7vsVdblYQ9YRvonqt8PfDUOxJgG48VZ0OgqpYhdqgTvJS01tqUMXZtiE5eKJ1TIv_Y8PuwJqqenNUau9Ju4AdNNw0U8nbps1HTLJjjZ5hM3Ox2Ek9LtNJhI3VfHzEuV7_IyWp75poSNHFEAJQcEK3gGErTeSWH1CGyGQh8E1NnqfGzhm-DWpFnGzMsxpsW-8c8qCDS_XrcJg8bLnRepBan74luPM9Gu4ZrPzTS5fIjrwnnEFBi-VKqGNAxRSqFZraF_HMgM7FpSXeh_ZJjTikzxATjl3_Sj159E-JxP4FEyajS22NEqFpqfj1s0Sg6ZjA-5jHSfbzuC8tIf6R0yeWUGuF_OA7kpe4XzZQeM6rVPafmp9qDmypbZfM7dvg2CoyNk7f1BBQeBcfm9GJNLE6DrlJ25zAKmp32Ba0B37qm8Pd_FwpQCSZNG4xYFnNYIT0PGMfNTD1V6sHvz0XZyrU629jwTzbUKXkVVOSSEqZn7DXipVrbzmt0nPYIHyoNBExSXbwbIAF1ausfIsv6bHMHiO_ldxuirhj5D43q9VixzpT91VAPp-xZR285iNugfyKeKcy1bXI6wtUo8rOKoZDlK-_GfVJ4XsP9yy5T9NPgsg0LLxexBLGJW6O2n24JZ0LCn3344DMZJJ4xswTJ8T_kZ5onG56dP2jKb2cIfQ4yj0EdhT6JcDiIyx-CNFy5BDw5JhSuktNKsI6Zn6C2A8IlwGZ5zEAWKNwnyDUgO_K6ntIuPO6eoAQcAkRSnqYOm4jcXOCqKBJO7QAvFGFupjJL1ps_8V6m5eY7oyXd4qRxGq_lma79yur8Z9auKH2vLhhJyREAjKEgkW5uVwWdJupE4uF5oz51K1LcPmMKs_z9G198JyVYdxlqgsW90aELO6BU1c8sYMfXhySMRAUyQ6O9a0nS3sm1pAr1gtD-lQJl1AfpbABSDcGw4HXwx5N3e9gHhaRfx_FGTVvR_XaAIgwLr21p58txmw9k34AhVub_81KdaLcw3Qg9xvkCGqIIwx_yjvGnQWt91jiIuHsXQWwr9jRBHnqIZc-r-7FCoZnH2itc9i_3x_sx0Cp4-1T10oAH_KHhNMOPlL61m1j7JnXYNd1yky4ahLYM0k4Xumla_E157UbK2x9v2_Oaj5J6f_u0ystirkjOccbh9sVUzzfJMhIwdEX0Zsci5UbrhhQpNVGCjTYgotdPLZimZabtpMLIrSAxhRgs_aI3iinTunjh8DtYAjW4mIKZJZ-YA&sai=AMfl-YTf4OluWxkMY2z_VMbQT6Nq6mphjIuu9OjLlidxGT-POSjn82Ae9XZlp0cBhc9OgQ18p82tX-mjFrdPBYLtLM8YM1p6txPjIJtJOEAKYL6Bo7_kSQxaf7yOBwfblvfmyMVJICttE8Ak0wKl2EGHGgUO5XkPWbY0dcj37MPrGTB8SAvWFYqNbzeVsK2jLJCrYw25ZIgJiQBRaAdhgg22sRiAcU8uf5zLJNXzpatzDgccpMQDrYV97UENM1b20PRtMwKOi3dtOL4&sig=Cg0ArKJSzFJuEfAUgYlsEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=361&vt=11&dtpt=256&dett=3&cstd=103&cisv=r20221012.86335&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XV1QXD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:29 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame D7E3 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=latest&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4387cd9794e8d190916b41800f6b8d4b9db338fe7e84585d4fd2f0bc3e19fa06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5663
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 6926 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221012&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5e602a492c8617e0de33a68beb210d47c71d43ce66cf4384350897359cac0add
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11224
x-xss-protection
0
syncframe
gum.criteo.com/ Frame DABB 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:28 GMT
server
Kestrel
server-processing-duration-in-ticks
1369901
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sodar
pagead2.googlesyndication.com/pagead/ Frame 04C4 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221012&jk=2690718978347617&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
pagead2.googlesyndication.com/bg/ Frame E633 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
644b9d0302a6693369bc66e0b706d4908d326cacf62b00ad5e6a80a05e66caf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 19:19:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131631
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15800
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 12 Oct 2023 19:19:38 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 12F7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022101101&jk=2290761158502006&bg=!l5SllNDNAAYeOJy_Pjg7ACkAdvg8Wmzwekr2n1U7w6ZiJVObf4veklCe4iw39wgGRboxYI6zbfaqygIAAAFSUgAAAANoAQeZAva5DK7vFSxepzIx6bYM6scws1HNdjF55-Si26Kk0c2hWnA1geUttyHE3sAy2csOehbonPnYkLxKYICCvbJJWtN4TuNrppSJNO3MVmfer-OsAcs32-9f1p4KsyeqfEpCdgT5ys0Vd8KNzFwaJqaAjBD1RlL4qobVHFK3jQhArYS8HauZggXy-rhoHuRKlPi4LTaEhy7lTX49THF3KU89mf0w5Z_gcNuOKGXa8yXVzNogOdRaJsXuGLMz9w8bsBVBy0jv-Q9b5tBsxDuEv6GJt6KobqjTa4jrexzQ1iB_yx1OzN1Ri8y2QVXXOpgrIVDKMJhPviP2zLIxJ9yzaHt1PKJCY3m9vi0xwOY0KN6dlYdn7TX3mvShLQOk93tmOqnyBRMYfj_qsDM2UjbYrC4h4fV6DYa-3Yo7k_dE5VoDOXPx9aCOrqWgb3KOLOfsPbakwi-thR8Q2TON4rDJyRuZ2OEi4X6HZmVctuz2DB_4Cw8oKy9aN68A3MRnxvlbXlgmThy0hkjChW80rPhRYhhBIF5LkbHMvHAOgm1ZdmHEEWKDeZcJBRoe7YcIUvDv5gGWTQ7S8ECNyrHMZg2d6stZIVT23IggTIAAoUjyqaHZ7xEJ-BPedxbyV2ZCPvuOdmEeCDfwW4MH0714u7-ZpogYiV2ryUXiiOGWLDTEHJKMayGy-FGEwxwElVoZX36owgo0l2gtqidaRxH-8q3zwCjU8GQRvq4vgS3vweME7x6bItdJHsf9KwWKP-IQvO5YeHGvPEd8m3TP3TDe35Ckxz1O_5vrdnn-q4F5jQsFAPvCyxWe6Iu7228lWYaxL3_ChMFK84WxE1JwkRs4bZgjYQCgbxq24LZe2Ug3h4VEVZ3Hiep6t8Ew6wGCQhjuWibK0hyoJH2uj7acQO22M0Yx-y90G8G9ZNbcsqJbh0Szcs_xxWDjbI8fokkfbwtKh8BhkTkpTp4HxRO1UubCmS-EWl9-cfgpHuPBaJqvcU_JSq6_Rn4N2G9Fm7QuIQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D7E3 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 14 Oct 2022 07:53:29 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 6926 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 14 Oct 2022 07:53:29 GMT
sid
mug.criteo.com/ Frame DABB
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=FtAMU3x6dVZ0UUVGbUgreGYyYVV6K2UvVGVITlVRUjdqSXZHT0I5Y1dFa3hUNml4TmNpcUFTVndEdEoxcEVwbXpRSEFuSmorUkVkUk1DSHpINnRPNU5DWHIzWjRkU1FiMDRqbXRSelZNbFo0cDdsY3Y4N1dLUFQxOFNjOH...
430 B
654 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=FtAMU3x6dVZ0UUVGbUgreGYyYVV6K2UvVGVITlVRUjdqSXZHT0I5Y1dFa3hUNml4TmNpcUFTVndEdEoxcEVwbXpRSEFuSmorUkVkUk1DSHpINnRPNU5DWHIzWjRkU1FiMDRqbXRSelZNbFo0cDdsY3Y4N1dLUFQxOFNjOHI0RDcrUUErRWNlVWwvcUpydUtjMzNWSUlEb3dYZXVUbG5KbXNXMlZkMVRCU2tUOXl2RVFvYXY0RzM1dERnZTZMdDhwcFpQNFd5enRhNjNRM2twd3d1cTVDWjI2QUN2Y0E3OTAxbmtVL1YxbldjbW9qRU5acExoeE5MRm1RRm5uajVhN1lXbmZ5ZFhDZ1Rxb0lHM3gxdUVCNnJ0YWdzQT09fA&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
ff67195daf1d4c0d8944b5288770138a959d58e91d0ae3f53d98af02a0ab4c1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1939252
expires
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=FtAMU3x6dVZ0UUVGbUgreGYyYVV6K2UvVGVITlVRUjdqSXZHT0I5Y1dFa3hUNml4TmNpcUFTVndEdEoxcEVwbXpRSEFuSmorUkVkUk1DSHpINnRPNU5DWHIzWjRkU1FiMDRqbXRSelZNbFo0cDdsY3Y4N1dLUFQxOFNjOHI0RDcrUUErRWNlVWwvcUpydUtjMzNWSUlEb3dYZXVUbG5KbXNXMlZkMVRCU2tUOXl2RVFvYXY0RzM1dERnZTZMdDhwcFpQNFd5enRhNjNRM2twd3d1cTVDWjI2QUN2Y0E3OTAxbmtVL1YxbldjbW9qRU5acExoeE5MRm1RRm5uajVhN1lXbmZ5ZFhDZ1Rxb0lHM3gxdUVCNnJ0YWdzQT09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
652160
content-length
0
expires
0
ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
pagead2.googlesyndication.com/bg/ Frame 720E 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
644b9d0302a6693369bc66e0b706d4908d326cacf62b00ad5e6a80a05e66caf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 19:19:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131631
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15800
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 12 Oct 2023 19:19:38 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B311 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1605
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:26:44 GMT
expires
Sat, 14 Oct 2023 07:26:44 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame A503 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0092c3df5e7db0ed4ff46a8dc6cb123ed8d8580e63c289cef5ebb871f7a0bed6
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-_qsGHw75Za1LIG4OHc0T-A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-_qsGHw75Za1LIG4OHc0T-A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:29 GMT
expires
Fri, 14 Oct 2022 07:53:29 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
syncframe
gum.criteo.com/ Frame 00FD 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:29 GMT
server
Kestrel
server-processing-duration-in-ticks
2589910
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
syncframe
gum.criteo.com/ Frame FAFA 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:28 GMT
server
Kestrel
server-processing-duration-in-ticks
1372693
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
syncframe
gum.criteo.com/ Frame B799 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Oct 2022 07:53:29 GMT
server
Kestrel
server-processing-duration-in-ticks
1294076
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/ Frame FAFA
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=MtFzNV93RHp1SEZwVlo1a1U1ZFY1dmdSb3R4QVklMkYyMUJxVFZBZFNqU0ltQ0ZzT0dkVXh3YlQ3SjBWam...
  • https://mug.criteo.com/sid?cpp=BqUwk3xYeVlFZ1B5eG5LT1BoQkJnOHFJL0JBZGxZY3REMjNUb2d4YzZUQU1oV3NIaGRDTjBWY0dKalhETFZDNUNGYXlhU3djVkVxc3N5dlMwcm9Va2ZGeURVTzZpZ2k5c0EvUG9ocmRWbDFRRTRla1JLTStnSGRLOFo5UU...
441 B
652 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=BqUwk3xYeVlFZ1B5eG5LT1BoQkJnOHFJL0JBZGxZY3REMjNUb2d4YzZUQU1oV3NIaGRDTjBWY0dKalhETFZDNUNGYXlhU3djVkVxc3N5dlMwcm9Va2ZGeURVTzZpZ2k5c0EvUG9ocmRWbDFRRTRla1JLTStnSGRLOFo5UUpjWW5CS3BxSUxzbGtCVkUrbEd4WmhjUlpXUXhGMTZiTytZMWMxTUJxd0EweEtyLzFtbXNuY1BwUzh5R2JrTDdSUlM4TDBCWmJiNG5YQ0lpYkFjWWhpakpFRUZUSjBKTEFJR21DY29sWWkyNCswR3dHdTVJSGoydVhPTmErRk45QjRMMTZvRHo1b0kwdlhQQWsxeXFpQkltdmpZd2ZLZz09fA&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
980a410d1a0d96f71d9b8320771ae1f4d485f67d7bc9cf80117edd869e256051
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1378476
expires
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=BqUwk3xYeVlFZ1B5eG5LT1BoQkJnOHFJL0JBZGxZY3REMjNUb2d4YzZUQU1oV3NIaGRDTjBWY0dKalhETFZDNUNGYXlhU3djVkVxc3N5dlMwcm9Va2ZGeURVTzZpZ2k5c0EvUG9ocmRWbDFRRTRla1JLTStnSGRLOFo5UUpjWW5CS3BxSUxzbGtCVkUrbEd4WmhjUlpXUXhGMTZiTytZMWMxTUJxd0EweEtyLzFtbXNuY1BwUzh5R2JrTDdSUlM4TDBCWmJiNG5YQ0lpYkFjWWhpakpFRUZUSjBKTEFJR21DY29sWWkyNCswR3dHdTVJSGoydVhPTmErRk45QjRMMTZvRHo1b0kwdlhQQWsxeXFpQkltdmpZd2ZLZz09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
672133
content-length
0
expires
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 9153 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv1-MCK1zXhyBf-pHC21Jq1gZpOwOJWnekRMtSdWKYdm3rL7utyO-qcNoJKwG0wdUD_lcjs3nsY3NvOd9ADBOXvcGOoB4WVdJDClU-M87G4nrdZZARDcz6mnPRRkSatVQaWGpPEOA&sai=AMfl-YR463cCVUxVVbNo_ERWZl_-xtG0SwJH9IF_rd7pfhZCnCMiMU92QVa8AUi8NgO6w-Tgd4xFzBvt-WjSxWrOUfk9UYIYV9wR218a4g&sig=Cg0ArKJSzCfNC9FgRAIHEAE&cid=CAQSKQDq26N9qlzZNC7I1Wml48N5uKRKKY-8oS7eWHFpIjXvwZseEmFHjrp-GAEgDg&id=lidar2&mcvt=1052&p=0,0,250,300&mtos=1052,1052,1052,1052,1052&tos=1052,0,0,0,0&v=20221012&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=727071374&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1665734007629&rpt=882&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sid
mug.criteo.com/ Frame 00FD
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=MtFzNV93RHp1SEZwVlo1a1U1ZFY1dmdSb3R4QVklMkYyMUJxVFZBZFNqU0ltQ0ZzT0dkVXh3YlQ3SjBWam...
  • https://mug.criteo.com/sid?cpp=8IGydXxtMW14M0ZaNGUwQWpyck9zRVcvVm9BbWNqZER1MFgwYW1pUjZkWllGV2pRWW5RRnFwVUEvUWZjRjlaQ0JGM21OMUNLMklYUmFmMlpFK0phcVFydnRRbFlFWGNJbGxWWU5iNUFTSUhYei8xbDR4UEE1NG1yT2lXan...
433 B
655 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=8IGydXxtMW14M0ZaNGUwQWpyck9zRVcvVm9BbWNqZER1MFgwYW1pUjZkWllGV2pRWW5RRnFwVUEvUWZjRjlaQ0JGM21OMUNLMklYUmFmMlpFK0phcVFydnRRbFlFWGNJbGxWWU5iNUFTSUhYei8xbDR4UEE1NG1yT2lXanJXQ0tQL0FsRndUdWlGeE9HcWVVL1VtelZrNFZuUHBpbzJ0blFHNXdIVU0zWXpERVg5UWliNFRJY0dtVGRqaFBvdk00WHdTUXFBcmtEa1BHLzZBeXNEaFJWc3IvMDdFR3llR29Ld2VUTUlTemF5Y1h6bDRIUlR5clNiUXQxSHA5czlteFFwRHBGVFBudDZpdXB6SGNSdHpwY0ZNTWdMQT09fA&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
9c73febbb757e827a60d255da8c28042f3748af2097cbbe13134897d327c4afe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2164913
expires
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=8IGydXxtMW14M0ZaNGUwQWpyck9zRVcvVm9BbWNqZER1MFgwYW1pUjZkWllGV2pRWW5RRnFwVUEvUWZjRjlaQ0JGM21OMUNLMklYUmFmMlpFK0phcVFydnRRbFlFWGNJbGxWWU5iNUFTSUhYei8xbDR4UEE1NG1yT2lXanJXQ0tQL0FsRndUdWlGeE9HcWVVL1VtelZrNFZuUHBpbzJ0blFHNXdIVU0zWXpERVg5UWliNFRJY0dtVGRqaFBvdk00WHdTUXFBcmtEa1BHLzZBeXNEaFJWc3IvMDdFR3llR29Ld2VUTUlTemF5Y1h6bDRIUlR5clNiUXQxSHA5czlteFFwRHBGVFBudDZpdXB6SGNSdHpwY0ZNTWdMQT09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
766249
content-length
0
expires
0
sid
mug.criteo.com/ Frame B799
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=MtFzNV93RHp1SEZwVlo1a1U1ZFY1dmdSb3R4QVklMkYyMUJxVFZBZFNqU0ltQ0ZzT0dkVXh3YlQ3SjBWam...
  • https://mug.criteo.com/sid?cpp=ihYUlXxhcWwxdWx0cFVmLytYL2V0Q2FaT1FBWWFEZk5Qa3RhSzltc2dkM1NQZktmTDJad0E1VmxZVktFTzBnWjRTbmFwdGNoK2dncHZuRkRuK3JpaXNPd2hBa3RVN3g0NjMvREtLMjA4LzExN3E0Z1NyYTFKTElLOXRtUz...
417 B
645 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=ihYUlXxhcWwxdWx0cFVmLytYL2V0Q2FaT1FBWWFEZk5Qa3RhSzltc2dkM1NQZktmTDJad0E1VmxZVktFTzBnWjRTbmFwdGNoK2dncHZuRkRuK3JpaXNPd2hBa3RVN3g0NjMvREtLMjA4LzExN3E0Z1NyYTFKTElLOXRtUzZXeEZVckRrWTVlcHozSllQa1VRSW1zSGQ2ZkRjSTNEZ1VRT0piVDZFamdtWWZYUlpKbGR0QUc2Wm0rdCtvQ3FMbEZFOURBck1EVlF3L3N4Ynd1ZU5WRnVjanRLNlUvWE95SGE2emVyMUVtZG9FOVN4ZmNNNDB1TFc0cEpYemlVN2pZNUhDbFNneFlDMmE3VVoyNU4yS0UwRzBTOHdqdz09fA&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
49ee074cfdaeb727f84b961fd6351dbc4878695e504bed457fa21c13a4ce3af6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2075413
expires
0

Redirect headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:28 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=ihYUlXxhcWwxdWx0cFVmLytYL2V0Q2FaT1FBWWFEZk5Qa3RhSzltc2dkM1NQZktmTDJad0E1VmxZVktFTzBnWjRTbmFwdGNoK2dncHZuRkRuK3JpaXNPd2hBa3RVN3g0NjMvREtLMjA4LzExN3E0Z1NyYTFKTElLOXRtUzZXeEZVckRrWTVlcHozSllQa1VRSW1zSGQ2ZkRjSTNEZ1VRT0piVDZFamdtWWZYUlpKbGR0QUc2Wm0rdCtvQ3FMbEZFOURBck1EVlF3L3N4Ynd1ZU5WRnVjanRLNlUvWE95SGE2emVyMUVtZG9FOVN4ZmNNNDB1TFc0cEpYemlVN2pZNUhDbFNneFlDMmE3VVoyNU4yS0UwRzBTOHdqdz09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
541459
content-length
0
expires
0
generate_204
tpc.googlesyndication.com/ Frame E633 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?R8piaw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:29 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ Frame A503 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221012&jk=4242739103229239&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
pagead2.googlesyndication.com/bg/ Frame B311 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
644b9d0302a6693369bc66e0b706d4908d326cacf62b00ad5e6a80a05e66caf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 19:19:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131631
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15800
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 12 Oct 2023 19:19:38 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C0F9 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPtF6eBVJY43pJL269u8PjvOQkAgAAAAAOAHgBAI&bg=!bW6lbirNAAYeOJy_Pjg7ACkAdvg8WorY5bTTi-EElR9hFmIgDtm-YltmNkV2uOxYXTkNu2Yu6xo_IwIAAAFaUgAAAANoAQeZAx2bpmYhPc6Gfo6yD36l8V4qL7EmHuHBpIm6XQz0xFDdFxeU3tc4zlX9k9aCT63YmEIDg0jbFO6HXXL-OjUv07xePIc_sXYM41rWrAFOa1aW6f9-yIqxucXNw_tLj2H46mHsG179GdiTpF2Ncfyaeh5-FOiVziJ703jJ8DEhqEgWhueVx_IWjyeKv05ewJp98X5CtScRpkazlEsAE8Nd0YBtQEXhqyz4I6FdJfNnkHBVYSwtle94HYiCY2Mdj99VP_4azr5BYy1BpOypH2pcZU1RrkrWr7P_uml-tbsZoyUh871XjFwdsxa18R6wecCCiT0t_RQ_0AJPFHHAvjZ9BRUOQWsLsWAIXUOPGKV9dq7MTVBL6ZG5DTyH5maU_9Zb9zUX0A8mx1OYLpRUxoqO4Rb9mo77jRs_W8a8Lo3bAirJcYDaX8s4or9EnPu4Pwl5eOKcXYDnk6KDRTG33kWlPWaPRUelEWMHIc-fRuVXv4d59t8QLX5FxBRXcyfVXUnsaJQcEJDK2ksHZlKFDmj7zgVx474Xvdnd4zqxW_B8PU1d_6K9U-TpRisVhuJdwxKf2NO2THARNBZtAqBnSrH04YxBM3iszewFJv8Rt3hFERD3wEadVmEMhs0kSp-RmPUNgJqrieH_MnmoS0LCy6_nc0eu-6YiEb5hCyVHtHs6G40NI7--0lNp-5uyJeuocMzdHt1dJdxBCj1UlzqrNtdlvIL-J-AVgpvN1mHRP9IoZ6YAk0AJgIBnD20VabOinAYjr2z-_zmpVXPEDvOx31q_d06Y-93lJH103DcdmDiVZGHp7Y0spTavDkFOgEkuyrSS3y_67KQ5V-OQcDLrPLYfPlfsxXQyeOcu8WsTqihrPTFNWA2KuWpg8rUrcH7N_zwcW_q4E6HbeKRjBKXVQCxDP9y923BfO3XWa6CCBgXdnhYhmgMe8W2L02eWTQSK-h8aQoA5q8acKew5q7HmAMwRyZnbVuMlTsq1KWuIYMaIHViYtAroViuI1OegK4xX8K09yaqQQxhKCisiXxh1SBafMUpRngXmiZaVOZMouiKKIQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame D7E3 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstoWUgBMK0cnk_rqnGs5qOpzw9zSKgIlqoV58lehy47COcv0ZZWqiJ08il-wcBJhWNN84nE2EZHQl_sreEsuVKo5EVqlze80PseLIHgEjL1WYKWC-y9cJ8wXmBbJFe_xesdbddgmg&sai=AMfl-YTjYOsp0fBLeN4NJB5rFVI7tJ-4UMWpU_GjXke2kiOifTjbd2L6ilLRzwZ3TPUgqj6NYVaTssds9tMwI8smzFPVMnXr41zpgrgeIVAck0k6U-jBnBif6yM5QoJUAg&sig=Cg0ArKJSzJbrMItaaT3nEAE&cid=CAQSOwDq26N90Jfy8O7El6tgODOX8-QnB1sIXWMyLTrlm3uNM_gr5KgFYG8F56jJNRDJ8vgLpq-oTCZOxQFKGAEgDg&id=lidar2&mcvt=1006&p=0,0,250,300&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20221012&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3645501049&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1665734008153&rpt=624&met=ce&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Oct 2022 07:53:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame B311 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?9v7TZA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 07:53:29 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ Frame 6E08 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221012&jk=2690718978347617&bg=!k5ClkNTNAAYeOJy_Pjg7ACkAdvg8WhYhliGwiHCOsaCI33Z1fhT1ggMGfbDoyHwZOVfVM_s6_KDhJQIAAAFeUgAAAAJoAQcKAC1gsQBnqFrOQtcxL5XuKqarbTd_WSFQ3c5NDRs8Bc_uPLkqwCsyeYEGVhtsZ4KZAu9MNsQdyfcvkAVcruqUz2c_enIuFNgNGaKol6yc_Ptkl-Yc3uubuGt821ZDLcvzYvtZ4e9MTKUsaUdOGCu2RmpK9HPGrapV9lKaxpRg4Tllg19oWU32odWR6lRQFBznJcJCnlwe3AYQh6zpql1mzSkZ3ZAxam1S7QsV3BKtP360OEfv8whJuKHxL00SgF9Ee7d35lnqKJ8JRSXlm20TLo10U6vUhXQB0d404o7IRrY8OdmOJ_onFmArFMwsXAwI-WqY6HCgRiGfGc_XpS06a8zllrSlvoRLSpGecL2siNL95I1vv35nD7aRaTGkCOEgkQ3Z4wZmjknVCQVlepdPy_wqVpuwfbh8c2KJb7q6Uo8fYS5E_yh5rt7K47RpduEtxO8IPK3QReVRcqAEbrd8038b1buULgDmik_c9dQ97yIIsfETY_B6m7x6MIJ_cGUvumuFenHyMd9CZoN6jgNIRZHUX4vloP7ZSbBODOycY3zckrmIFJ6XfrDR87J3uovrc-jAgMjSlLdcxOiPAgcLI44KpHiGj59cfgF9GQhKJPCUkkn6C9nWlSt5zU6CQSuoypmsQ_wrTpumAm6osgpYSagSQSzkcbyTrpPck6v5w-tgDAxAD8674pUDWKgVd5Esg7nL2fZSzA6yRqW4hVH9MDG-6xWen7CG6hfWQiCC1NO23lXom5pp55xckGIOWlj70xfhLPzyRjUxxGUe6hzHVzGOhjqJ0YNufOFSCKZWZnJAqTgX9mMtUC5VvuCawHNgI9zvJlttcNNZSOmAgxxTcBGcmyBJhvCb3LOhQceZ9orAmAXrandxi6Bqd1-HCAv1rJsQlL2aNJjthKoRRDUwtyKUundhXL_xsPTeLu3HI1LN7U54gO9oUrO_mu9gCHh_qE6TmwzogIUd9pDxnw99Reux0jhUpoqdoPiEz5-1rIYDN5B8As9KzyNbK-2k7SB1ImpBEw9OHIKrO6b7Lphmr_NRvgSzbIcxVP21BUaDLE84
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame 6926 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221012&jk=4242739103229239&bg=!xMelx4PNAAYeOJy_Pjg7ACkAdvg8WomjaHQHzQzV9E4QEARcVoN23yANoGgPVmN596bVVp39kDqCMQIAAAB8UgAAAAJoAQeZAu9jpY0k1PcxrtSeRRd-xRIzY1TVVTrT0QJuSSMd0EmLAndo3dF3Qi8FhrJR8Aa6i7JCjzIob9eA8R_siv49sPVncW_DLKKjmGzvZcy5pFnpSzMx0jHC6-aYXWSCqgyhdJ8mtilpLS3RFRFGJdT-esAx0CzV7FRTGcK8d7lh9EP2YajQOymrTeNGTjdWpJFS7MLRiXf3XGmSPzSMY7sWW4ePcIR0_ldPYAjYP4zzQsFgBXayQ3E4TmDipbE1RvM5ikSQdKeFnpntUAGJmKC2A_MtkCD0yeambjEmWDEXaKU_AEt2xxFxX2H-arO6goai15bVNd_1S-3kry9sSOAh8gzLTpB7f7LjYLglGvlIfPj1B_4tKak6tWvNsssCw_41AUuEOt0jsfuNfMEnVZwCaKsd9VaLK0a8YyaRXx_RYsyuNpbKpHtx1PEoRkhwJJidLRIy6f25IBbc5-REVs5FoShPFfseKTbF-delUC-y1gI50_UQYaF2icro8QzSnxSev5Pjy1g14yakyNvzSTEQrBiYYN6KvXlOoL4H6zjQjf39JKHWJbfbdAlKzbQXUWGZlkuj2I_J9MTyXDD5BIrHIE1bpuyp1Pc2k7lbyDVDWdWo48XtM_t3CZc4YdFNafHUAt5-LubgHkea2EguG-XHKpX7XsxjZE8Vyoma2Z7NEXX2FTw097gbWkC53woictIkrpI4vfDpduPZNp_bf60VGGVl62n0mou6QOim18L_UZdKS-R8mvosF2vlAZdbw2MGKpN4qQrX9jFdh9--GpAix--RcdJZNa0v2dcWSVyLo5w53tLOdHqaCD8m23i1vnTO13F3QhyUd0UFF6IiILbkQAaC1TsMDaGtWO2zWj198wV7Z0eL4PXHf7I_ONQEcmSuFxcTYsGI1f8Ii8GSkMgZ6oXD06KAbp04Hvr0sfScDjmyJCFtwiEkKHOs0wwKmBMshy0fzeUD0_83u4TjGDFVKeNE-6ALd6qlIiWvgHoOVnTY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://reurl.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.facebook.com
URL
https://www.facebook.com/platform/plugin/tab/renderer/?key=timeline&config_json=%7B%22app_id%22%3A%22776730922422337%22%2C%22href%22%3A%22https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F%22%2C%22width%22%3A340%2C%22height%22%3A500%2C%22has_cta%22%3Atrue%2C%22has_small_header%22%3Afalse%2C%22has_adapt_container_width%22%3Atrue%2C%22has_cover%22%3Atrue%2C%22has_posts%22%3Afalse%2C%22tabs%22%3A%22timeline%22%2C%22can_personalize%22%3Afalse%2C%22is_xfbml%22%3Afalse%2C%22referer_uri%22%3A%22https%3A%2F%2Freurl.cc%2F%22%7D&fb_dtsg_ag&__user=0&__a=1&__dyn=7xeUmxa13xu1syUbAihwRwqo98nwgU5Gex-ewSwMwNw8OdwJwvE3vx61cw9y0Ko2_CwjE3awbG782Cwooa85ufw5ZKdwnU14E9kbxS0oG3S0H8-7E2swdq1iwmE2ewnE2Lx-0iS1AyES0gq0Lo4K2e1FwbO&__csr=&__req=2&__hs=19279.BP%3Aplugin_default_pkg.2.0.0.0.0&dpr=1&__ccg=EXCELLENT&__rev=1006390549&__s=%3A%3Ajq6wge&__hsi=7154273066839122366&__comet_req=0&__sp=1
Domain
www.facebook.com
URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FCreditCards.com.tw%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| fbq function| _fbq string| partnerId function| hiball object| __hitagCmdQueue function| Vue object| renews function| getRenewsFeeds object| app string| labelToken string| category string| GoogleAnalyticsObject function| ga object| SD object| device function| sitemajiDebugger string| adUnitType number| edmpvct number| edmpcct function| c_tag_mk number| cftkn function| chktkn object| Scupioads function| hasOwnProperty object| scupiosdk object| ElandTracker function| stfpjs function| cookie_mapping object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| criteo_syncframe_state object| hitag object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| googletag

45 Cookies

Domain/Path Name / Value
.reurl.cc/ Name: _fbp
Value: fb.1.1665734003938.88087514
.reurl.cc/ Name: _ga
Value: GA1.2.92490124.1665734004
.reurl.cc/ Name: _gid
Value: GA1.2.663937525.1665734004
.reurl.cc/ Name: _gat
Value: 1
reurl.cc/ Name: CFFPCKUUID
Value: 8485-ryDA9kBYgHPXtPMd7qSHQrkBqNENLJLs
.reurl.cc/ Name: CFFPCKUUIDMAIN
Value: 7598-DvMmcuD17bQX84Op0GV12n1U8ULzBptJ
.prnasia.com/ Name: __cf_bm
Value: BKFnsDBm.168F4VD.46S1yUeQw93rX7DVoLe5gIfQok-1665734004-0-ATyMnGD8p6HRvdgWebLXdaOuxBOz82YiZZ6UxfNCHLaqcO2NBWBNgbvyjJ1D4IvIHMZAt4DlzwwCw4s1dXi/2As=
.holmesmind.com/ Name: P
Value: 200553-ji7HSnAJttlTzI6Lw4DVThtnqcE39O3t
.holmesmind.com/ Name: Vision
Value: 20221014-23:59,20221014-18,20221014-18,20221014-23:59
.holmesmind.com/ Name: C
Value: null
.holmesmind.com/ Name: RK
Value: null
.hinet.net/ Name: uuid
Value: fcd575b0-c945-45b0-95a7-1f9a1be8c6e8
.reurl.cc/ Name: _ht_hi
Value: 1
.reurl.cc/ Name: _ht_em
Value: 1
.reurl.cc/ Name: __htid
Value: fcd575b0-c945-45b0-95a7-1f9a1be8c6e8
.reurl.cc/ Name: _ht_a546ca
Value: 1
.reurl.cc/ Name: _ht_50ef57
Value: 1
.c.appier.net/ Name: _auid
Value: ieufHyQpDo6DV3i4dRVJYw
.holmesmind.com/ Name: fcm
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUln0F9ewcPKigMMCEZhdlbc5oNtSo59iJkCbvPdO3VvtTkUQgFoa7OVBfxiQcM
.criteo.com/ Name: uid
Value: 0649a069-c588-4551-b43f-35187950f026
.scupio.com/ Name: fxc
Value: 1
.scupio.com/ Name: gx
Value: H4sIAPaFSWMA%2fxNmYGDg4ubY8mT1lWcfplkLsAqxcNgLMAEAG9lqYRcAAAA%3d
.holmesmind.com/ Name: R
Value: null
.holmesmind.com/ Name: G
Value: we3u7ZGJymKY5J47cKd8kQ==
.holmesmind.com/ Name: d
Value: /jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
.aralego.com/ Name: gdpr
Value: 1
.aralego.com/ Name: sspid
Value: 83c4f763-1455-3f36-a6b7-7df784d96f78
.scupio.com/ Name: gxc
Value: 1
.scupio.com/ Name: OrgKeyValue
Value: CIA20221014155326377027
.aralego.com/ Name: euconsent-v2
Value:
.reurl.cc/ Name: __gads
Value: ID=47ca471796d7c28c-2216bf1045ce00fa:T=1665734007:RT=1665734007:S=ALNI_MYw4sAP9ZyDHeglysDVpHsy7p9UUg
.reurl.cc/ Name: __gpi
Value: UID=00000b72930e23aa:T=1665734007:RT=1665734007:S=ALNI_MbEDvJ1SruekrW9w5hnVlQKcJBjaA
.casalemedia.com/ Name: CMID
Value: Y0kVeCxO1yvDGR8.vW1VbwAA
.casalemedia.com/ Name: CMPS
Value: 1200
.casalemedia.com/ Name: CMPRO
Value: 1200
.adnxs.com/ Name: uuid2
Value: 2317673592025361179
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2In2qE:+X!]tbPl1M>e)ZlrFUfJ+tGXxomD[N2aZLcbOScZuLFylDA:uu*R[8.Lt=7pK$3If)y3KL9D3I?+mBWigN
.bidswitch.net/ Name: tuuid
Value: 3de31375-26b5-4c85-8ae9-50a0a1cc35c3
.bidswitch.net/ Name: c
Value: 1665734008
.bidswitch.net/ Name: tuuid_lu
Value: 1665734008
.turn.com/ Name: uid
Value: 2528664552620895622
.casalemedia.com/ Name: CMTS
Value: 5173
.lijit.com/ Name: ljt_reader
Value: Fen5tGZHCnJQ-cJTTku1G-vg
.yahoo.com/ Name: A3
Value: d=AQABBHgVSWMCEN7FWeGF5rMal20He8cHfhAFEgEBAQFmSmNSYwAAAAAA_eMAAA&S=AQAAAt-QUuE4tR8_RDewFhRfHLE

1 Console Messages

Source Level URL
Text
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1a2e2cd544940899bd7f4b34a5538995.safeframe.googlesyndication.com
55835511-1955-4308-bc3a-ce1d9b0dfa99.t.ssp.hinet.net
56e67421b456b8d3b999a2ace679ba12.safeframe.googlesyndication.com
ad.holmesmind.com
ad.sitemaji.com
ad.turn.com
ad2.apx.appier.net
adcdn.holmesmind.com
ads.aralego.com
ads.yap.yahoo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
ap.lijit.com
bidder.criteo.com
blog.alphaloan.co
bw.scupio.com
c.holmesmind.com
cdn.aralego.net
cdn.holmesmind.com
cdn.jsdelivr.net
cm.g.doubleclick.net
connect.facebook.net
creditcards.com.tw
csi.gstatic.com
d5p.de17a.com
dclk-match.dotomi.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fcd575b0-c945-45b0-95a7-1f9a1be8c6e8.t.ssp.hinet.net
fcm.holmesmind.com
fp.holmesmind.com
geo.yahoo.com
gocm.c.appier.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb.aralego.com
i0.wp.com
ib.adnxs.com
img.gbyhn.com.tw
img.racingcharger.tw
img.scupio.com
m.holmesmind.com
mma.prnasia.com
mug.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-apac.rubiconproject.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-asia.creativecdn.com
prebid.scupio.com
r.turn.com
rec.scupio.com
reurl.cc
rtb.openx.net
s.ad.smaato.net
s.yimg.com
s0.2mdn.net
scontent.xx.fbcdn.net
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.criteo.net
static.wixstatic.com
static.xx.fbcdn.net
stats.g.doubleclick.net
storage.re-news.tw
sync.aralego.com
sync.mathtag.com
sync.teads.tv
t.ssp.hinet.net
token.rubiconproject.com
tpc.googlesyndication.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.rayskyinvest.com
x.bidswitch.net
www.facebook.com
103.132.192.30
104.18.19.126
104.75.89.75
13.248.245.213
142.250.184.226
162.210.196.208
172.105.199.172
172.217.23.98
178.250.0.157
178.250.2.131
18.64.119.38
185.29.132.245
185.80.39.216
185.89.211.132
192.0.77.2
192.0.78.135
192.0.78.187
192.96.200.41
2001:678:cb4:bbbb::11
203.75.214.136
210.59.219.175
210.59.219.180
210.59.219.181
213.155.156.184
216.52.2.48
23.203.77.3
2600:9000:2250:600:0:e06c:e940:93a1
2600:9000:2250:9200:3:1794:2540:93a1
2600:9000:225f:9600:1b:5138:8a40:93a1
2606:4700:20::681a:567
2606:4700::6810:5614
2606:4700::6810:fd04
2607:f8b0:4001:c14::78
2a00:1288:110:c204::b000
2a00:1288:80:807::2
2a00:1450:4001:801::2002
2a00:1450:4001:802::2004
2a00:1450:4001:803::2001
2a00:1450:4001:806::2001
2a00:1450:4001:808::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::200a
2a00:1450:4001:829::2002
2a00:1450:4001:829::2006
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:831::2002
2a00:1450:400c:c00::9c
2a02:2638::1c
2a02:2638::3
2a02:fa8:8806:12::1370
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d018:d29:3602:870a:9263:699a:3d34
2a06:98c1:3120::3
3.120.86.7
34.102.176.152
34.117.219.39
34.95.67.231
34.96.119.68
35.185.130.121
35.186.215.140
35.186.253.211
35.201.76.93
35.227.249.156
35.242.224.42
35.244.159.8
35.244.196.223
52.198.19.32
69.173.144.138
69.173.158.64
87.248.100.136
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
00629ef727c6c2f00185d9f431d757ffe961a78ec9296f04bde3245b0e56ecf0
0092c3df5e7db0ed4ff46a8dc6cb123ed8d8580e63c289cef5ebb871f7a0bed6
00e0bba408af5ef83bd996bcc9a7d1c42949e4eb88ffe30a4d28ad35e1bdfb36
02d63bd1339edd6bc06d1be33745c7d17a81608ff8ccb255edff068a597a4940
05d7b718b14633236a482ade1982ae74c25d2cfe73a43ca3e39840f6f093d71d
061e0c60e22a477d429212ddd5c9bc8fd037fe827cb74f195aff7a2366c24083
064b872dc62ac586dbb1c7c9c9d01b292df105e4d2f6ae624808f15eb300a140
06d5536790e8d7944356feaf9ae77fa4796addcfeade125e8ec10bb4b7491a5d
07ecc9f01b3d246e010f07853a87ab421327ef92c83b2e5c20d7861e8cf33159
0a5767e70bbd4245fad85adca3304b2eb994f960fbe148f0937a4ec399da371a
0adb253f1936a498f71414d7807eb2feb8fc7269a8eda6146ef73627aa0ea898
0b7c985fafda17e8085fb6ba1cc58444ae9aad39a3f721a627db9e64d4491cea
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f1a89ef64a5d0ffe85da9182cf068683678f5a37aebf6fad9a638ec73a98d50
119e37f6f9552a67b6f761070add78e7f93db654027478a7c51e9e34f955b841
1219005b1ac715570be263a42b98d63280456e8fc7fcdfdf704536cfe5f9e9b2
1219d714e27f186eb7bbf428f0553a2a5a32fd30e6321b10af81582c66fa173d
121b1db396e1968e2afa0825406cd0a6dbc9f6d8d3ddebf641db339ecbea2e50
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13d69b634ceeee6647713a2568ba53d7f956abaf734f3cfad0ad1e35d1e988c5
16089cad50034af52ebca1e2e7c310f76b4b6f625b89ad07d5b59ff377f332b0
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
16ec50bac671d303d46d078347192e3defdfebd1488991288f6182f4b6fe1488
18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee
1ad7a6394b7bc680678bf882eebb50aa69136cc540033d8c448a720b9cf985f5
1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced
1d6490f44a2180305b547c102812f520f01fb334f167db4091c1816b66166b9e
204b096d37249d9125a8b3450e44a31773cb148dba50c88d1fd26a0b914216ce
207fdae40b03d63a5811c3c2b3920c828fe69444bef61b0b7696f48ec5b66994
211d6dc20d58202a8270f43f611dcbb34b14f7dd96cd8f2a8cdb6b85c28cf3e1
22954b60623e7315aace575dd5bb9a98e6d1ad882eaf3712f587bbfe79197353
22d4fe7a41e1b5ac442faeccace387a6e59c4f056bc35b71f1b65cf42e7a6721
239a83f36e0eb1c181c4ec174b9a05ce02b44afc5685aa3dc828aa581ea3d7a0
23b56d8e72e99dcdb222d8a27949b10a2c4c9cefdfd6eed21373f10b62599183
27ddc909a924fa13e1c92c061f1efc24eb5851a8679a49b6d1cbf5b52a30bb1b
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
28bf646c6e799ca96adb3a5b48fe882639d31e27102cad9ed2979555da55944a
2944c3024e13444318267d493ee7dba4e4679744a51116229953c4d7c3866a43
29bc7fe3ad3db20965fe2448725789708ab21a6d148a99e5380744df261886c5
2a3d13042506b014659c201105249b75f7101f0c3175eea254b8f33bb5ea7bd8
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
334822679590a7083f4f6182406fa0478f3cda67b555a4d48c42d1959453268c
3614b2e32967099f61c9669b5f745a295ec083deae84eeb22f9c19c77900a88b
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6
3767d3fcc403ab0f4d4fffbe0ab115077b2416dc640c25e6e4751550a9dae2df
3772469c0442ef6ef3a53665def938a97d80e1ed48ecefc93357615cacd9756d
39236128fe5c0e392d70d5f7408240e5cbde2a6458e70e025b5c50781aee8270
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41b2c8c215be5020e756d8dde6c738ba98ca3a167266a4f708fbb02299771d69
4387cd9794e8d190916b41800f6b8d4b9db338fe7e84585d4fd2f0bc3e19fa06
45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb
4636fb9df5ae103fbad3764c9f98400be1c9384cbe77fdb6951b96adcac788b1
467c464a42f9126ed31ec784971e7766dee09d3d5912f8ea6f4fc898f8ab46a5
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
49712020cdf04c0161b3c7d60d9fa6c073388f2ef009bbad6c5edcf123fa707a
49ee074cfdaeb727f84b961fd6351dbc4878695e504bed457fa21c13a4ce3af6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ce81ecccefb27ce0f347ef564114da2ba450a9e1d9a7260b4597e62b1f71a72
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
503065fa938aaf774537c160f0c11e50dc35bd15bf29cd03a9a8d33037dbe022
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506d315d02544f0d8269f294f2da7d047af707dcd41db86012ca90dc1b4f78c2
52bb2d07b65ec544edeb2a33f4103397a28f036f0d100090f3e17e4364aea1fb
5380f4ed239609dd2ae0076e2d7ca55df0e802194bbf21200df01dc4412e158a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55cea37ba4b4a7545b294b34cfc82339b661f891fcd64c246e3342ad0f7a57c1
55e8c619d20bc3f1a22efd0fec83dba0d8bd9e898f0d5847eaff094f0887fad3
571da35bdddda7ec4fccd594181c04e2c5db4285be67907abea45daad789ebf7
58495f390f339b9154686d69a738f33796152444378ad5fec8217ae9eda0452f
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5bc8324d7164b9bc0edc9c0d8a779c6271356cc51ac504bacbac1283e877da9b
5c1285a4ac2eadeaeb1861f7863adb0a97a0a601308d4247e7e81fd79fc611e8
5de9039d18b59423c307972d26de6d415ef3c9fef1b16ff18a2c7503107b31bb
5e0c4b65a9aa656ce5484dee823c78de192e6b3fd64eab5317713ff31325c89c
5e602a492c8617e0de33a68beb210d47c71d43ce66cf4384350897359cac0add
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623d25e073df23fdc8130c27559c326e090bd8f5a95131be55a1bec463411b3d
6369d32085728856813df2a0debbfed9a2338698cbba75737849c9805a9570f3
644b9d0302a6693369bc66e0b706d4908d326cacf62b00ad5e6a80a05e66caf9
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
67dae2684dbedae6cf0b115921d3fcc5a80dcc7bf784165b3f505642d319d19c
689061066181e2f80c455652eb892d5f2753f4efe880ac9b8924e305f1952f4c
693a36dd17228f0d4bbac4980d6051bcc863179dce526c719509218913b37b5b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d22993ec7349420b3d5a8db07a8096e97808283b7e81b4b3d5e847cc582b30e
6fd5f1ad91ed2dfe6a83a80780e253f1bd116c716e6b3b6bb1d40fb13b864fcf
714186f630a576d49cd511f5b369e52a89f81c1994ecc670825f0432ced4d569
71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f
73613838fa8df8e94256e1dd186120754a11e1ae1f810ee2a79d8e6b1ea6cd0f
746ab55a875f8e4e34db4d32fa6430a9a7d0cfa08627feeae621ac83fc895b5f
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d
7f41d233dc6a0837b8ddf926f097dd87563946a531b9fb82d036831cefc69119
8128c02f772afdc3af7054708292df925eabfc6301c2c9bf8de77f1f8dd470a4
8274947f071c5bd9734c5e970df088e184c8f463ca9b72688b43eaeab2d635fe
8290d97b04510b940ddca9f2aea802eaafb36fc7a8f52e4466ed2b77db35c632
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
858d1934ffce0f42b45b11d2e0635d8c684801a91e8af11a142f6831840b47a1
85d8b565ec1b8140a0f3dd1801e149bc09ee8fd650539cb35ae5aeb86faa29c8
87ffe9ac50246b7a299ed65e71c4167243b9e7f0933b2cad262123efa24d455c
8974670645ed17265b446f112b8eec566705a96cb8ae63824ed04f270e3a7379
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c2f2840acb6cae65c808d1fb4f51deb456c2de24918295905d962778a3a0a81
8c52f64b8538b61eb70de24754c61aed4119abcde29a8aedeebfa0a32c264138
8c64f55a5448751409418c195c34fdb8cab1dfa25b41eacf7e08f1dbab8c7555
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
8f85e51a2f3c094fe6816857f185ca3f81647b4a74c6b06dd0df82e1d7455771
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
90fc0d4d2666d3f5b0ce950a759f03f7755f52012ba11c5d68bad84ab0ea9a3d
9106df425157d837db9798b2b26f25f27f9a4e803f2fb0b2851c88492bec14fd
93b3c4a595bd63cb41b20bfa3feed5a0515c0b1ad5b943d12c50e37dcea64696
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
97a8ac3778e546a6f181085011be6050889e44dd212ac3e9782389f0b853c23d
980a410d1a0d96f71d9b8320771ae1f4d485f67d7bc9cf80117edd869e256051
99ec1b27528b2883154fd166e11c3fa740d28609937a1a0287d95674ea99c2bc
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c73febbb757e827a60d255da8c28042f3748af2097cbbe13134897d327c4afe
9dd5a1686b1578e52da458a593bc5cab845274bf4766aadec058af701eb45c64
9e7878bbb1a0d8199e68adf0a7ffdf82a162b0a24207a696b0c5a8c3f64acc4f
9f9d38a368eab86ca0facc5f3c4d398aa8ae3f4e72983ccea299c9567d9861af
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a139caebc5a7c4bf78945ba3f22a3ae9981e5e8d6f10a2f6235d07a438eb0c41
a19902458ab4a5513642a87b381b9183a2fc725849b581fd953e22d824d1c5a7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5fc80af241aec02acf796b66c39027b469e8b54fd30519bb773908d3cd1f600
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7cac69ff4c7b905552b1915305ba548a87acdf6205efe6e5bd1eef0d4700793
a92379341fb4f1f929f52906cbed5f35bc474ad6e0dce7713768bc8d8c156af6
ab51a4756e201cbfe9a5059fde50d9d40b183a987c6cbfbe4684bf4f2926beed
acd9a410405e0ae8ddc02e68898bc72145b6c31b4118226bb7dc8e342faaa24d
ad2ae14f9e3a0b0f5a8ce19fef6938a770fd218074ed858feaf48cb2986c4372
adfb4cad9ff9a338742a03254c75f3bb152534d4209c0eacf2175f4a3091d667
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b089858662086aaf29d4f37d5cbd92faf267e7f9db55d13df5ec21229d2eb1b0
b08fa3ef437100da224ddf7a33bb12f70a3b9dd0aa819f588fe2d115d37822ff
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1cbb0a3fc338c889779e2fb023e61a1e039d238f5e42b3920413c83a0e3b71a
b3105908d85e5136b409669ee0615fcd3b289a8cef67dc3e2fd77fe7481775e2
b34e990bcdb512549b66a8703674635168434d960dd725e90285889f1336759e
b39c934479cfe0991a6eea4f9a0597eebea9da311d8ca1aebffd48fef946b5b7
b3c218f921126409f2f4a82b74458117039037330ffb76b30df5c6062b353a90
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b558b7f14e7021dc92bb4995333c9c19fa03f01d9ae12876e2d7a52d9153b22e
b73e6cb22f3ae22bcbe36217e226c082f813a2a8a7961644093d849bcbd30294
b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12
b81cc6d28cbf3df9c6127a05a865bef0842d917507cce946712974e748110957
b9fff3f99dc21e4051a54b10c589611a6b4c56b78079c275cc9279d996950468
bb7a31f16a1a9bda77fe3d3f1201ac7e238101cd1022b68e93580fa39394fbcb
bcb5c5298e2439eacc8bbbd3a20f56b1cb005614bb4af475a9510124c33aa3ad
bdbb760df6285779846da6af8ff9b4dc605c8533ca84a5e13b0e5391c3ab99ef
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
c2d3f1333439c3aa23b5a3686e29b95766e4f178c70ad59816c77199113d2365
c7e0b8d303b7848e12c93a30082dab5a04d0b8deadc6221daf2006e43906fdc1
c7f7b6ccfbf79cae50825d1c5bb299e19e6dcf08322824815ac50a223949b7e8
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36
cde1e812a0335654f8b799dc109ef9c0254c72de4e35f40c20a2bdded0be19c4
ce1e17725c0565bbdb0d7342bd669fea135d89a610c5f1c9ae7d0eed5e118267
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d21c3ee74fb0ae7062f25435467f24e470996643994b61b7e26639b332bd2ce1
d295ad9799d17401cc653b47a5c27bd046fe89512861221f1bc6b6738d31a060
d3371aea0eaea4d0dfdefd1a6c8d16479368182a4479d621d4ece5e9467b076e
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
d5a4ce07c722a024fffd9e89ad84fe5bbdbe501e920cd6a73cf4fd41c04c6ded
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
d7994b4c7055c1dbba3b5b88309fcd1327a08f3412ff73d5633cb3b842a156f6
d7fc505653c3573f9bccca93a33e2ed14bd8b4586bdeca9180225dab01f1bbbe
d8b05b9c2aaf1cc6d93fc6f29bc5a1d1f74d63b3c0d37e4c87d82658b1b9cbea
d9a7de3641bea5808ef2ac099754f534d282dd6ad578bd119ac96a33d53f3200
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dafd0e1a677a84abf3626d7123b1bcdf332d233f8be42b22577ac2383b095d4b
dd3f6ab528dc9fb96dd0943f7a833a94635b1c7c2debf76b58f55889fb64cef7
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
e064bae416609c3a889384a353c1fccad530f6a9169a2dd3702aa54813d88443
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6ac1f56910010e5a93a3093e7847ad5ea43ba9e8bb8ff568b957eff0a2f58da
e8acb14506260c4c012ca16081656a17cbf162224ddf70d31e48e6cefb7fb6cc
e980978372ef893e791fa10ac60561adda47a13b2fa5a10557e491808259633f
e9c71f8b95c5cd0b76b737b59923a0ead4eb6d83acc245b1b0527ac8dc8acaef
eaca0fb0be4c00a5add8575e92bddc641057ee578b8c75641cf8c36018543142
ebc9d9a64fe0dcc52fe330bb52ea9701a4cf717dbd18b4e6f4e736fe5e45f872
ed44e345a8354731787a4fc575c66363aac13eebd6007b88aecd8a1deea341df
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f15f29ee59b8b98eeb3d9bda8f5b6ea7183ddee520b20cbdd4185918b8bd7917
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
f670c1ad9fafff4387b4474fda0e68b090c975ddc416cf9f2aa64f50e1a4077c
f7a8e9ba173126956cea416f7d8039002d47e39abd29f782ac164884ed216c5e
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
fdfa393e5fb39c4ab607d817e8d0b5fe3573a4a2e3e8554131fbade8d615bcbf
ff67195daf1d4c0d8944b5288770138a959d58e91d0ae3f53d98af02a0ab4c1b