Submitted URL: https://reurl.cc/Ob0QGD|Benign|0|07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Effective URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Submission: On September 30 via api from IT

Summary

This website contacted 18 IPs in 9 countries across 17 domains to perform 48 HTTP transactions. The main IP is 35.194.141.193, located in Ascension Island and belongs to GOOGLE - Google LLC, US. The main domain is reurl.cc.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 17th 2019. Valid for: 3 months.
This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 35.194.141.193 15169 (GOOGLE)
1 2a04:4e42:3::621 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
5 35.190.35.45 15169 (GOOGLE)
5 143.204.214.43 16509 (AMAZON-02)
1 210.59.230.18 3462 (HINET Dat...)
1 2 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f02... 32934 (FACEBOOK)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f12... 32934 (FACEBOOK)
2 220.130.119.27 3462 (HINET Dat...)
1 2 162.210.196.208 30633 (LEASEWEB-...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
4 2a00:1288:f03... 10310 (YAHOO-1)
4 212.82.100.146 34010 (YAHOO-IRD)
4 2a00:1288:110... 34010 (YAHOO-IRD)
2 210.59.219.180 3462 (HINET Dat...)
48 18
Domain Requested by
8 reurl.cc reurl.cc
5 img.scupio.com reurl.cc
img.scupio.com
5 ad.sitemaji.com reurl.cc
ad.sitemaji.com
cdn.aralego.net
4 geo.yahoo.com reurl.cc
s.yimg.com
4 ads.yap.yahoo.com s.yimg.com
4 s.yimg.com ad.sitemaji.com
3 connect.facebook.net reurl.cc
connect.facebook.net
2 bw.scupio.com img.scupio.com
2 cdn.aralego.net reurl.cc
cdn.aralego.net
2 kdcl.pchome.com.tw blank
kdcl.pchome.com.tw
2 www.facebook.com reurl.cc
2 www.google-analytics.com 1 redirects reurl.cc
1 ads.aralego.com cdn.aralego.net
1 agent.aralego.com 1 redirects
1 www.google.de reurl.cc
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 kdpic.pchome.com.tw reurl.cc
1 maxcdn.bootstrapcdn.com reurl.cc
1 ajax.googleapis.com reurl.cc
1 cdn.jsdelivr.net reurl.cc
48 21

This site contains links to these domains. Also see Links.

Domain
youtils.cc
creditcards.com.tw
getvideo.me
Subject Issuer Validity Valid
reurl.cc
Let's Encrypt Authority X3
2019-09-17 -
2019-12-16
3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-05-29 -
2020-04-23
a year crt.sh
*.googleapis.com
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA
2019-09-14 -
2020-10-13
a year crt.sh
feebee.com.tw
Let's Encrypt Authority X3
2019-09-07 -
2019-12-06
3 months crt.sh
*.scupio.com
COMODO RSA Organization Validation Secure Server CA
2018-10-29 -
2019-10-29
a year crt.sh
*.pchome.com.tw
DigiCert SHA2 Secure Server CA
2018-10-04 -
2019-10-07
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-08-24 -
2019-10-19
2 months crt.sh
www.google.de
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh
ssl376663.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-09-19 -
2020-03-27
6 months crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA
2019-09-17 -
2019-11-01
a month crt.sh
*.gw.flurry.com
DigiCert SHA2 High Assurance Server CA
2019-04-26 -
2019-10-23
6 months crt.sh
*.autos.yahoo.com
DigiCert SHA2 High Assurance Server CA
2019-09-20 -
2020-03-18
6 months crt.sh
*.aralego.com
COMODO RSA Domain Validation Secure Server CA
2016-10-04 -
2019-12-21
3 years crt.sh

This page contains 9 frames:

Primary Page: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Frame ID: 4D9BFF3E922A311377A50C444DB2A9DD
Requests: 28 HTTP requests in this frame

Frame: https://img.scupio.com/html/ad.html?v=1.0.11
Frame ID: 8E64A2831D56F0164B27B37DE7D5F9E8
Requests: 1 HTTP requests in this frame

Frame: https://img.scupio.com/html/ad.html?v=1.0.11
Frame ID: 101D1DD79365FF826F032A33C84AEB63
Requests: 1 HTTP requests in this frame

Frame: https://kdcl.pchome.com.tw/adshow2.html?pfbxCustomerInfoId=PFBC20190525001&positionId=PFBP201905290002&padWidth=970&padHeight=250&keyword=&page=&precise=&fig=&screenX=1600&screenY=1200&t=233&docurl=https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Frame ID: B5BC8E08D085889ACA8D19C21AB558E5
Requests: 1 HTTP requests in this frame

Frame: https://ad.sitemaji.com/native/reurl_passback.js?s=728x90_pc
Frame ID: CC5E460FBB36114F5A0D6B251176C24A
Requests: 4 HTTP requests in this frame

Frame: https://ad.sitemaji.com/native/reurl_passback.js?s=300x250_mobile
Frame ID: BF5F9271D63F0EBEC3CD86A596C429FF
Requests: 4 HTTP requests in this frame

Frame: https://ad.sitemaji.com/native/reurl_passback.js?s=300x250_mobile
Frame ID: 0068A372B125D3ED2B93C360C8CE8DCC
Requests: 4 HTTP requests in this frame

Frame: https://ad.sitemaji.com/native/reurl_passback.js?s=970x90
Frame ID: 937C265571373021F00C1F4C773C8896
Requests: 4 HTTP requests in this frame

Frame: https://kdcl.pchome.com.tw/adshow2.html?pfbxCustomerInfoId=PFBC20190525001&positionId=PFBP201905290002&sampleId=us_201905250001&tproId=c_x05_tp_tpro_0053&format=0&page=1&padHeight=250&padWidth=970&keyword=&fig=&ref=NjU0N6mjtZ%2B0aXBes5S2oa1dpJJwfqNfknaFVHhyg5SvmKidZmaEX2ZmhF94X3NopWWmlKVfcZV6lXNjpJFzZ3VnpGBzknpfemKmX6didmNxZnKVeGR6ZHVneGOikniVc2SnZndlemOmkKM%3D
Frame ID: 7E511CF0C4DDA14552300B2A1F3B0F08
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /(?:\/([\d.]+))?\/vue(?:\.min)?\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

48
Requests

100 %
HTTPS

60 %
IPv6

17
Domains

21
Subdomains

18
IPs

9
Countries

442 kB
Transfer

1205 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1448934457&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FOb0QGD%257CBenign%257C0%257C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab&ul=en-us&de=UTF-8&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1071003363&gjid=2091619369&cid=1519447420.1569853368&tid=UA-102456694-1&_gid=268680103.1569853368&_r=1&z=562575407 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-102456694-1&cid=1519447420.1569853368&jid=1071003363&_gid=268680103.1569853368&gjid=2091619369&_v=j79&z=562575407 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-102456694-1&cid=1519447420.1569853368&jid=1071003363&_v=j79&z=562575407 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-102456694-1&cid=1519447420.1569853368&jid=1071003363&_v=j79&z=562575407&slf_rd=1&random=2115659701
Request Chain 25
  • https://agent.aralego.com/sdk HTTP 302
  • https://cdn.aralego.net/ucfad/sdk/us-east/ucfad_min_65832646a6d58626982145a5eda836ab7773339d.js

48 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
reurl.cc/
7 KB
3 KB
Document
General
Full URL
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.194.141.193 , Ascension Island, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
193.141.194.35.bc.googleusercontent.com
Software
nginx/1.4.6 (Ubuntu) / Express
Resource Hash
a51f89e1d49ec201c6b08bca380802e211b137bd03631e793d9a1905d998d673

Request headers

Host
reurl.cc
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Server
nginx/1.4.6 (Ubuntu)
Date
Mon, 30 Sep 2019 14:22:46 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
Express
Set-Cookie
lang=tw; Path=/ lang=tw; Path=/
Content-Encoding
gzip
vue.min.js
cdn.jsdelivr.net/npm/vue@2.5.16/dist/
84 KB
31 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
31638
etag
W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
x-served-by
cache-ams21040-AMS, cache-fra19169-FRA
date
Mon, 30 Sep 2019 14:22:46 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
style.css
reurl.cc/stylesheets/
7 KB
2 KB
Stylesheet
General
Full URL
https://reurl.cc/stylesheets/style.css
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.194.141.193 , Ascension Island, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
193.141.194.35.bc.googleusercontent.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
7e207e8b34a692d186d34ef55e5ea9808d545b3873af6a1a7ec7912f4e8565e4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 08 Nov 2018 16:18:05 GMT
Server
nginx/1.4.6 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/css
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/
85 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 26 Aug 2019 08:21:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3045681
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
30306
x-xss-protection
0
last-modified
Fri, 24 Mar 2017 20:55:54 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 25 Aug 2020 08:21:25 GMT
bootstrap.css
reurl.cc/stylesheets/
130 KB
26 KB
Stylesheet
General
Full URL
https://reurl.cc/stylesheets/bootstrap.css
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.194.141.193 , Ascension Island, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
193.141.194.35.bc.googleusercontent.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
69c5fd70e35eb89944954b732a1b0de129f4d30dd77e99dc5117c6e9b28c7d6a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:47 GMT
Content-Encoding
gzip
Last-Modified
Sun, 31 Mar 2019 04:27:47 GMT
Server
nginx/1.4.6 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/css
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/
36 KB
10 KB
Script
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
/
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

Sec-Fetch-Mode
cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Origin
https://reurl.cc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:46 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:33:51 GMT
status
200
etag
"1544639631"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
9832
ga.js
reurl.cc/javascripts/
384 B
554 B
Script
General
Full URL
https://reurl.cc/javascripts/ga.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.194.141.193 , Ascension Island, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
193.141.194.35.bc.googleusercontent.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
0f339cf9e117cb1612e7079c0a02fcc2ef26d9ffc19c93d0370d10bf81bb714f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:47 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 May 2018 07:59:37 GMT
Server
nginx/1.4.6 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/x-javascript
pixel.js
reurl.cc/javascripts/
470 B
613 B
Script
General
Full URL
https://reurl.cc/javascripts/pixel.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.194.141.193 , Ascension Island, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
193.141.194.35.bc.googleusercontent.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:47 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 May 2018 07:59:37 GMT
Server
nginx/1.4.6 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/x-javascript
ysm_reurl.js
ad.sitemaji.com/
17 KB
6 KB
Script
General
Full URL
https://ad.sitemaji.com/ysm_reurl.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.35.45 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
45.35.190.35.bc.googleusercontent.com
Software
/
Resource Hash
8290d97b04510b940ddca9f2aea802eaafb36fc7a8f52e4466ed2b77db35c632

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 11:44:15 GMT
content-encoding
gzip
age
9512
status
200
alt-svc
clear
content-length
6246
access-control-allow-origin
*
last-modified
Thu, 20 Jun 2019 08:55:05 GMT
etag
W/"5d0b49e9-4488"
vary
Accept-Encoding
content-type
application/javascript
via
AmigoCDN 1.0, 1.1 google
cache-control
max-age=86400, public
access-control-allow-credentials
true
accept-ranges
bytes
expires
Tue, 01 Oct 2019 11:44:15 GMT
ad.js
img.scupio.com/js/
27 KB
10 KB
Script
General
Full URL
https://img.scupio.com/js/ad.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.43 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-43.fra53.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
45170b8821de18e6f5d0c7eae52ee939de6bc874e7b009a2fade369e791c4c28

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:19:25 GMT
content-encoding
gzip
last-modified
Mon, 30 Sep 2019 02:57:25 GMT
server
nginx/1.12.1
age
201
etag
W/"5d916f15-6b26"
status
200
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=300
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
b7DBAuXrx77lXfW1cSztYCrcxY-LcDWjfAbQPTBYW8csmGsottsxPw==
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
expires
Mon, 30 Sep 2019 14:23:46 GMT
xpcadshow.js
kdpic.pchome.com.tw/img/js/
6 KB
6 KB
Script
General
Full URL
https://kdpic.pchome.com.tw/img/js/xpcadshow.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
210.59.230.18 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
kdimg.pchome.com.tw
Software
PChome Server /
Resource Hash
ac482f5ae324df5a4b00263bdfa3d471ced96ebf88b13c54d87e1e6694ba1b8f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:48 GMT
Last-Modified
Tue, 18 Jun 2019 07:51:55 GMT
Server
PChome Server
Accept-Ranges
bytes
ETag
"777107600"
Content-Length
5995
Content-Type
application/javascript
cashback-shopping-purchase-oversea-aboard.jpg
reurl.cc/images/
30 KB
30 KB
Image
General
Full URL
https://reurl.cc/images/cashback-shopping-purchase-oversea-aboard.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.194.141.193 , Ascension Island, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
193.141.194.35.bc.googleusercontent.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
648a4d707b7a827a5ce946a9dd45c8f8f572764f9d249addd3498f16c963f889

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:47 GMT
Last-Modified
Tue, 24 Sep 2019 14:43:53 GMT
Server
nginx/1.4.6 (Ubuntu)
ETag
"5d8a2ba9-77a8"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
30632
four-online-shopping-platform-shopee-pchome-yahoo-rukuten.jpg
reurl.cc/images/
36 KB
36 KB
Image
General
Full URL
https://reurl.cc/images/four-online-shopping-platform-shopee-pchome-yahoo-rukuten.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.194.141.193 , Ascension Island, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
193.141.194.35.bc.googleusercontent.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
dd0bd26455468eb696f8e93aa9b84cddcca5d85f32fb92bf1c0a67306babbf90

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:47 GMT
Last-Modified
Tue, 24 Sep 2019 14:43:53 GMT
Server
nginx/1.4.6 (Ubuntu)
ETag
"5d8a2ba9-8ec0"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
36544
loading.js
reurl.cc/javascripts/
240 B
423 B
Script
General
Full URL
https://reurl.cc/javascripts/loading.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.194.141.193 , Ascension Island, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
193.141.194.35.bc.googleusercontent.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
25355805f44af99037c6b951f9afd762f5fd74eb126aba4b2f82cafa563c0f90

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:47 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Jun 2019 01:48:26 GMT
Server
nginx/1.4.6 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/x-javascript
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/javascripts/ga.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
7009
date
Mon, 30 Sep 2019 12:25:58 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Mon, 30 Sep 2019 14:25:58 GMT
fbevents.js
connect.facebook.net/en_US/
121 KB
31 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/javascripts/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
14d88b3a27f0e6de034f86ad42d6411081e9467daf754147f2f16bcb20782177
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
31604
x-xss-protection
0
pragma
public
x-fb-debug
axFIkZv6rc1BbV6QioMxtgtZEfx+odfqhrtE1LTnaRaI06UfjmOu/JtEsMRbHabVOleAEphAd6Jjb4f7JFRbsw==
x-fb-trip-id
420120009
x-frame-options
DENY
date
Mon, 30 Sep 2019 14:22:47 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
17253.js
img.scupio.com/js/config/
640 B
1 KB
Script
General
Full URL
https://img.scupio.com/js/config/17253.js?v=1.0.1047
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.43 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-43.fra53.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
ed7ed95efa5b50167057e4b0e5b31df2576aff77844e410e62084dd630fbacd1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Sep 2019 07:00:35 GMT
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Mon, 05 Aug 2019 06:00:02 GMT
server
nginx/1.12.1
x-amz-cf-pop
FRA53-C1
etag
"5d47c5e2-280"
status
200
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=10800
accept-ranges
bytes
content-length
640
x-amz-cf-id
zclPX8sNurJCr6IbY9hOY3w1MsRCaVEBPKb6LB3f5vpi6bsX2AfQiw==
expires
Fri, 27 Sep 2019 10:00:35 GMT
ad.html
img.scupio.com/html/ Frame 8E64
0
0
Document
General
Full URL
https://img.scupio.com/html/ad.html?v=1.0.11
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.43 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-43.fra53.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash

Request headers

:method
GET
:authority
img.scupio.com
:scheme
https
:path
/html/ad.html?v=1.0.11
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab

Response headers

status
200
content-type
text/html; charset=utf-8
server
nginx/1.12.1
last-modified
Tue, 11 Jun 2019 03:18:36 GMT
access-control-allow-origin
*
content-encoding
gzip
date
Mon, 30 Sep 2019 13:28:12 GMT
etag
W/"5cff1d8c-5d5d"
expires
Mon, 30 Sep 2019 09:14:02 GMT
cache-control
max-age=21600
x-cache
Hit from cloudfront
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
0Xw9jrN598W9uYGCwz_eptgrLbpPkLAnSKLBZUlBAYuA7dJ1ums3-w==
age
3275
17229.js
img.scupio.com/js/config/
689 B
1 KB
Script
General
Full URL
https://img.scupio.com/js/config/17229.js?v=1.0.1047
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.43 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-43.fra53.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
fbf8f15f4c24cf9d85b44e715892fccd8bbeca1af37a998dfccdb7379fe8ab1e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Sep 2019 06:51:34 GMT
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Thu, 15 Aug 2019 03:56:07 GMT
server
nginx/1.12.1
x-amz-cf-pop
FRA53-C1
etag
"5d54d7d7-2b1"
status
200
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=10800
accept-ranges
bytes
content-length
689
x-amz-cf-id
zqxYP7_gSWFL5bJLOo3y8AbCBP4o3LIIXMWlcmi53ZZx_0Gq3XItlw==
expires
Fri, 27 Sep 2019 09:51:34 GMT
ad.html
img.scupio.com/html/ Frame 101D
0
0
Document
General
Full URL
https://img.scupio.com/html/ad.html?v=1.0.11
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.43 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-43.fra53.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash

Request headers

:method
GET
:authority
img.scupio.com
:scheme
https
:path
/html/ad.html?v=1.0.11
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab

Response headers

status
200
content-type
text/html; charset=utf-8
server
nginx/1.12.1
last-modified
Tue, 11 Jun 2019 03:18:36 GMT
access-control-allow-origin
*
content-encoding
gzip
date
Mon, 30 Sep 2019 05:24:07 GMT
etag
W/"5cff1d8c-5d5d"
expires
Mon, 30 Sep 2019 09:14:02 GMT
cache-control
max-age=21600
x-cache
Hit from cloudfront
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
I-iNEJhAsRcvzIW8lScP35F2n1JNtzdG-JPDRwWD4PFnLXtGnaDHXQ==
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1448934457&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FOb0QGD%257CBenign%257C0%257C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-102456694-1&cid=1519447420.1569853368&jid=1071003363&_gid=268680103.1569853368&gjid=2091619369&_v=j79&z=562575407
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-102456694-1&cid=1519447420.1569853368&jid=1071003363&_v=j79&z=562575407
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-102456694-1&cid=1519447420.1569853368&jid=1071003363&_v=j79&z=562575407&slf_rd=1&random=2115659701
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-102456694-1&cid=1519447420.1569853368&jid=1071003363&_v=j79&z=562575407&slf_rd=1&random=2115659701
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 14:22:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 30 Sep 2019 14:22:47 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-102456694-1&cid=1519447420.1569853368&jid=1071003363&_v=j79&z=562575407&slf_rd=1&random=2115659701
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1675200226052423
connect.facebook.net/signals/config/
307 KB
78 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1675200226052423?v=2.9.4&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
210303f6bb6cbe88d4fd7f6145fc586c77d0dda310179c1e321f9f724f97dea8
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
79754
x-xss-protection
0
pragma
public
x-fb-debug
4KaImoFSe81YOMkIm/QnRjkhMV6gJ4RJEovhSqBMNmfILDYNa1FTIC0UyS9SLlNGArk0R3GDWuMz9dz2kRHnDw==
x-fb-trip-id
420120009
x-frame-options
DENY
date
Mon, 30 Sep 2019 14:22:47 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
inferredEvents.js
connect.facebook.net/signals/plugins/
35 KB
10 KB
Script
General
Full URL
https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.4
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
b4e9e9bef19c34422f55a7fdb9d10c4db5e39cff24b8c98a0be0e09b2ee6ac2b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
10218
x-xss-protection
0
pragma
public
x-fb-debug
Z+eSR7+vEHmT7y/K4fsoYeHxQgzPKZd3xNC+4c/cBxUECdsVGzAu7ML6JYJ9NXjoW/kE+5ehlTEgaHfnzArG/A==
x-fb-trip-id
420120009
x-frame-options
DENY
date
Mon, 30 Sep 2019 14:22:47 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
246 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FOb0QGD%257CBenign%257C0%257C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab&rl=&if=false&ts=1569853367609&sw=1600&sh=1200&v=2.9.4&r=stable&ec=0&o=30&fbp=fb.1.1569853367608.551288849&it=1569853367576&coo=false&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:47 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Mon, 30 Sep 2019 14:22:47 GMT
adshow2.html
kdcl.pchome.com.tw/ Frame B5BC
530 B
784 B
Script
General
Full URL
https://kdcl.pchome.com.tw/adshow2.html?pfbxCustomerInfoId=PFBC20190525001&positionId=PFBP201905290002&padWidth=970&padHeight=250&keyword=&page=&precise=&fig=&screenX=1600&screenY=1200&t=233&docurl=https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Requested by
Host: blank
URL: about:blank
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
220.130.119.27 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
kdcln.pchome.com.tw
Software
/
Resource Hash
4575c9244f002056e65a9e20786e27bc990f75abc4a35cf1e73c494cb5f6ac4b

Request headers

Sec-Fetch-Mode
no-cors
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Sep 2019 14:22:50 GMT
Cache-Control
no-store
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Disposition
inline;filename=f.txt
Content-Length
530
Content-Type
application/javascript;charset=UTF-8
reurl_passback.js
ad.sitemaji.com/native/ Frame CC5E
15 KB
5 KB
Script
General
Full URL
https://ad.sitemaji.com/native/reurl_passback.js?s=728x90_pc
Requested by
Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/ysm_reurl.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.35.45 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
45.35.190.35.bc.googleusercontent.com
Software
/
Resource Hash
9106df425157d837db9798b2b26f25f27f9a4e803f2fb0b2851c88492bec14fd

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:49 GMT
content-encoding
gzip
last-modified
Thu, 29 Aug 2019 10:21:02 GMT
status
200
etag
W/"5d67a70e-3bbe"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
access-control-allow-credentials
true
accept-ranges
bytes
alt-svc
clear
via
AmigoCDN 1.0, 1.1 google
expires
Tue, 01 Oct 2019 14:22:49 GMT
ucfad_min_65832646a6d58626982145a5eda836ab7773339d.js
cdn.aralego.net/ucfad/sdk/us-east/
Redirect Chain
  • https://agent.aralego.com/sdk
  • https://cdn.aralego.net/ucfad/sdk/us-east/ucfad_min_65832646a6d58626982145a5eda836ab7773339d.js
30 KB
9 KB
Script
General
Full URL
https://cdn.aralego.net/ucfad/sdk/us-east/ucfad_min_65832646a6d58626982145a5eda836ab7773339d.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:135d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
326a76913e4f4470e186d62fa34d11adcc1be3a5e9e044979685a8a691935039

Request headers

Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:48 GMT
content-encoding
br
cf-cache-status
HIT
age
3293
status
200
last-modified
Mon, 23 Sep 2019 18:11:34 GMT
cf-bgj
minify
server
cloudflare
etag
W/"5d890ad6-78d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
51e6d9e39df3cbac-VIE
expires
Mon, 30 Sep 2019 18:22:48 GMT

Redirect headers

location
https://cdn.aralego.net/ucfad/sdk/us-east/ucfad_min_65832646a6d58626982145a5eda836ab7773339d.js
date
Mon, 30 Sep 2019 14:22:48 GMT
connection
close
content-length
117
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
reurl_passback.js
ad.sitemaji.com/native/ Frame BF5F
15 KB
6 KB
Script
General
Full URL
https://ad.sitemaji.com/native/reurl_passback.js?s=300x250_mobile
Requested by
Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/ysm_reurl.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.35.45 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
45.35.190.35.bc.googleusercontent.com
Software
/
Resource Hash
9106df425157d837db9798b2b26f25f27f9a4e803f2fb0b2851c88492bec14fd

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 09:54:32 GMT
content-encoding
gzip
age
16096
status
200
alt-svc
clear
content-length
5523
access-control-allow-origin
*
last-modified
Thu, 29 Aug 2019 10:21:02 GMT
etag
W/"5d67a70e-3bbe"
vary
Accept-Encoding
content-type
application/javascript
via
AmigoCDN 1.0, 1.1 google
cache-control
max-age=86400, public
access-control-allow-credentials
true
accept-ranges
bytes
expires
Tue, 01 Oct 2019 09:54:32 GMT
reurl_passback.js
ad.sitemaji.com/native/ Frame 0068
15 KB
5 KB
Script
General
Full URL
https://ad.sitemaji.com/native/reurl_passback.js?s=300x250_mobile
Requested by
Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/ysm_reurl.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.35.45 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
45.35.190.35.bc.googleusercontent.com
Software
/
Resource Hash
9106df425157d837db9798b2b26f25f27f9a4e803f2fb0b2851c88492bec14fd

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 09:54:32 GMT
content-encoding
gzip
age
16097
status
200
alt-svc
clear
content-length
5523
access-control-allow-origin
*
last-modified
Thu, 29 Aug 2019 10:21:02 GMT
etag
W/"5d67a70e-3bbe"
vary
Accept-Encoding
content-type
application/javascript
via
AmigoCDN 1.0, 1.1 google
cache-control
max-age=86400, public
access-control-allow-credentials
true
accept-ranges
bytes
expires
Tue, 01 Oct 2019 09:54:32 GMT
native.js
s.yimg.com/dy/ads/ Frame BF5F
35 KB
13 KB
Script
General
Full URL
https://s.yimg.com/dy/ads/native.js
Requested by
Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/native/reurl_passback.js?s=300x250_mobile
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),
Reverse DNS
Software
ATS /
Resource Hash
9b5fe27a08dfb54744fcdd1e2a81e5d897e8d093a86031159cfd4f180535817f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
vary
Origin, Accept-Encoding
content-length
12959
x-amz-id-2
1PmITCQkA3LyU86HPNl0m0qCbHfDvDXYPwkWvmn7abCuJbgeQjOHXxrNHW5IbNXAkSJ5juyh2K0=
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 24 Sep 2019 20:34:34 GMT
server
ATS
etag
"d7933ef910e81fc2ac6267a97bdc9e15-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
32938C4E0738A353
x-xss-protection
1; mode=block
cache-control
no-cache
accept-ranges
bytes
content-type
application/javascript
getAds.do
ads.yap.yahoo.com/nosdk/wj/v1/ Frame BF5F
196 B
570 B
Script
General
Full URL
https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_us&agentVersion=205&adTrackingEnabled=true&adUnitCode=1fffcdb4-48e0-4bda-b4bd-835f894c1a14&apiKey=M2G62KV2NBNXKBPVHWQN&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FOb0QGD%257CBenign%257C0%257C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab&caps=16&cb=jsonPCallback0
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
212.82.100.146 , Switzerland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
media-router-flurry71.prod.media.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
00651a6423a0fcee774eadc9dc617ab9be1082024f1f470f5f0ee9363414f53a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:48 GMT
Content-Encoding
gzip
Server
ATS
Age
0
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Connection
keep-alive
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
b
geo.yahoo.com/ Frame BF5F
43 B
593 B
Image
General
Full URL
https://geo.yahoo.com/b?t=xhkd7&9sdk8454
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 14:22:48 GMT
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
status
200
cache-control
no-cache, no-store, private
strict-transport-security
max-age=31536000
content-type
image/gif
content-length
43
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
ucfad-formats.css
cdn.aralego.net/css/dev/
975 B
372 B
Stylesheet
General
Full URL
https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by
Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/sdk/us-east/ucfad_min_65832646a6d58626982145a5eda836ab7773339d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:135d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:48 GMT
content-encoding
br
cf-cache-status
HIT
age
3627
cf-polished
origSize=1191
status
200
last-modified
Fri, 16 Mar 2018 07:19:46 GMT
cf-bgj
minify
server
cloudflare
etag
W/"5aab7012-4a7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
51e6d9e3ce92cbac-VIE
expires
Mon, 30 Sep 2019 18:22:48 GMT
ad_request
ads.aralego.com/
285 B
874 B
XHR
General
Full URL
https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=0&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FOb0QGD%257CBenign%257C0%257C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab&xr=0&adid=ad-BE7EA7D3B2339BD4077327D9D4B2DA62&w=970&h=90&ver=ADGENT_WEB-2017091501&pos=1&seq=undefined&euconsent=&cb=0.20701091001754723
Requested by
Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/sdk/us-east/ucfad_min_65832646a6d58626982145a5eda836ab7773339d.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Arlington, United States, ASN30633 (LEASEWEB-USA-WDC-01 - Leaseweb USA, Inc., US),
Reverse DNS
Software
/
Resource Hash
2f114f8ab4f6556d1d581a3ec6d452fac64d7b7d0af0773cc27c8ecde6354e57

Request headers

Sec-Fetch-Mode
cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:49 GMT
x-width
970
x-height
90
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://reurl.cc
access-control-expose-headers
X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource
x-adsource
PSA
x-adtype
html
connection
close
access-control-allow-credentials
true
content-length
285
x-adstyle
banner
/
www.facebook.com/tr/
44 B
246 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1675200226052423&ev=Microdata&dl=https%3A%2F%2Freurl.cc%2FOb0QGD%257CBenign%257C0%257C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab&rl=&if=false&ts=1569853369113&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.4&r=stable&ec=1&o=30&fbp=fb.1.1569853369113.2006101988&it=1569853367576&coo=false&es=automatic&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:49 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Mon, 30 Sep 2019 14:22:49 GMT
reurl_passback.js
ad.sitemaji.com/native/ Frame 937C
15 KB
5 KB
Script
General
Full URL
https://ad.sitemaji.com/native/reurl_passback.js?s=970x90
Requested by
Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/sdk/us-east/ucfad_min_65832646a6d58626982145a5eda836ab7773339d.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.35.45 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
45.35.190.35.bc.googleusercontent.com
Software
/
Resource Hash
9106df425157d837db9798b2b26f25f27f9a4e803f2fb0b2851c88492bec14fd

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:49 GMT
content-encoding
gzip
last-modified
Thu, 29 Aug 2019 10:21:02 GMT
status
200
etag
W/"5d67a70e-3bbe"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
access-control-allow-credentials
true
accept-ranges
bytes
alt-svc
clear
via
AmigoCDN 1.0, 1.1 google
expires
Tue, 01 Oct 2019 14:22:49 GMT
native.js
s.yimg.com/dy/ads/ Frame 0068
35 KB
35 KB
Script
General
Full URL
https://s.yimg.com/dy/ads/native.js
Requested by
Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/native/reurl_passback.js?s=300x250_mobile
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),
Reverse DNS
Software
ATS /
Resource Hash
9b5fe27a08dfb54744fcdd1e2a81e5d897e8d093a86031159cfd4f180535817f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:50 GMT
x-content-type-options
nosniff
age
0
status
200
vary
Origin
content-length
35373
x-amz-id-2
fSdBjAb8slSn0DNNBO1zax4iPBcXGsHRDYdSwvjtObU6Xo0O59fQrHJGBN+YFvdTAe9cBhV+HXQ=
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 24 Sep 2019 20:34:34 GMT
server
ATS
etag
"d7933ef910e81fc2ac6267a97bdc9e15"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
D47CD38AB673E80A
x-xss-protection
1; mode=block
cache-control
no-cache
accept-ranges
bytes
content-type
application/javascript
b
geo.yahoo.com/ Frame 0068
43 B
168 B
Image
General
Full URL
https://geo.yahoo.com/b?t=xhkd7&9sdk8454
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 14:22:49 GMT
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
status
200
cache-control
no-cache, no-store, private
strict-transport-security
max-age=31536000
content-type
image/gif
content-length
43
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
getAds.do
ads.yap.yahoo.com/nosdk/wj/v1/ Frame 0068
196 B
570 B
Script
General
Full URL
https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_us&agentVersion=205&adTrackingEnabled=true&adUnitCode=1fffcdb4-48e0-4bda-b4bd-835f894c1a14&apiKey=M2G62KV2NBNXKBPVHWQN&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FOb0QGD%257CBenign%257C0%257C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab&caps=16&cb=jsonPCallback0
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
212.82.100.146 , Switzerland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
media-router-flurry71.prod.media.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
10f48067fdd619acc904efe218ced3af64e0fd97376f5297c900462bed334683
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:49 GMT
Content-Encoding
gzip
Server
ATS
Age
0
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Connection
keep-alive
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
native.js
s.yimg.com/dy/ads/ Frame CC5E
35 KB
13 KB
Script
General
Full URL
https://s.yimg.com/dy/ads/native.js
Requested by
Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/native/reurl_passback.js?s=728x90_pc
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),
Reverse DNS
Software
ATS /
Resource Hash
9b5fe27a08dfb54744fcdd1e2a81e5d897e8d093a86031159cfd4f180535817f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
vary
Origin, Accept-Encoding
content-length
12959
x-amz-id-2
iqlgStgZ/DBZMMS0kMFeHdWjxu7lpW4saEaE43n1cHkGXWWQBsx1BGiorvqbwOUn3Effmt8uCNg=
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 24 Sep 2019 20:34:34 GMT
server
ATS
etag
"d7933ef910e81fc2ac6267a97bdc9e15-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
1344E6EB0D09D04F
x-xss-protection
1; mode=block
cache-control
no-cache
accept-ranges
bytes
content-type
application/javascript
native.js
s.yimg.com/dy/ads/ Frame 937C
35 KB
13 KB
Script
General
Full URL
https://s.yimg.com/dy/ads/native.js
Requested by
Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/native/reurl_passback.js?s=970x90
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),
Reverse DNS
Software
ATS /
Resource Hash
9b5fe27a08dfb54744fcdd1e2a81e5d897e8d093a86031159cfd4f180535817f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 14:22:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2
status
200
vary
Origin, Accept-Encoding
x-amz-request-id
59396FA2146A99E1
x-amz-id-2
K1RelRrwJQAUam2KmJFasw8tp92fDUjTQSN64DpKvb+39XrAaMts7dD0JROqJhxYnD4QO4PgZ6Y=
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 24 Sep 2019 20:34:34 GMT
server
ATS
etag
"d7933ef910e81fc2ac6267a97bdc9e15-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
no-cache
accept-ranges
bytes
b
geo.yahoo.com/ Frame CC5E
43 B
77 B
Image
General
Full URL
https://geo.yahoo.com/b?t=xhkd7&9sdk8454
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 14:22:49 GMT
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
status
200
cache-control
no-cache, no-store, private
strict-transport-security
max-age=31536000
content-type
image/gif
content-length
43
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
getAds.do
ads.yap.yahoo.com/nosdk/wj/v1/ Frame CC5E
196 B
570 B
Script
General
Full URL
https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_us&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FOb0QGD%257CBenign%257C0%257C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab&caps=16&cb=jsonPCallback0
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
212.82.100.146 , Switzerland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
media-router-flurry71.prod.media.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
10f48067fdd619acc904efe218ced3af64e0fd97376f5297c900462bed334683
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:49 GMT
Content-Encoding
gzip
Server
ATS
Age
0
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Connection
keep-alive
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
b
geo.yahoo.com/ Frame 937C
43 B
168 B
Image
General
Full URL
https://geo.yahoo.com/b?t=xhkd7&9sdk8454
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 14:22:50 GMT
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
status
200
cache-control
no-cache, no-store, private
strict-transport-security
max-age=31536000
content-type
image/gif
content-length
43
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
getAds.do
ads.yap.yahoo.com/nosdk/wj/v1/ Frame 937C
196 B
570 B
Script
General
Full URL
https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_us&agentVersion=205&adTrackingEnabled=true&adUnitCode=1b24e60a-6093-4789-8e24-b9f1ef6a2715&apiKey=M2G62KV2NBNXKBPVHWQN&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FOb0QGD%257CBenign%257C0%257C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab&caps=16&cb=jsonPCallback0
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
212.82.100.146 , Switzerland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
media-router-flurry71.prod.media.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
4d42e9089b5517b5125e7c71cf675c95b88bf8bfd038b00f204587875e721180
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 14:22:50 GMT
Content-Encoding
gzip
Server
ATS
Age
0
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Connection
keep-alive
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cookie set adshow2.html
kdcl.pchome.com.tw/ Frame 7E51
0
0
Document
General
Full URL
https://kdcl.pchome.com.tw/adshow2.html?pfbxCustomerInfoId=PFBC20190525001&positionId=PFBP201905290002&sampleId=us_201905250001&tproId=c_x05_tp_tpro_0053&format=0&page=1&padHeight=250&padWidth=970&keyword=&fig=&ref=NjU0N6mjtZ%2B0aXBes5S2oa1dpJJwfqNfknaFVHhyg5SvmKidZmaEX2ZmhF94X3NopWWmlKVfcZV6lXNjpJFzZ3VnpGBzknpfemKmX6didmNxZnKVeGR6ZHVneGOikniVc2SnZndlemOmkKM%3D
Requested by
Host: kdcl.pchome.com.tw
URL: https://kdcl.pchome.com.tw/adshow2.html?pfbxCustomerInfoId=PFBC20190525001&positionId=PFBP201905290002&padWidth=970&padHeight=250&keyword=&page=&precise=&fig=&screenX=1600&screenY=1200&t=233&docurl=https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
220.130.119.27 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
kdcln.pchome.com.tw
Software
/
Resource Hash

Request headers

Host
kdcl.pchome.com.tw
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate

Response headers

Cache-Control
no-store
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie
uuid=28b3024c-86b2-45bd-a30c-248a0e6d4c02; Domain=.pchome.com.tw; Expires=Tue, 29-Sep-2020 14:22:50 GMT; Path=/; HttpOnly puuid=K.20190930222250.0; Domain=.pchome.com.tw; Expires=Tue, 29-Sep-2020 14:22:50 GMT; Path=/; HttpOnly uuid=xxx-28b3024c-86b2-45bd-a30c-248a0e6d4c02; Domain=.pchome.com.tw; Expires=Tue, 29-Sep-2020 14:22:50 GMT; Path=/; HttpOnly
Content-Disposition
inline;filename=f.txt
Content-Type
text/html;charset=UTF-8
Content-Length
388
Date
Mon, 30 Sep 2019 14:22:50 GMT
inview.aspx
bw.scupio.com/adpinline/
52 B
826 B
XHR
General
Full URL
https://bw.scupio.com/adpinline/inview.aspx?cb=0.4352049476912021
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
210.59.219.180 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
6eaa3f3e2a26c3d008eca3831fb85bdfabad18e773255ef9d81cb5018231fe42

Request headers

Accept
application/json, text/javascript, */*
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
cors
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Mon, 30 Sep 2019 14:22:51 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
P3P
CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin
https://reurl.cc
Cache-Control
private
Access-Control-Allow-Credentials
true
Content-Type
application/javascript; charset=utf-8
Content-Length
170
inview.aspx
bw.scupio.com/adpinline/
52 B
826 B
XHR
General
Full URL
https://bw.scupio.com/adpinline/inview.aspx?cb=0.12583763919688695
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
210.59.219.180 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
b26f4400d15bf704a05dd2c8dc160cc3cb2a2c3f6b17c653a0b3cb07fa7a2df1

Request headers

Accept
application/json, text/javascript, */*
Referer
https://reurl.cc/Ob0QGD%7CBenign%7C0%7C07029d6eed00f9f24cb2848c12c9093e0f354071f75954874ac7f25f76694eab
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
cors
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Mon, 30 Sep 2019 14:22:51 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
P3P
CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin
https://reurl.cc
Cache-Control
private
Access-Control-Allow-Credentials
true
Content-Type
application/javascript; charset=utf-8
Content-Length
170

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| Vue function| $ function| jQuery string| GoogleAnalyticsObject function| ga function| fbq function| _fbq number| pad_width number| pad_height string| pad_customerId string| pad_positionId object| Scupioads object| scupioads function| hasOwnProperty object| scupiosdk object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| res string| docurl string| keywordValue string| pageValue string| pid string| ptype string| seway boolean| padssl number| screen_x number| screen_y undefined| testurl undefined| kis undefined| pis undefined| tis string| fig string| adurl string| showadscript string| hostname object| head function| getMessage0 object| iframeArrayData object| iframeArray object| pcadshowList object| pad_pchad object| app object| SD object| device object| television function| sitemajiDebugger string| adUnitType object| ucf object| ucfad_async object| request string| paramsString

6 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: IDE
Value: AHWqTUmZ2PwLNXeFbgdMD9ZLj0c3BgyPULYUbYWtaAQvqFYIqpzIN5C1k5p11c5i
.pchome.com.tw/ Name: uuid
Value: xxx-28b3024c-86b2-45bd-a30c-248a0e6d4c02
.scupio.com/ Name: gx
Value: H4sIADmAkl0A%2fxNmYGDg4ub4t3rmyW%2fvHpkLsAqxcNgLMAEAV79JdRcAAAA%3d
.scupio.com/ Name: gxc
Value: 1
.scupio.com/ Name: OrgKeyValue
Value: CKA20190930222249741205
.pchome.com.tw/ Name: puuid
Value: K.20190930222250.0

1 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.aralego.net/ucfad/sdk/us-east/ucfad_min_65832646a6d58626982145a5eda836ab7773339d.js(Line 1)
Message:
Get AD

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.sitemaji.com
ads.aralego.com
ads.yap.yahoo.com
agent.aralego.com
ajax.googleapis.com
bw.scupio.com
cdn.aralego.net
cdn.jsdelivr.net
connect.facebook.net
geo.yahoo.com
img.scupio.com
kdcl.pchome.com.tw
kdpic.pchome.com.tw
maxcdn.bootstrapcdn.com
reurl.cc
s.yimg.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
143.204.214.43
162.210.196.208
2001:4de0:ac19::1:b:3b
210.59.219.180
210.59.230.18
212.82.100.146
220.130.119.27
2606:4700:20::6818:135d
2a00:1288:110:c204::b000
2a00:1288:f03d:1fa::2000
2a00:1450:4001:800::2004
2a00:1450:4001:80b::200e
2a00:1450:4001:814::200a
2a00:1450:4001:81d::2003
2a00:1450:400c:c0c::9a
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:3::621
35.190.35.45
35.194.141.193
00651a6423a0fcee774eadc9dc617ab9be1082024f1f470f5f0ee9363414f53a
0f339cf9e117cb1612e7079c0a02fcc2ef26d9ffc19c93d0370d10bf81bb714f
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
10f48067fdd619acc904efe218ced3af64e0fd97376f5297c900462bed334683
14d88b3a27f0e6de034f86ad42d6411081e9467daf754147f2f16bcb20782177
1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced
210303f6bb6cbe88d4fd7f6145fc586c77d0dda310179c1e321f9f724f97dea8
25355805f44af99037c6b951f9afd762f5fd74eb126aba4b2f82cafa563c0f90
2f114f8ab4f6556d1d581a3ec6d452fac64d7b7d0af0773cc27c8ecde6354e57
326a76913e4f4470e186d62fa34d11adcc1be3a5e9e044979685a8a691935039
45170b8821de18e6f5d0c7eae52ee939de6bc874e7b009a2fade369e791c4c28
4575c9244f002056e65a9e20786e27bc990f75abc4a35cf1e73c494cb5f6ac4b
4d42e9089b5517b5125e7c71cf675c95b88bf8bfd038b00f204587875e721180
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
648a4d707b7a827a5ce946a9dd45c8f8f572764f9d249addd3498f16c963f889
69c5fd70e35eb89944954b732a1b0de129f4d30dd77e99dc5117c6e9b28c7d6a
6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037
6eaa3f3e2a26c3d008eca3831fb85bdfabad18e773255ef9d81cb5018231fe42
7e207e8b34a692d186d34ef55e5ea9808d545b3873af6a1a7ec7912f4e8565e4
8290d97b04510b940ddca9f2aea802eaafb36fc7a8f52e4466ed2b77db35c632
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9106df425157d837db9798b2b26f25f27f9a4e803f2fb0b2851c88492bec14fd
9b5fe27a08dfb54744fcdd1e2a81e5d897e8d093a86031159cfd4f180535817f
a51f89e1d49ec201c6b08bca380802e211b137bd03631e793d9a1905d998d673
ac482f5ae324df5a4b00263bdfa3d471ced96ebf88b13c54d87e1e6694ba1b8f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b26f4400d15bf704a05dd2c8dc160cc3cb2a2c3f6b17c653a0b3cb07fa7a2df1
b4e9e9bef19c34422f55a7fdb9d10c4db5e39cff24b8c98a0be0e09b2ee6ac2b
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dd0bd26455468eb696f8e93aa9b84cddcca5d85f32fb92bf1c0a67306babbf90
ed7ed95efa5b50167057e4b0e5b31df2576aff77844e410e62084dd630fbacd1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fbf8f15f4c24cf9d85b44e715892fccd8bbeca1af37a998dfccdb7379fe8ab1e