reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reurl.cc/qZ40Kn
Submission: On July 24 via manual (July 24th 2023, 1:17:02 pm UTC) from DE — Scanned from DE

Summary HTTP 242 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 58 IPs in 11 countries across 44 domains to perform 242 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 266179.
TLS certificate: Issued by R3 on July 21st 2023. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	35.185.130.121 35.185.130.121	15169 (GOOGLE) (GOOGLE)
3	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
1	151.101.129.55 151.101.129.55	54113 (FASTLY) (FASTLY)
11	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	35.186.215.140 35.186.215.140	15169 (GOOGLE) (GOOGLE)
1	13.32.99.59 13.32.99.59	16509 (AMAZON-02) (AMAZON-02)
27	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	35.244.196.223 35.244.196.223	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0a::9d	15169 (GOOGLE) (GOOGLE)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:225... 2600:9000:2250:3000:a:e047:753:be1	() ()
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4 44	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:fd04	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.185.136.122 35.185.136.122	15169 (GOOGLE) (GOOGLE)
1	192.0.78.24 192.0.78.24	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2600:9000:225... 2600:9000:225e:fe00:1e:5c56:d400:93a1	16509 (AMAZON-02) (AMAZON-02)
1	192.0.78.187 192.0.78.187	2635 (AUTOMATTIC) (AUTOMATTIC)
1	35.244.153.44 35.244.153.44	15169 (GOOGLE) (GOOGLE)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:d::a 2a02:2638:d::a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638:d::d 2a02:2638:d::d	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.7.13 178.250.7.13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
29	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
6	2600:9000:225... 2600:9000:2250:8200:0:e06c:e940:93a1	() ()
3 9	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
4 6	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 4	185.89.210.90 185.89.210.90	29990 (ASN-APPNEX) (ASN-APPNEX)
4	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
2	18.178.181.226 18.178.181.226	16509 (AMAZON-02) (AMAZON-02)
1	34.95.67.231 34.95.67.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.197.92.130 52.197.92.130	16509 (AMAZON-02) (AMAZON-02)
1 2	35.201.76.93 35.201.76.93	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	175.41.216.229 175.41.216.229	16509 (AMAZON-02) (AMAZON-02)
1 2	52.30.88.149 52.30.88.149	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2	2600:9000:223... 2600:9000:223f:1c00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2600:1f18:1ac... 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	35.190.36.98 35.190.36.98	15169 (GOOGLE) (GOOGLE)
1 1	139.162.23.100 139.162.23.100	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
2 2	3.124.112.76 3.124.112.76	16509 (AMAZON-02) (AMAZON-02)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	3.64.241.131 3.64.241.131	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.5.133 37.157.5.133	198622 (ADFORM) (ADFORM)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
242	58

6 35.185.130.121 (Taipei, Taiwan)

ASN15169 (GOOGLE, US)
PTR: 121.130.185.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.55 (United States)

ASN54113 (FASTLY, US)

anymind360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 203.75.214.136 (Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
f9cd014e-968c-4461-9128-3aa1aac0333c.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.215.140 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 140.215.186.35.bc.googleusercontent.com

ad.sitemaji.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-59.fra60.r.cloudfront.net

img.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scontent.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.196.223 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 223.196.244.35.bc.googleusercontent.com

storage.re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:3000:a:e047:753:be1 (United States)

ASN- ()

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:fd04 (United States)

ASN13335 (CLOUDFLARENET, US)

mma.prnasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.185.136.122 (Taipei, Taiwan)

ASN15169 (GOOGLE, US)
PTR: 122.136.185.35.bc.googleusercontent.com

re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.24 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:fe00:1e:5c56:d400:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.187 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

blog.alphaloan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.153.44 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 44.153.244.35.bc.googleusercontent.com

www.rayskyinvest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::d (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2250:8200:0:e06c:e940:93a1 (United States)

ASN- ()

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.98 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.90 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.178.181.226 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-178-181-226.ap-northeast-1.compute.amazonaws.com

cm-dev-poc.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.67.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.67.95.34.bc.googleusercontent.com

fcm.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.197.92.130 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-197-92-130.ap-northeast-1.compute.amazonaws.com

fcm2.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.76.93 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 93.76.201.35.bc.googleusercontent.com

c.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 175.41.216.229 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-175-41-216-229.ap-northeast-1.compute.amazonaws.com

adcdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.88.149 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-88-149.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:1c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.36.98 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 98.36.190.35.bc.googleusercontent.com

ad2.apx.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.162.23.100 (Singapore) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li865-100.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.112.76 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-112-76.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.64.241.131 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-241-131.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.133 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	googlesyndication.com 4 redirects 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 134 tpc.googlesyndication.com — Cisco Umbrella Rank: 153 a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com	778 KB
27	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 208 stats.g.doubleclick.net — Cisco Umbrella Rank: 120 googleads.g.doubleclick.net — Cisco Umbrella Rank: 56 cm.g.doubleclick.net — Cisco Umbrella Rank: 242 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 354	463 KB
24	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 679 scontent.xx.fbcdn.net — Cisco Umbrella Rank: 342	549 KB
14	holmesmind.com 1 redirects cdn.holmesmind.com — Cisco Umbrella Rank: 127957 cm-dev-poc.holmesmind.com — Cisco Umbrella Rank: 130186 fcm.holmesmind.com — Cisco Umbrella Rank: 156555 fcm2.holmesmind.com — Cisco Umbrella Rank: 162647 c.holmesmind.com — Cisco Umbrella Rank: 108397 adcdn.holmesmind.com — Cisco Umbrella Rank: 135013 ad.holmesmind.com — Cisco Umbrella Rank: 108653	44 KB
13	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 317	96 KB
12	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 898 static.adsafeprotected.com — Cisco Umbrella Rank: 579 dt.adsafeprotected.com — Cisco Umbrella Rank: 564	101 KB
11	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 54612 f9cd014e-968c-4461-9128-3aa1aac0333c.t.ssp.hinet.net	10 KB
9	gstatic.com www.gstatic.com fonts.gstatic.com	145 KB
6	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 490	5 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	337 KB
6	reurl.cc reurl.cc — Cisco Umbrella Rank: 266179	6 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 59 region1.google-analytics.com — Cisco Umbrella Rank: 1815	21 KB
5	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	29 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 82	3 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 244	3 KB
4	criteo.com 1 redirects bidder.criteo.com — Cisco Umbrella Rank: 734 gum.criteo.com — Cisco Umbrella Rank: 437 mug.criteo.com — Cisco Umbrella Rank: 2484	7 KB
4	google.com www.google.com — Cisco Umbrella Rank: 3	2 KB
3	appier.net 2 redirects ad2.apx.appier.net — Cisco Umbrella Rank: 45048 gocm.c.appier.net — Cisco Umbrella Rank: 2921	937 B
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1525 google-bidout-d.openx.net — Cisco Umbrella Rank: 1519	667 B
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 166	137 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 378	59 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 784	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 610	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 910	2 KB
2	re-news.tw storage.re-news.tw re-news.tw	32 KB
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 355	146 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 384	265 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 811	463 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 261	33 KB
1	wp.com i0.wp.com — Cisco Umbrella Rank: 3548	488 KB
1	rayskyinvest.com www.rayskyinvest.com	31 KB
1	alphaloan.co blog.alphaloan.co	181 KB
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 5415	1020 KB
1	creditcards.com.tw creditcards.com.tw	49 KB
1	gbyhn.com.tw img.gbyhn.com.tw	515 KB
1	prnasia.com mma.prnasia.com — Cisco Umbrella Rank: 470882	70 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5791	408 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 605	13 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 1648	2 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1618	8 KB
1	scupio.com img.scupio.com — Cisco Umbrella Rank: 122715
1	sitemaji.com ad.sitemaji.com — Cisco Umbrella Rank: 97283	6 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	84 KB
1	anymind360.com anymind360.com — Cisco Umbrella Rank: 17970	32 KB
242	44

	Domain	Requested by
37	tpc.googlesyndication.com	4 redirects 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com reurl.cc tpc.googlesyndication.com securepubads.g.doubleclick.net a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
29	pagead2.googlesyndication.com	3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com pagead2.googlesyndication.com reurl.cc googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com securepubads.g.doubleclick.net a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
22	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
13	s0.2mdn.net	reurl.cc s0.2mdn.net
13	securepubads.g.doubleclick.net	reurl.cc securepubads.g.doubleclick.net www.googletagservices.com
9	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
9	t.ssp.hinet.net	reurl.cc t.ssp.hinet.net cdn.holmesmind.com
8	dt.adsafeprotected.com	3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com reurl.cc
6	cdn.holmesmind.com	securepubads.g.doubleclick.net cdn.holmesmind.com ad.holmesmind.com
6	www.googletagservices.com	3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com securepubads.g.doubleclick.net a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
6	reurl.cc	reurl.cc
5	fonts.gstatic.com	fonts.googleapis.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	www.facebook.com	reurl.cc static.xx.fbcdn.net
4	www.gstatic.com	3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
4	fonts.googleapis.com	3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	www.google.com	reurl.cc tpc.googlesyndication.com a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
3	www.google-analytics.com	reurl.cc www.google-analytics.com
3	connect.facebook.net	reurl.cc connect.facebook.net fcm2.holmesmind.com
3	cdn.jsdelivr.net	reurl.cc securepubads.g.doubleclick.net
2	image6.pubmatic.com	2 redirects
2	c1.adform.net	2 redirects
2	pm.w55c.net	2 redirects
2	a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ad2.apx.appier.net	1 redirects
2	static.adsafeprotected.com	3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	reurl.cc
2	fw.adsafeprotected.com	1 redirects reurl.cc
2	c.holmesmind.com	1 redirects cdn.holmesmind.com
2	cm-dev-poc.holmesmind.com	cdn.holmesmind.com
2	f9cd014e-968c-4461-9128-3aa1aac0333c.t.ssp.hinet.net	reurl.cc
2	googleads.g.doubleclick.net	3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com pagead2.googlesyndication.com
2	gum.criteo.com	1 redirects static.criteo.net
2	oajs.openx.net	1 redirects reurl.cc
2	region1.google-analytics.com	www.googletagmanager.com
2	scontent.xx.fbcdn.net	www.facebook.com
1	ssum-sec.casalemedia.com	1 redirects
1	x.bidswitch.net	a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
1	match.adsrvr.org	a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
1	cms.quantserve.com	a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
1	gocm.c.appier.net	1 redirects
1	ad.holmesmind.com	cdn.holmesmind.com
1	cdnjs.cloudflare.com	s0.2mdn.net
1	adcdn.holmesmind.com	cdn.holmesmind.com
1	fcm2.holmesmind.com	cdn.holmesmind.com
1	fcm.holmesmind.com	cdn.holmesmind.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	reurl.cc
1	bidder.criteo.com	static.criteo.net
1	i0.wp.com	reurl.cc
1	www.rayskyinvest.com	reurl.cc
1	blog.alphaloan.co	reurl.cc
1	static.wixstatic.com	reurl.cc
1	creditcards.com.tw	reurl.cc
1	re-news.tw	reurl.cc
1	img.gbyhn.com.tw	reurl.cc
1	mma.prnasia.com	reurl.cc
1	www.google.de	reurl.cc
1	static.criteo.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	storage.re-news.tw	reurl.cc
1	img.scupio.com	reurl.cc
1	ad.sitemaji.com	reurl.cc
1	www.googletagmanager.com	reurl.cc
1	anymind360.com	reurl.cc
242	69

This site contains links to these domains. Also see Links.

Domain
re-news.tw
youtils.cc
stockinfo.tw

Subject Issuer	Validity	Valid
reurl.cc R3	`2023-07-21` - `2023-10-19`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
anymind360.com R3	`2023-06-27` - `2023-09-25`	3 months	crt.sh
*.t.ssp.hinet.net	`2023-04-06` - `2024-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
feebee.com.tw R3	`2023-07-04` - `2023-10-02`	3 months	crt.sh
*.scupio.com Sectigo RSA Organization Validation Secure Server CA	`2022-09-26` - `2023-10-27`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-02` - `2023-07-31`	3 months	crt.sh
storage.re-news.tw GTS CA 1D4	`2023-06-11` - `2023-09-09`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-05-28` - `2023-08-26`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-05-18` - `2023-08-16`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.prnasia.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-08` - `2023-12-08`	a year	crt.sh
gbyhn.com.tw GTS CA 1P5	`2023-05-27` - `2023-08-25`	3 months	crt.sh
re-news.tw R3	`2023-06-30` - `2023-09-28`	3 months	crt.sh
tls.automattic.com R3	`2023-06-06` - `2023-09-04`	3 months	crt.sh
*.wixstatic.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-05` - `2023-09-01`	6 months	crt.sh
*.rayskyinvest.com R3	`2023-07-07` - `2023-10-05`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-18`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2023-05-19` - `2024-06-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh

This page contains 30 frames:

Primary Page: https://reurl.cc/qZ40Kn
Frame ID: 75868FC01DF46261DD576C2FE8DAFB5E
Requests: 50 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FCreditCards.com.tw%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId
Frame ID: 4B3D4A92142669AD8B68689FEE880E03
Requests: 30 HTTP requests in this frame

Frame: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 686A3A2C7AEA8298C5045CE03112FFB4
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc
Frame ID: 3C53DEACA9159C0A756EBB6FBB762888
Requests: 2 HTTP requests in this frame

Frame: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7B5D82F8AB27835C3EA36AEECCDFFAE2
Requests: 29 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: E6EFD66B02652E51A021D5222AF616D9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJXmOhCTqWIY3vqy7gEwAQ&v=APEucNWC6uywtNlLhv_CnGLxs1r3kSITNShB9z0OC0PXpXglnkeqC7z1lYr5IK8GIoAuPdo57HiOWo9XmOqOrGTmH0emoJ4L6vFByUzUsOWOwmHk1s9BuXMmGsLICfMXL94rvy-ESESmT1xmIrAjiqsnWQJOzJJf_Q15YtY4u8mwhez0l7py26w
Frame ID: 0A20F9ECD0383BE2D439A92019EF4B17
Requests: 5 HTTP requests in this frame

Frame: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B55E5A8CA509E3DFB5C51001B017CF6B
Requests: 17 HTTP requests in this frame

Frame: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: FC913A94AAEB523C3961E286C146CF08
Requests: 14 HTTP requests in this frame

Frame: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AA37D37C6C0EC1016125EA218E1135B3
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss2fK3_vp745wqDftvBdyzMf94bnKHgfQGekapBtvU6IYlGDQf1_3omtvtjRjTe3sMSGvTlPPjnwrwJ-XstY5vF1MGGbZUxXbeSa5EzWoOzwjHAzo_V4fPxR9Jmimzox1zLom_WmfUcIb9oWfEGH6nrNL4Yg0JoRQpmjprBZbkzgJWiuQ648jejw7BJDs729NySauBzxSA5um3Rb5eAgYpMXFS1hDrWTbjModI5_yz2stjaCr-ruyK-QHpjUjQeAdoB8FlNYrgvYalF2gQyFC5CFr9FJFczWDyMUM4M3z3OPenzci5VPFeGsy5xzCh25zCNUqlsAHrljiVuD2m7oDtjlH6iOA6nSU_f6RU&sai=AMfl-YSBOPQ_Gb4uBx0Frcp0SF9NS3Lgcw4TfirshRpZbgl2YbJDTDYufu84Yok-TYWOHFeV-MFRRyB3swr0evfYSOeg0XOZXZ30520croLpnjDLTcd1ViVj4WmvdfpXzj0FqEGvwBb1jQodW53jV9E&sig=Cg0ArKJSzDxNV15prhd6EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: DFBD79B11811035F88F8ABC0DBD76FC9
Requests: 7 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: E33994E5960B23D62179236CF290B523
Requests: 7 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20230627
Frame ID: F551A08D7D383FE2CEBD74C811ECCA10
Requests: 10 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: E533411D0EBFCD52539021DEC17C40F4
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 44D2DA42A3EDB3613BEC7B344C3C2D5A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js
Frame ID: 5FCC42C5AF171DF36C65A28B28CD5C92
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js
Frame ID: B5934F91A172A4F7B846F02FF7F3545D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js
Frame ID: 0C2D11CA1CBC9BA702E91AE1A79EF537
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 80C2E24C9DE5EA301AE5658084C53D8B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13125690698918494302/index.html?ev=01_250
Frame ID: F8A2E5AEDA61514F53684166AD14CFAD
Requests: 13 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 462A80F06A88F2A5D1BFA6C272ABEDF6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CB3512EBF5126266B8CD662663EF9C92
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 226CCF701072CBC7095A697CD49FF741
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 9C3D6CF215D13307CA5069815F1B23B3
Requests: 6 HTTP requests in this frame

Frame: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Frame ID: 30A3B885548D5887E51F30F9D43547DE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2447CA147D48C4FC576791D15B9BDD94
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3060A04C8D61A8E8E2E9BCC7BF616AA3
Requests: 2 HTTP requests in this frame

Frame: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Frame ID: 6C04D6272A7791AB2AB3950DCAAC0645
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 230CBC89528762B5CE47174ED7D4773A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js
Frame ID: 1D322E86C47798F0B9B114284F322DD3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

GSAP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

TweenMax(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

242
Requests

92 %
HTTPS

48 %
IPv6

44
Domains

69
Subdomains

58
IPs

11
Countries

5353 kB
Transfer

10642 kB
Size

41
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://re-news.tw/
Title: 離開此頁

Search URL Search Domain Scan URL

URL: https://re-news.tw/prnasia/4164408_XG64408_2

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/50150

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/42070

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/604

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/64b26b13468ef8ab696e08fa

Search URL Search Domain Scan URL

URL: https://re-news.tw/alphaloan/20451

Search URL Search Domain Scan URL

URL: https://re-news.tw/rayskyinvest/98223

Search URL Search Domain Scan URL

URL: https://re-news.tw/renews/151

Search URL Search Domain Scan URL

URL: https://re-news.tw/golike/14027

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: 表情符號(emoji)

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: IP查詢

Search URL Search Domain Scan URL

URL: https://youtils.cc/big5gb
Title: 繁簡轉換

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QRCode

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: 身高/長度換算

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: 台股資訊網

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: 字數統計

Search URL Search Domain Scan URL

URL: https://youtils.cc/password/zh-Hants
Title: 密碼序號產生器

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: 日期計算機

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: 農曆轉國曆

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: UTM網址

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67

https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FqZ40Kn&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FqZ40Kn&rid=esp&cc=1

Request Chain 73

https://gum.criteo.com/sid/json?origin=publishertagids&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=uaGT-HxKNnpoeTU5cjMzMHU5bElBUVBmZFpjNEdVMGRtc2kzVTZMdzQrS1d0Q2dKVzJ4VitRWTlMMXRNaDA1ejNmV1ZOSysrbVZvaHNxNERqbzFaOHI0eWNtZElVbkYvUkJ5eTBMK2VkQW0zelpOSlVQb00rcnBua2lqN3l2VDNWQk1aUE5Tb012RE1ZNTBrTmNzakJNOUc3WGlUcE5GQnUvLzJIaWFHNjFMMEk2cm5YekVEb0hOYkJHdjE5UnlyWkY1Ymp5ZG05RHZIelZRR2xLb1QrNTdJM2lhMXUxbjdyWDMzdmVVODE3RTlqenJBSk5vQ1poQ1pXb0swVkhxaVRKOWk2TythNVEyQ0NqRmhHTjZjT2huNEhWUT09fA&cppv=2

Request Chain 90

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1&C=1

Request Chain 91

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZL55yMKkADhwJdA9yVDR5AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1

Request Chain 92

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAqUKe8smsJ8Po2jbJ34lFo&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAqUKe8smsJ8Po2jbJ34lFo%26google_cver%3D1

Request Chain 93

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzA5NjgyNzkwMTYxMDE0Mzc1Nw%3D%3D

Request Chain 111

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL HTTP 301
https://tpc.googlesyndication.com/simgad/4091503581208051288

Request Chain 113

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r HTTP 301
https://tpc.googlesyndication.com/simgad/624907996767536446

Request Chain 123

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL HTTP 301
https://tpc.googlesyndication.com/simgad/4091503581208051288

Request Chain 143

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 163

https://fw.adsafeprotected.com/rfw/st/1512463/72069454/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1013433103&ias_pubId=pub-1310852604335254&ias_chanId=1&ias_placementId=20291930156&bidurl=https://reurl.cc/qZ40Kn&ias_dealId=549644393847793680&adsafe_par&ias_impId=v4~~ABAjH0gbCbRv_fy6YN9ryd0Q1U6Z&adContainerId=brand_safety_yHm-ZKjuJc6XjuwP1YuM2As&cbFunctionName=goog_wrapCb_yHm-ZKjuJc6XjuwP1YuM2As&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Freurl.cc&adsafe_type=y&adsafe_url=https%3A%2F%2Freurl.cc%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:80e4badc-b792-cc2c-eb6c-e960d18c8e24,c:ji3Rb1,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-5d94d9d8b-77v4p,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1,mtim:5,mot:0,app:0,maw:0,fm:tKVUk9K+11%7C12%7C13%7C14*.1512463-72069454%7C141%7C142%7C143%7C15%7C161%7C171%7C181%7C1911%7C1912%7C192,idMap:14*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:44,oid:5d68eaad-2a24-11ee-9089-4edd183cd424,v:19.8.432,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}&adContainerId=brand_safety_yHm-ZKjuJc6XjuwP1YuM2As&cbFunctionName=goog_wrapCb_yHm-ZKjuJc6XjuwP1YuM2As&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js

Request Chain 185

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=jqJbha0GCDa-qFcyy3m-ZA

Request Chain 234

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r HTTP 301
https://tpc.googlesyndication.com/simgad/624907996767536446

Request Chain 238

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFpdIffFzh0l0MZUrPDdk_0&google_cver=1&google_push=AaAOQGErj2FCidvQzpo8G4YTW7PdiLRggySpGg5X6l6w8ABbpScRX7FURQ3qbWk4ZMtFfveJN4zr0cbNPqPAcL7SIBdwX_iLByw HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFpdIffFzh0l0MZUrPDdk_0&google_cver=1&google_push=AaAOQGErj2FCidvQzpo8G4YTW7PdiLRggySpGg5X6l6w8ABbpScRX7FURQ3qbWk4ZMtFfveJN4zr0cbNPqPAcL7SIBdwX_iLByw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SWhZMkRNOUgxUW5WcVE1&google_gid=CAESEFpdIffFzh0l0MZUrPDdk_0&google_cver=1&google_push=AaAOQGErj2FCidvQzpo8G4YTW7PdiLRggySpGg5X6l6w8ABbpScRX7FURQ3qbWk4ZMtFfveJN4zr0cbNPqPAcL7SIBdwX_iLByw

Request Chain 241

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOXHVXgTtcuFLSxWENb90uA&google_cver=1&google_push=AaAOQGFnfufizbLf9HifYrBkBDamx1zbrWmU9Lqae3KOAEWTt8K_kKaGbpMbanGJUsHoFxfGKDl3FYMuvMI2DqxO11N7NYaHyhAF HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOXHVXgTtcuFLSxWENb90uA&google_cver=1&google_push=AaAOQGFnfufizbLf9HifYrBkBDamx1zbrWmU9Lqae3KOAEWTt8K_kKaGbpMbanGJUsHoFxfGKDl3FYMuvMI2DqxO11N7NYaHyhAF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1MzgyMDk3NDYwNzEwNzc1MQ&google_push=AaAOQGFnfufizbLf9HifYrBkBDamx1zbrWmU9Lqae3KOAEWTt8K_kKaGbpMbanGJUsHoFxfGKDl3FYMuvMI2DqxO11N7NYaHyhAF

Request Chain 242

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFyOX13UaZsy0c_3GybKAsA&google_cver=1&google_push=AaAOQGHpd64reI8GkSbW8FtVTuaVDZrf5BzCw9Uoii3omIC8JK6izQogg8Dnn7pDYW5H8SNAysjRuH9OY1Gog-ltTcpzTkbjuzi0 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFyOX13UaZsy0c_3GybKAsA&google_cver=1&google_push=AaAOQGHpd64reI8GkSbW8FtVTuaVDZrf5BzCw9Uoii3omIC8JK6izQogg8Dnn7pDYW5H8SNAysjRuH9OY1Gog-ltTcpzTkbjuzi0&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CFXZ6Bo5TBaeAIq0vj0Kww%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHpd64reI8GkSbW8FtVTuaVDZrf5BzCw9Uoii3omIC8JK6izQogg8Dnn7pDYW5H8SNAysjRuH9OY1Gog-ltTcpzTkbjuzi0

Request Chain 243

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHhFLyet84oDgMMa7WhBpW8&google_cver=1&google_push=AaAOQGHvdVTh41vgLIIHAT8Z8d-2zbG_V6n5lWS_cjrEh6-lBXVLxhfraelGyaTbJ-Xzpyg00pitwygW0SCs9SCGdGaxclsA9C3s HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHhFLyet84oDgMMa7WhBpW8&google_hm=ZL55yMKkADhwJdA9yVDR5AAAFJMAAAIB&google_nid=index&google_push=AaAOQGHvdVTh41vgLIIHAT8Z8d-2zbG_V6n5lWS_cjrEh6-lBXVLxhfraelGyaTbJ-Xzpyg00pitwygW0SCs9SCGdGaxclsA9C3s

242 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request qZ40Kn Show response
reurl.cc/ 10 KB
3 KB 790ms
261ms Document
text/html 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 119427c92f7fe2af80ef80f580ad8d36fad733ab01ac57da234fb9f5121cae48

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 24 Jul 2023 13:16:54 GMT
server: nginx/1.18.0 (Ubuntu)
target: https://shrtco.de/94CBnY
vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
25 KB 139ms
42ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 24 Jul 2023 13:16:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 821155
x-jsd-version: 4.3.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25648
x-served-by: cache-fra-eddf8230054-FRA
x-jsd-version-type: version
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 style.css
reurl.cc/stylesheets/rwd/ 2 KB
1 KB 259ms
257ms Stylesheet
text/css 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/stylesheets/rwd/style.css?v=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/qZ40Kn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:54 GMT
content-encoding: gzip
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"63356adf-9f6"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
expires: Tue, 23 Jul 2024 13:16:54 GMT

GET
H2 200 ats.js Show response
anymind360.com/js/9479/ 124 KB
32 KB 139ms
41ms Script
application/javascript 151.101.129.55
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://anymind360.com/js/9479/ats.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.55 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

3d9a612f852ba9f3564e53516bcd21b0283341c3b3655c3f439f2e84bdc4faa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

expires: Sun, 23 Jul 2023 19:56:34 GMT
date: Mon, 24 Jul 2023 13:16:54 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31557600
age: 62420
x-guploader-uploadid: ADPycdtl6XQCY3EgUlb9vYvFDchPNrJHR0GiieYKZT0xZ7t44G2seg91d991A5ihnPeybTWfI5e9DVMTTSoGqTbBeN6KKr6cmGZ9
x-cache: HIT, HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31540
x-served-by: cache-tyo11954-TYO, cache-fra-eddf8230102-FRA
last-modified: Thu, 20 Apr 2023 06:30:15 GMT
server: UploadServer
x-timer: S1690204615.680369,VS0,VE1
etag: "952e4c8d56156d3e3cc5e40a9b199ed2"
vary: Accept-Encoding
x-goog-generation: 1681972215759031
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-goog-hash: crc32c=h0V3+Q==, md5=lS5MjVYVbT48xeQKmxme0g==
access-control-expose-headers: Content-Type
cache-control: max-age=1200
x-goog-stored-content-length: 31540
accept-ranges: bytes
x-cache-hits: 264, 1

GET
H2 200 pixel.js Show response
reurl.cc/javascripts/ 429 B
524 B 260ms
258ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/qZ40Kn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:54 GMT
content-encoding: gzip
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"63356adf-1ad"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 23 Jul 2024 13:16:54 GMT

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ 5 KB
3 KB 1202ms
267ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

9c988e280a9af2e0bfc476f7ada40e1984db51651029927933b16de44400c28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
strict-transport-security: max-age=0
content-encoding: gzip
last-modified: Wed, 16 Nov 2022 03:58:03 GMT
server: nginx
etag: W/"63745fcb-142e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
expires: Mon, 24 Jul 2023 13:26:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 244 KB
84 KB 146ms
53ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c5641fbb8d4464c9470fed28cd5a001ec10a03ee0b7080a948935c2a92ff0596

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 24 Jul 2023 13:16:54 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 221ms
128ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85794aeb8915266043a02fdd057b6a6e5833d26f0107f37c7af88fde9d2db447

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27818
x-xss-protection: 0
server: cafe
etag: 583 / 19562 / m202307180101 / config-hash: 6641860603076998902
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:55 GMT

GET
H2 200 ysm_reurl.js Show response
ad.sitemaji.com/ 17 KB
6 KB 142ms
41ms Script
application/javascript 35.186.215.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.sitemaji.com/ysm_reurl.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.215.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.215.186.35.bc.googleusercontent.com
Software: nginx/1.12.1 (Ubuntu) /
Resource Hash: 8290d97b04510b940ddca9f2aea802eaafb36fc7a8f52e4466ed2b77db35c632

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 05:40:26 GMT
content-encoding: br
via: 1.1 google
last-modified: Thu, 20 Jun 2019 08:48:16 GMT
server: nginx/1.12.1 (Ubuntu)
age: 27388
etag: W/"5d0b4850-4488"
vary: Accept-Encoding,Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5880
expires: Tue, 25 Jul 2023 05:40:26 GMT

GET
H2 404 ad.js
img.scupio.com/js/ 0
0 732ms
611ms Script
text/html 13.32.99.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/ad.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-59.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 84 KB
33 KB 139ms
43ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 24 Jul 2023 13:16:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 830661
x-jsd-version: 2.5.16
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 33184
x-served-by: cache-fra-eddf8230054-FRA
x-jsd-version-type: version
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 renews.js Show response
reurl.cc/javascripts/ 412 B
493 B 260ms
259ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 52bb2d07b65ec544edeb2a33f4103397a28f036f0d100090f3e17e4364aea1fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/qZ40Kn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:54 GMT
content-encoding: gzip
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"63356adf-19c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 23 Jul 2024 13:16:54 GMT

GET
H2 200 loading.js Show response
reurl.cc/javascripts/ 134 B
339 B 260ms
259ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/loading.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/qZ40Kn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:54 GMT
content-encoding: gzip
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"63356adf-86"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 23 Jul 2024 13:16:54 GMT

GET
H2 200 ga2.js Show response
reurl.cc/javascripts/ 536 B
550 B 261ms
260ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/ga2.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/qZ40Kn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:54 GMT
content-encoding: gzip
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"63356adf-218"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 23 Jul 2024 13:16:54 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 124ms
40ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/pixel.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5facf3ca997fd8a7658579d40b8bc44a659e12df5b45b2f1f1713f987b86366c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 24 Jul 2023 13:16:54 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46993
x-xss-protection: 0
pragma: public
x-fb-debug: maXIeLWAzegaIdaMXzur5SdYg4/JoPWschTXMoNbEeFJLUnwC1yRVAJKqSi27X+gfuylwyFRynxC2tmUDY4kLg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 page.php Show response
www.facebook.com/plugins/ Frame 4B3D 95 KB
27 KB 198ms
114ms Document
text/html 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

22fdae073d8eebc3f9cf47c255b4071a763618a2289a3f6218dffa83aca8fbcc

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:55 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: aj8lgcoSpFsPnqRbH7SH264iNjpeys8F6cWTUdUba2FqARJdZ0ZfPv1ETTdtt+CNDW8ban/3cCTGPTlG8hdjLQ==
x-xss-protection: 0

GET
H2 200 feeds Show response
storage.re-news.tw/ 8 KB
8 KB 528ms
305ms XHR
text/html 35.244.196.223
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.re-news.tw/feeds
Requested by: Host: reurl.cc
URL: https://reurl.cc/javascripts/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.196.223 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 223.196.244.35.bc.googleusercontent.com
Software: / Express
Resource Hash: e5f731129769d3d12c938326014661a58073963517b40e42b2fa6dc85b32886c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"1f0b-ChfbPAEEPKkikhc159/oc+ix6IU"
vary: Origin
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7947

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 129ms
39ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/ga2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 24 Jul 2023 13:04:37 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 738
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 24 Jul 2023 15:04:37 GMT

GET
H2 200 XOxOgXCiYa-.css
static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/ Frame 4B3D 22 KB
6 KB 130ms
41ms Stylesheet
text/css 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/XOxOgXCiYa-.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

86d11015f834f8a655919449f3166fcf02639ab7b9bd7b6c5f2f49b25ac04e42

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 1hkD+rgPgbRJ8Ej+4IrQsw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5711
x-fb-debug: K8FMAU/vP1XQXXgUhSUgXaRa83KSOEzKm+L50thtmz6cOi3kZ8+scf3uYfJVYU0K4wtV13h6g6Ux42HdNcO7qg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Mon, 22 Jul 2024 16:09:08 GMT

GET
H2 200 5Efu-Dd9ERG.css
static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/ Frame 4B3D 33 KB
6 KB 131ms
42ms Stylesheet
text/css 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/5Efu-Dd9ERG.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0dbdba4e3ae519ca99e112e64fc41409518bc3356804b0a52116c4d88def2774

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: fl5R7gBdn+7q3joF/eO71w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6398
x-fb-debug: ODDG3fgzEj6FZ9Cu05Z+Irs0/VU2tLHDeYqGBzZ+j+uFUiVUg8Ob0II8coIGNe+wUeFc67tPErSuleNVs9zLVQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 03:02:03 GMT

GET
H2 200 f8CUwIWJhHb.css
static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/ Frame 4B3D 21 KB
5 KB 131ms
43ms Stylesheet
text/css 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/f8CUwIWJhHb.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d75fe25d4bc0658608f27fab50d03a4cdd948cbfa97cf4e6c093410309874c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: dotaC+YwgMnSGOatsjKfew==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4777
x-fb-debug: RvFAaLZ/+CGam+XG+5pgZNmTWA8dGVLz/GJVUmnQe5miWIFQ3zKt8UzaKJEYZ8tvswGUdmlgERKXWz9BRzhYLw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Mon, 22 Jul 2024 16:09:08 GMT

GET
H2 200 1t_e1hNxdjZ.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yu/r/ Frame 4B3D 307 KB
82 KB 214ms
125ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/1t_e1hNxdjZ.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8a132bc5849b9036742f0a8ef191d221138fe9882475f1b6ed5cde8642693edd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: dWRLdqvSGfRhinHI5vL32A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 83410
x-fb-debug: +j9JAbZPObDdgXAqk8Ch8lYAY5Jq5fDLaW/TfYz0+ko/7f0U8234EYqGpRJU0Ek/RkZL0/BuMNMSTDknuh9Y5w==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 02:29:56 GMT

GET
H2 200 e2QXQ-W4nFm.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y1/r/ Frame 4B3D 115 KB
33 KB 131ms
42ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/e2QXQ-W4nFm.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ed3feedd3817486bdb2d8db80af4d1c788038564e3e544f80d49845fd917bfc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: HSEV+svbMVDxCWu0E9KSFg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 33412
x-fb-debug: eDNP+vPINYRtG67a6Biq+QKucYO77M3QywtDBXsZpdU5ddbWmpL8yU1CHiAvWgHYrKcyzGwTPMFWViUuBM/CpQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 03:31:27 GMT

GET
H2 200 ux_NkE8MHDx.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yi/r/ Frame 4B3D 6 KB
2 KB 213ms
126ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/ux_NkE8MHDx.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

821b28af7c976d5005b2a7728e75380fc92afbd60e6b0446a1b134992751bafd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: J1KRDRwHDhIhaS6PbeSRRg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1766
x-fb-debug: OE+AzVygba7ahMVZ5EBN0OZ68u6HUnBk+r72kpT86YzwlixbyQ2VLGHluS+nbLHNFqBPhZmnr4CV4tPNPgcD+g==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 16:11:02 GMT

GET
H2 200 F_36hfrjJt1.js Show response
static.xx.fbcdn.net/rsrc.php/v3iLNf4/y0/l/de_DE/ Frame 4B3D 233 KB
66 KB 266ms
179ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iLNf4/y0/l/de_DE/F_36hfrjJt1.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a7218be20c194153fd159b3e2494a53c5280e16e314798d85a173cd2fb8cbdcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 9AN8/BR0bSCaQ2Vn4OG85g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 66927
x-fb-debug: yYK5KU0vo1JF58w8C3v10LZe3nydWJMNLAR/llnvA0KxzQPRVc/rJrLOIcT/o6DasUPMdWmjFq2M648ZGizh5w==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Tue, 23 Jul 2024 11:18:22 GMT

GET
H2 200 p55HfXW__mM.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ Frame 4B3D 507 B
486 B 262ms
175ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: L5E9gSgR735vyjAzTFly4g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 293
x-fb-debug: uFME5jWiOIXD7CDuJa+O88diPrn66aXLDd9KCR2aF+HNwvwd19X2mHPDP+P0dT6S3fs2y0mhyCKjaNbf3Z73hg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 03:34:47 GMT

GET
H2 200 y2It1Jv-7us.js Show response
static.xx.fbcdn.net/rsrc.php/v3iAxA4/ym/l/de_DE/ Frame 4B3D 108 KB
31 KB 214ms
127ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/ym/l/de_DE/y2It1Jv-7us.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e91d9ad84ff4922e19cff4e5c4c44d537d4045abfe37a73431eaf8a68bcfe634

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Fb7MzjvpC7W7mAUVB1zwCg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 31805
x-fb-debug: msBTKqn+5xFhT7go5ZQGUNbfoaoE1V5L7rGH23jGkd1BVYiDHSgCz7V30AyYszirGYxBHDAvvgcbVUxVXaGTeQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 03:05:41 GMT

GET
H2 200 r3yOxCxHnwJ.js Show response
static.xx.fbcdn.net/rsrc.php/v3izqU4/yM/l/de_DE/ Frame 4B3D 343 KB
81 KB 263ms
176ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3izqU4/yM/l/de_DE/r3yOxCxHnwJ.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

92f538af4e3f4de8f3a27a6552570e530a70edc9beacda2a1d7e5578831ca6da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 37hohRO6FIe+c8mSA9e6FA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 82892
x-fb-debug: R98swPL5i+fAJTc/6rUkkJlvfdm04+Oj7hMIM3f/HOCVu+oy3Jrmta1AAPElpXJsvJcNSZGdgaUQ1cLe+T2Vmg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 18 Jul 2024 19:23:20 GMT

GET
H2 200 umM_MDfzPnJ.js Show response
static.xx.fbcdn.net/rsrc.php/v3iUWb4/y-/l/de_DE/ Frame 4B3D 358 KB
82 KB 264ms
177ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iUWb4/y-/l/de_DE/umM_MDfzPnJ.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

30e50247a89d127aa3e9d36b7ed08708b6bab8fa998806c7e666ce93770c41d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Jq3KJycFoeUIyu7NiSYA1A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 83730
x-fb-debug: 2FEr/pKsheQ5KVI6WHeGK8DUoK+lf+S2R0FcmFdxVXqc5Y+yAT8yLjsQ9lwNkQAiaGBESdq+ufrwmchXo7IyzA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 21 Jul 2024 17:52:03 GMT

GET
H2 200 qLwbFngPnot.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 4B3D 35 KB
11 KB 264ms
178ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/qLwbFngPnot.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0cd3b2b37028c0767d449a322a5d687fdff2ad45738efed6dd742e527d543c89

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: HxDbWqJGtx1yWK1fZxF3+Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11312
x-fb-debug: o/lr+x7rjvhWWwPuVlUtXm52l9SiZnvyMnmEfdCloQp2Yp5xnhqdY3NcXmrxZPpyt3QK69gqNDOZNqzGQKojwg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 18 Jul 2024 21:03:04 GMT

GET
H2 200 XsCxmYYui7J.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yC/r/ Frame 4B3D 19 KB
7 KB 263ms
177ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/XsCxmYYui7J.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d705c583adbdd3f894f85889ec1ee8ad58c6dec025201c81ab0e73a0cce23806

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: E6/9/Pr5yCRV+itNJbAdFA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6532
x-fb-debug: LImjRt7zhH0Ewda4osm1tht2O/qxgRklnZc+PkJDgDQXD9t5SF7AiN02Zx2ELeOoR0+6xLhoN1XlvGqIXvlXNQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 04:34:57 GMT

GET
H2 200 h0WAPi6h8g_.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 4B3D 13 KB
5 KB 262ms
176ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/h0WAPi6h8g_.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2105761edb1b5e948992a32d1902e94f6c976deb6616bd612790719fe5323fc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: poAWE4kEOlE+k6BafDACzw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4551
x-fb-debug: L/XmkWsp9F8n4YcYF/+D7S6Sv7x7gqZizGtPMFOXa5wxdqWsfvSOw1HYDUryoanPmI2feIZ8qbNalOXDsGBCUg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 02:34:01 GMT

GET
H2 200 v7SqxzH-p0n.js Show response
static.xx.fbcdn.net/rsrc.php/v3/ye/r/ Frame 4B3D 28 KB
7 KB 212ms
126ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/v7SqxzH-p0n.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

93f76625521adcf15a9966d3a2e245a09d9bc2f72e8bc62c251db371345dfb51

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: iNM0VPo3uIbe6Z4UUgVG6w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7382
x-fb-debug: ZdBtFFWjtHE0sOE7uMPtjxX5N4RJgyO4rEMr4WPi3AXBz3L3Ku048Uzzm4wAOlqxo/jU2sPxQ6y1qK+/DNo1Jw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 03:35:36 GMT

GET
H2 200 HzxD9aAXSyD.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yV/r/ Frame 4B3D 55 KB
15 KB 263ms
178ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/HzxD9aAXSyD.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c7d5594f3a599ccd0b1a336bb68a24d59882f394bb0b9c9a29c5200cd2b48468

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: oRcNmPqvdkv3ysBSBC5rSQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 15157
x-fb-debug: 2AckdjHH67FPUJI29U3oYvWMTUu/uQe3EC0aTYiGnN176M6x1i81ZedgnqPnsYOhOlbFBjRp5783kIS4dn7Mkg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 03:06:40 GMT

GET
H2 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 157 KB
44 KB 41ms
41ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.116&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

80aa70e4006cd0ed120f285abf27a418ee66b1d2726f3cbfc17a81944b42ed8f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 24 Jul 2023 13:16:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 44621
x-xss-protection: 0
pragma: public
x-fb-debug: UzkVS+LhdewrD9WEmSlME2psEkv3N6yqC/3Z1udJ8mtuKgugLPTs/gwABtW015975L/cOXxmSJsgVwMW2BtATA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 325141786_6140032619364934_7377705774471631398_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-6/ Frame 4B3D 16 KB
17 KB 43ms
42ms Image
image/jpeg 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t39.30808-6/325141786_6140032619364934_7377705774471631398_n.jpg?stp=dst-jpg_s350x350&_nc_cat=104&ccb=1-7&_nc_sid=dd9801&_nc_ohc=fqncOua2kiEAX8gFSp0&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AfCzVRxZYnleVX9bx-Ud6dNuYjDe2-8bLgGjteMpnoFZbA&oe=64C39685
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 0912eb76845cca43ec976e9bc886ca3f240697afb98c9ec95ec6c34fa32a8a71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
x-storage-error-category: dfs:none;sc_p:200:WSE_NOT_SET
last-modified: Fri, 13 Jan 2023 04:15:10 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=1433450679
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 2910780274
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 16853

GET
H2 200 305964663_450890893727816_1742559653774706626_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-1/ Frame 4B3D 1 KB
2 KB 42ms
41ms Image
image/jpeg 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t39.30808-1/305964663_450890893727816_1742559653774706626_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=iWZCewOJ1s8AX-B5XOz&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AfA0t6w19fs4b5MmPCG0uITUj1Sh3thk9yAnIqYvX8_-ag&oe=64C45055
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 4636fb9df5ae103fbad3764c9f98400be1c9384cbe77fdb6951b96adcac788b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-haystack-needlechecksum: 760809244
date: Mon, 24 Jul 2023 13:16:55 GMT
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Thu, 08 Sep 2022 19:16:03 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=2540016234
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 88386505
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 1345

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
142 B 47ms
46ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=149700051&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FqZ40Kn&ul=en-us&de=UTF-8&dt=Home&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=371202867&gjid=2110098885&cid=1747776942.1690204615&tid=UA-102456694-1&_gid=156654488.1690204615&_r=1&_slc=1&z=1011243170

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 39ms
39ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=149700051&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FqZ40Kn&ul=en-us&de=UTF-8&dt=Home&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=3&el=ODAuMjU1LjcuMTA5&ev=1&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1747776942.1690204615&tid=UA-102456694-1&_gid=156654488.1690204615&z=1130492195

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 17:47:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 70173
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
240 B 146ms
52ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je37j0&_p=149700051&cid=1747776942.1690204615&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690204615&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FqZ40Kn&dt=Home&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/ 385 KB
122 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f98d2733f3cacaf5152fd4d55f778410f391312016cadb5162545357302cdee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 12:49:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1670
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125179
x-xss-protection: 0
server: cafe
etag: 2430563369519042680
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 23 Jul 2024 12:49:05 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
344 B 145ms
48ms XHR
text/plain 2a00:1450:400c:c0a::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-102456694-1&cid=1747776942.1690204615&jid=371202867&gjid=2110098885&_gid=156654488.1690204615&_u=IEBAAEAAAAAAACAAI~&z=1173443676

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
106 B 40ms
39ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FqZ40Kn&rl=&if=false&ts=1690204615233&sw=1600&sh=1200&v=2.9.116&r=stable&ec=0&o=28&fbp=fb.1.1690204615230.1913001953&cs_est=true&it=1690204615122&coo=false&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 24 Jul 2023 13:16:55 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 131ms
41ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 07:56:05 GMT
content-encoding: gzip
age: 624050
x-guploader-uploadid: ADPycdsuws19q6gut2HVw5Cbtoy2R9nMFWEkfsW4j28cg71BlAh_maBVLR9J0a9wek9aI3l80Gjw2adcfLZSJ2do6Qt7pQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Tue, 16 Jul 2024 07:56:05 GMT

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
581 B 41ms
40ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
content-encoding: br
age: 7012
x-jsd-version: master
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
x-served-by: cache-fra-eddf8230054-FRA
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 124ms
40ms Script
text/javascript 2600:9000:2250:3000:a:e047:753:be1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:3000:a:e047:753:be1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: null
Date: Mon, 24 Jul 2023 00:56:56 GMT
Via: 1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
Last-Modified: Thu, 04 May 2023 00:14:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 44400
x-amz-server-side-encryption: AES256
ETag: "4d5acbf33f4a0592ac0515db92fe88e6"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Amz-Cf-Id: GMK2lFtl4_wCBWfsPiAhkCc6IDlUlhjpQKYzDfd1niIe9JNwjs1VAg==

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 191ms
92ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b118568858df50612fa3591132d6d6bb41ddf00f8c74ad8cccd16e5510691aad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Jul 2023 13:25:47 GMT
server: nginx
etag: W/"64ad585b-a980"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 25 Jul 2023 13:16:55 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 386 KB
73 KB 727ms
727ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3060682546675321&correlator=3597676594223988&eid=31072020&output=ldjh&gdfp_req=1&vrg=202307180101&ptt=17&impl=fifs&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C13847%2C13848%2C13856%2C14210%2C14209&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6&prev_iu_szs=728x90%7C970x90%2C300x250%2C300x250%2C300x250%2C1x1%7C320x50%7C300x100%7C320x100&ifi=1&adks=81851380%2C1013739151%2C827794272%2C3242553145%2C3271617715&sfv=1-0-40&cust_params=url%3D%252FqZ40Kn%26ref%3Dnull&sc=1&cookie_enabled=1&abxe=1&dt=1690204615394&lmt=1690204615&adxs=245%2C1005%2C245%2C625%2C245&adys=505%2C108%2C108%2C108%2C358&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C0%7C0&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Freurl.cc%2FqZ40Kn&frm=20&vis=1&psz=1140x90%7C380x250%7C380x250%7C380x250%7C1140x50&msz=1110x90%7C350x250%7C350x250%7C350x250%7C1110x50&fws=0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0&ga_vid=1747776942.1690204615&ga_sid=1690204615&ga_hid=149700051&ga_fc=true&dlt=1690204614562&idt=779

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

467927ec440c2f85c2641a5d07114a33d31cbb8ddb79ccce57ebdb98741c86cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74465
x-xss-protection: 0
google-lineitem-id: -1,-2,-1,-1,6297899953
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-2,-1,-1,138432362607
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 686A 6 KB
3 KB 192ms
74ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:55 GMT
expires: Tue, 23 Jul 2024 13:16:55 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 528ms
527ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3060682546675321&correlator=3597676594223988&eid=31072020&output=ldjh&gdfp_req=1&vrg=202307180101&ptt=17&impl=fifs&iu_parts=21787810958%2CTW_reurl.cc_res_all_truvid_1x1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C336x280%7C1x1&ifi=6&adks=3261691140&sfv=1-0-40&cust_params=url%3D%252FqZ40Kn%26ref%3Dnull&sc=1&cookie_enabled=1&abxe=1&dt=1690204615438&lmt=1690204615&adxs=1353&adys=1197&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Freurl.cc%2FqZ40Kn&frm=20&vis=1&psz=195x-1&msz=195x-1&fws=512&ohw=0&ga_vid=1747776942.1690204615&ga_sid=1690204615&ga_hid=149700051&ga_fc=true&dlt=1690204614562&idt=779

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e702dad0ef7627203e9205122b46f86444d55d242b9c21d45f3fcc9a3b1c5cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9569
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 156ms
65ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102456694-1&cid=1747776942.1690204615&jid=371202867&_u=IEBAAEAAAAAAACAAI~&z=293566546

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 156ms
65ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102456694-1&cid=1747776942.1690204615&jid=371202867&_u=IEBAAEAAAAAAACAAI~&z=293566546

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 DQ_Institute_1.jpg
mma.prnasia.com/media2/2159742/ 69 KB
70 KB 154ms
50ms Image
image/jpeg 2606:4700::6810:fd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mma.prnasia.com/media2/2159742/DQ_Institute_1.jpg?p=medium600
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:fd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 40025e3b0c40ba1c7a0ff3d5842978e163b0fd0019fb68ef00ac0007024eac84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
cf-cache-status: HIT
age: 43422
x-powered-by: ASP.NET
server-timing: intid;desc=1609357effc9f5e2
content-length: 70939
cf-bgj: h2pri
last-modified: Mon, 24 Jul 2023 01:09:30 GMT
server: cloudflare
vary: *, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
cf-ray: 7ebc70bf68192c52-FRA
access-control-allow-headers: Content-Type
expires: Mon, 24 Jul 2023 01:09:31 GMT

GET
H2 200 1690179452-f753c3a75140ef4445b7e6826161c842-840x525.png
img.gbyhn.com.tw/2023/07/ 514 KB
515 KB 165ms
46ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.gbyhn.com.tw/2023/07/1690179452-f753c3a75140ef4445b7e6826161c842-840x525.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05a278937ccfa46dd25fe7410b68ce5c475cd052118b0e3dd7106311a5b82938

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 22127
alt-svc: h3=":443"; ma=86400
content-length: 525943
last-modified: Mon, 24 Jul 2023 06:17:34 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iaHFt8cY6IZC3AJ8Uxq10Np%2B2RWM1btW6X%2BljSTWl53xMn7rW1fwkNOSZPs%2FCGEAnebjQeZBC5e4Y4tdqYErynP3geyZG%2B%2FDGJ3xz4cr8syWpIzilMB3CKpIvR5wU3PnmhGGph1OoGptx%2B2oaYut"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 7ebc70bf8dd0190d-FRA
expires: Mon, 31 Jul 2023 06:18:47 GMT

GET
H2 200 renews-title1.png
re-news.tw/images/ 24 KB
24 KB 1499ms
514ms Image
image/png 35.185.136.122
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://re-news.tw/images/renews-title1.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.136.122 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 122.136.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
last-modified: Sun, 28 Nov 2021 04:19:19 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "61a30347-5fad"
content-length: 24493
content-type: image/png

GET
H2 200 2023-JCB-%E6%82%A0%E9%81%8A%E8%81%AF%E5%90%8D%E5%8D%A1%E6%8E%A8%E8%96%A6-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2023/01/ 49 KB
49 KB 1105ms
209ms Image
image/webp 192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2023/01/2023-JCB-%E6%82%A0%E9%81%8A%E8%81%AF%E5%90%8D%E5%8D%A1%E6%8E%A8%E8%96%A6-1080x630.jpg?crop=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e6478184fe5d7ab4f3bad23a1d02c3331f979cf4fa2a38eaf2ea6e53f54f391b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-ac: 2.hhn _atomic_ams BYPASS
content-length: 50242
x-nc: HIT bur 4
last-modified: Fri, 06 Jan 2023 05:17:15 GMT
server: nginx
etag: "b4e9d9083d48d6d5"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
expires: Sun, 05 Jan 2025 17:17:15 GMT

GET
H2 200 file.png
static.wixstatic.com/media/8d2acb_954e5c332ae047efae8d07fd42bdb93c~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 1019 KB
1020 KB 149ms
45ms Image
image/png 2600:9000:225e:fe00:1e:5c56:d400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wixstatic.com/media/8d2acb_954e5c332ae047efae8d07fd42bdb93c~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:fe00:1e:5c56:d400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.21.4.1 /
Resource Hash: 6f63de21e26f445c7c0f186381154203aedc6f21075f5f8cd557767d523df556

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-seen-by: image-manipulator-6b469b496d-tqc69
date: Sun, 23 Jul 2023 12:51:02 GMT
via: 1.1 google, 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
server: openresty/1.21.4.1
x-amz-cf-pop: FRA60-P4
age: 87953
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=15552000, immutable
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: vODTVJxiS4mf9cB2DqveIKePsFJgGYl6XSoqtEjixhIN-orgJZ6L8Q==
content-length: 1043145
wix-tracer: 2SyR6s5Pf0QDRCTvVUgbv9rI3bf

GET
H2 200 %E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
blog.alphaloan.co/wp-content/uploads/2021/04/ 180 KB
181 KB 320ms
203ms Image
image/jpeg 192.0.78.187
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.187 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

90102b36c17b8182fcb580b55b917d4807fb037df4dd104a6815ad305e2bea20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams BYPASS
last-modified: Thu, 27 Apr 2023 05:06:22 GMT
server: nginx
etag: "644a02ce-2d1f7"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 184823
expires: Mon, 31 Jul 2023 13:16:55 GMT

GET
H2 200 ContiBit-%E4%BA%A4%E6%98%93%E6%89%80%E8%A8%BB%E5%86%8A%E6%95%99%E5%AD%B8%EF%BC%8C%E6%95%99%E4%BD%A0%E7%94%B3%E8%B3%BC-Richwell-DeFITs-%E5%9B%BA%E5%AE%9A%E6%94%B6%E7%9B%8A-8-%E7%90%86%E8%B2%A1%E7%94...
www.rayskyinvest.com/wp-content/uploads/2023/03/ 31 KB
31 KB 216ms
58ms Image
image/webp 35.244.153.44
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rayskyinvest.com/wp-content/uploads/2023/03/ContiBit-%E4%BA%A4%E6%98%93%E6%89%80%E8%A8%BB%E5%86%8A%E6%95%99%E5%AD%B8%EF%BC%8C%E6%95%99%E4%BD%A0%E7%94%B3%E8%B3%BC-Richwell-DeFITs-%E5%9B%BA%E5%AE%9A%E6%94%B6%E7%9B%8A-8-%E7%90%86%E8%B2%A1%E7%94%A2%E5%93%81-750x375.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.244.153.44 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 44.153.244.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4952d97c9013418be3e4b014391c113cfe60624487dcbd14e13c1d8fa10fb66b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Mon, 24 Jul 2023 13:16:55 GMT
expires: Tue, 23 Jul 2024 12:15:00 GMT
last-modified: Thu, 30 Mar 2023 16:44:53 GMT
server: nginx
etag: "6425bc85-7a08"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 31240
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 1672766450-7-scaled.jpg
i0.wp.com/golike.tw/wp-content/uploads/2023/01/ 487 KB
488 KB 129ms
39ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/golike.tw/wp-content/uploads/2023/01/1672766450-7-scaled.jpg?fit=2560%2C1920&ssl=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

81a83ad8c65b893ec909609444e653b7e0be9395ccf59016e03284e0d1a13844

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
last-modified: Mon, 09 Jan 2023 09:08:26 GMT
server: nginx
etag: "42053212710e4c28"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://golike.tw/wp-content/uploads/2023/01/1672766450-7-scaled.jpg>; rel="canonical"
content-length: 498450
expires: Wed, 08 Jan 2025 21:08:26 GMT

GET
H3 200 UXtr_j2Fwe-.png
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ Frame 4B3D 573 B
710 B 40ms
39ms Image
image/png 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/XOxOgXCiYa-.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/XOxOgXCiYa-.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 573
x-fb-debug: X6/tYJRsIFV1cfBUL8We8QYwHzd4/MW7IXoTqtV/UdhZcWQDlb4Hp8k92gX6DuHPhpoP4G9meRSYGtBX4WkfpA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 19 Jul 2024 03:44:37 GMT

GET /
www.facebook.com/platform/plugin/tab/renderer/ Frame 4B3D 0
0

POST
H3 200 / Show response
www.facebook.com/platform/plugin/page/logging/ Frame 4B3D 907 B
645 B 67ms
67ms XHR
application/x-javascript 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/platform/plugin/page/logging/

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/ym/l/de_DE/y2It1Jv-7us.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

61575c5364dc3bc941a4b8e88534e2e4708ef90374e778f1550e41946775a1f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

X-FB-LSD: i6yoN9ofcQ6GWW6_puTNAW
Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
X-ASBD-ID: 129477
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 24 Jul 2023 13:16:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
pragma: no-cache
x-fb-debug: 65neVQ//qqJLURTZWvG/JuE/w4SpZfHaSuq6KWlgah4X7U/z3GAbueRX6JNN1z6FkyX6NONXh3mGJHh1ZRDShA==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-methods: OPTIONS
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
priority: u=1,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/pages/call_to_action/fetch_dialog_data/ Frame 4B3D 907 B
638 B 69ms
69ms XHR
application/x-javascript 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/pages/call_to_action/fetch_dialog_data/?id=136500184423162&surface=pagePlugin&unit_type=VIEWER

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/ym/l/de_DE/y2It1Jv-7us.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d2b32e3ccaa605a631618f2407fe64e5d958d9f1b0cc6a9a3550dea7043ba2e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

X-FB-LSD: i6yoN9ofcQ6GWW6_puTNAW
Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
X-ASBD-ID: 129477
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 24 Jul 2023 13:16:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
pragma: no-cache
x-fb-debug: +1F9M3UZGRIpE4FdHGjZtrSTGpodOLxtT6EWGupzjHAqxRKUIgkl55Xzag5O/KaJlFhnlvDvL165I2PrXSQbJA==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-methods: OPTIONS
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
priority: u=1,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 1igfs7II_g6.png
static.xx.fbcdn.net/rsrc.php/v3/yd/r/ Frame 4B3D 12 KB
12 KB 41ms
40ms Image
image/png 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/1igfs7II_g6.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/5Efu-Dd9ERG.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e13547eec8879c9b576c2e06837303ad06ea15905d4eb075291ff21686a5b3da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/5Efu-Dd9ERG.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
content-md5: Bsv/k/2TeJemYEeLUt4www==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12027
x-fb-debug: KYIcT6s45hqD1wl+fFb41mKuGMMhDS+yYDmMC8ZwMBO3SYjcLL9uXCepW5SaXVs/AtB2Ga37coX+jy0nTxGFIA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 18 Jul 2024 20:50:30 GMT

GET
H3 200 xgVgalBG80z.png
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ Frame 4B3D 1 KB
1 KB 41ms
41ms Image
image/png 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/xgVgalBG80z.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/XOxOgXCiYa-.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/XOxOgXCiYa-.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
content-md5: rB4cTW8WNZcBsFntToJGtA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1315
x-fb-debug: oqhkzCZVtOnmEZwQTiqm8YVmG11vsNg8VGr2RUg1RdHF6baMZYhPGd6l7QzjttxO+XT8r8EpoC3bd19dvq2kbQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 20 Jul 2024 05:24:50 GMT

GET
H2 200 Zj4GuFghQl4.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 4B3D 12 KB
4 KB 42ms
41ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/Zj4GuFghQl4.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/1t_e1hNxdjZ.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d8c52fe5bb662564ab7edf0abe01a2202dcc36eaa71ce6a465cd64210c4eb2c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: dBSAisRg2e2k/EbKxbTt7g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3450
x-fb-debug: Hehhbk4anBE7FoguiGysAGr0aHcURLM5uQV98ldoCl3IuLmNxMqM4tAkbrQBVPebS+H2q4LfT46UmP7M8uZbQg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 11 Jul 2024 18:38:20 GMT

GET
H2 200 G3kdwaXLR3L.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y-/r/ Frame 4B3D 338 KB
73 KB 41ms
41ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/G3kdwaXLR3L.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/1t_e1hNxdjZ.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

95ad21ece3e78be200d21b17a9b278c4e4447f258f6318434ecefb2ef7a5e561

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 892tl3fD2DU+E+CEVy7dTw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 74831
x-fb-debug: 3id3Gqmeu0vfNsjU9+KqJyQjfVQrVA4U0Sd61VPm5OH/kGnF2s293M9DRxFiD2AOaBNxOycp8htqOgH2KeGN0Q==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 20 Jul 2024 02:35:19 GMT

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FqZ40Kn&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FqZ40Kn&rid=esp&cc=1

85 B
202 B

151ms
151ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FqZ40Kn&rid=esp&cc=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: ece1e1ac21839e3b4b1b239f5442d90eba86b430211681a375f6e9e212ec88b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-uXlyewbeuxhI2wRnWRQAKARD0Y4"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Mon, 24 Jul 2023 13:16:55 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://reurl.cc
location: /esp?url=https%3A%2F%2Freurl.cc%2FqZ40Kn&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 204 events
bidder.criteo.com/csm/ 0
79 B 183ms
58ms Ping
text/plain 2a02:2638:d::a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 3C53 15 KB
6 KB 152ms
53ms Document
text/html 2a02:2638:d::d
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::d , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

645709dcb09b2700fd5a5938dbdf783ac90a88334e5104041db53302441f33e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:55 GMT
server: Kestrel
server-processing-duration-in-ticks: 239857
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 OZcLupMIkEN.js Show response
static.xx.fbcdn.net/rsrc.php/v3/ya/r/ Frame 4B3D 198 B
389 B 40ms
40ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/ya/r/OZcLupMIkEN.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/1t_e1hNxdjZ.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

31f2f76d99d19fe98a0917f2b785a37c683b85fae29d66dd476ffa84c9a999fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:55 GMT
x-content-type-options: nosniff
content-md5: gixzAcHA/hBBjzjO9Ez8tQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 198
x-fb-debug: lqwey0M+DftLYT/yItEwEqbH/XtZH8KEQfCUfFwFReXk0K5XVE2rsz5e7Gh3PC0j9Pt1Y7SyE7MBhJHZ2zgBwg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 18 Jul 2024 19:29:32 GMT

GET /
www.facebook.com/login/ Frame 4B3D 0
0

GET
H3 200 /
www.facebook.com/login/ Frame 4B3D 0
0 147ms
146ms Document
text/html 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FCreditCards.com.tw%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/1t_e1hNxdjZ.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 24 Jul 2023 13:16:55 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 9ngaeBKy2jx02LK/GKsgW3R8xW5l53Bc8UGBRcx2mAI3S++R/FtbSpOgn+YRtWIYt2LAYw9oXdAenGaB3FIg+g==
x-frame-options: DENY
x-xss-protection: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 3C53
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=uaGT-HxKNnpoeTU5cjMzMHU5bElBUVBmZFpjNEdVMGRtc2kzVTZMdzQrS1d0Q2dKVzJ4VitRWTlMMXRNaDA1ejNmV1ZOSysrbVZvaHNxNERqbzFaOHI0eWNtZElVbkYvUkJ5eTBMK2VkQW0zelpOSlVQb00rcnBua2lqN3...

425 B
646 B

160ms
51ms

Fetch
application/json

178.250.7.13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=uaGT-HxKNnpoeTU5cjMzMHU5bElBUVBmZFpjNEdVMGRtc2kzVTZMdzQrS1d0Q2dKVzJ4VitRWTlMMXRNaDA1ejNmV1ZOSysrbVZvaHNxNERqbzFaOHI0eWNtZElVbkYvUkJ5eTBMK2VkQW0zelpOSlVQb00rcnBua2lqN3l2VDNWQk1aUE5Tb012RE1ZNTBrTmNzakJNOUc3WGlUcE5GQnUvLzJIaWFHNjFMMEk2cm5YekVEb0hOYkJHdjE5UnlyWkY1Ymp5ZG05RHZIelZRR2xLb1QrNTdJM2lhMXUxbjdyWDMzdmVVODE3RTlqenJBSk5vQ1poQ1pXb0swVkhxaVRKOWk2TythNVEyQ0NqRmhHTjZjT2huNEhWUT09fA&cppv=2

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Server

178.250.7.13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3045e1032d7280fb4aa09324b80abf73e6bb28251746675eea5c20b9aefb23f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:55 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1307832
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:54 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=uaGT-HxKNnpoeTU5cjMzMHU5bElBUVBmZFpjNEdVMGRtc2kzVTZMdzQrS1d0Q2dKVzJ4VitRWTlMMXRNaDA1ejNmV1ZOSysrbVZvaHNxNERqbzFaOHI0eWNtZElVbkYvUkJ5eTBMK2VkQW0zelpOSlVQb00rcnBua2lqN3l2VDNWQk1aUE5Tb012RE1ZNTBrTmNzakJNOUc3WGlUcE5GQnUvLzJIaWFHNjFMMEk2cm5YekVEb0hOYkJHdjE5UnlyWkY1Ymp5ZG05RHZIelZRR2xLb1QrNTdJM2lhMXUxbjdyWDMzdmVVODE3RTlqenJBSk5vQ1poQ1pXb0swVkhxaVRKOWk2TythNVEyQ0NqRmhHTjZjT2huNEhWUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 211194
content-length: 0
expires: 0

GET
H2 200 container.html Show response
3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7B5D 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:55 GMT
expires: Tue, 23 Jul 2024 13:16:55 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame E6EF 0
176 B 137ms
49ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Mon, 24 Jul 2023 13:16:56 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 / Show response
t.ssp.hinet.net/ 37 B
401 B 271ms
271ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

ce53728625ab396b659bff5841790017f22c857e475fe3f8d1af4bbe83e655bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0A20 624 B
557 B 83ms
81ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJXmOhCTqWIY3vqy7gEwAQ&v=APEucNWC6uywtNlLhv_CnGLxs1r3kSITNShB9z0OC0PXpXglnkeqC7z1lYr5IK8GIoAuPdo57HiOWo9XmOqOrGTmH0emoJ4L6vFByUzUsOWOwmHk1s9BuXMmGsLICfMXL94rvy-ESESmT1xmIrAjiqsnWQJOzJJf_Q15YtY4u8mwhez0l7py26w

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:56 GMT
expires: Mon, 24 Jul 2023 13:16:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7B5D 85 KB
29 KB 296ms
204ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b5c05892bdce212e19d0503253b600faaeedca47fa2db97964d412c8c11934e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29781
x-xss-protection: 0
server: cafe
etag: 4315658989838864570
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:56 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5D 42 B
401 B 232ms
140ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AxZq2TS2WH5XBMetlFiXefPO0CGUCzoA2552uz0wecvFhsNIJTY8hNKPL9RMY4HGqG6lnTElImyul-OxEaC5r0GHQmLXMoyd5hFZHqLOW0sk7TDlI

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5D 0
58 B 235ms
143ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11609389541979659098&x=1&ct=76

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 7B5D 3 KB
1 KB 49ms
47ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:05:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 658
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Aug 2023 13:05:58 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 7B5D 20 KB
8 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7B5D 179 KB
57 KB 161ms
70ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:56 GMT

GET
H3 200 container.html Show response
3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B55E 6 KB
3 KB 41ms
41ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:55 GMT
expires: Tue, 23 Jul 2024 13:16:55 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FC91 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:55 GMT
expires: Tue, 23 Jul 2024 13:16:55 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AA37 6 KB
3 KB 40ms
40ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:55 GMT
expires: Tue, 23 Jul 2024 13:16:55 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame DFBD 0
0 77ms
76ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss2fK3_vp745wqDftvBdyzMf94bnKHgfQGekapBtvU6IYlGDQf1_3omtvtjRjTe3sMSGvTlPPjnwrwJ-XstY5vF1MGGbZUxXbeSa5EzWoOzwjHAzo_V4fPxR9Jmimzox1zLom_WmfUcIb9oWfEGH6nrNL4Yg0JoRQpmjprBZbkzgJWiuQ648jejw7BJDs729NySauBzxSA5um3Rb5eAgYpMXFS1hDrWTbjModI5_yz2stjaCr-ruyK-QHpjUjQeAdoB8FlNYrgvYalF2gQyFC5CFr9FJFczWDyMUM4M3z3OPenzci5VPFeGsy5xzCh25zCNUqlsAHrljiVuD2m7oDtjlH6iOA6nSU_f6RU&sai=AMfl-YSBOPQ_Gb4uBx0Frcp0SF9NS3Lgcw4TfirshRpZbgl2YbJDTDYufu84Yok-TYWOHFeV-MFRRyB3swr0evfYSOeg0XOZXZ30520croLpnjDLTcd1ViVj4WmvdfpXzj0FqEGvwBb1jQodW53jV9E&sig=Cg0ArKJSzDxNV15prhd6EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame DFBD 6 KB
7 KB 186ms
43ms Script
application/javascript 2600:9000:2250:8200:0:e06c:e940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:8200:0:e06c:e940:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a77307b2dfa0e7694ebfb97a463efbb12226cc5129564980c6a7567a067aadad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: ehC5gg8F2v5AriSc.dl1LMUzDf8c5S0M
date: Mon, 24 Jul 2023 13:16:09 GMT
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
last-modified: Fri, 21 Jul 2023 03:27:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 48
x-amz-server-side-encryption: AES256
etag: "f6fe0b803eea86021c9c6143adc9ad77"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 6329
x-amz-cf-id: _9DiVwcH-96xOdsj2AMjU4ZInvJdb3Ao5wY-lK9DhbdYnxKMhNV4Fw==

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DFBD 179 KB
56 KB 123ms
123ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:56 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0A20
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1&C=1

43 B
632 B

44ms
44ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJXmOhCTqWIY3vqy7gEwAQ&v=APEucNWC6uywtNlLhv_CnGLxs1r3kSITNShB9z0OC0PXpXglnkeqC7z1lYr5IK8GIoAuPdo57HiOWo9XmOqOrGTmH0emoJ4L6vFByUzUsOWOwmHk1s9BuXMmGsLICfMXL94rvy-ESESmT1xmIrAjiqsnWQJOzJJf_Q15YtY4u8mwhez0l7py26w
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 24 Jul 2023 13:16:56 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 24 Jul 2023 13:16:56 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0A20
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZL55yMKkADhwJdA9yVDR5AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1

43 B
766 B

42ms
42ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJXmOhCTqWIY3vqy7gEwAQ&v=APEucNWC6uywtNlLhv_CnGLxs1r3kSITNShB9z0OC0PXpXglnkeqC7z1lYr5IK8GIoAuPdo57HiOWo9XmOqOrGTmH0emoJ4L6vFByUzUsOWOwmHk1s9BuXMmGsLICfMXL94rvy-ESESmT1xmIrAjiqsnWQJOzJJf_Q15YtY4u8mwhez0l7py26w
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 24 Jul 2023 13:16:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHW02Fkj-WYBSHgOuavhMMA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 0A20
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAqUKe8smsJ8Po2jbJ34lFo&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAqUKe8smsJ8Po2jbJ34lFo%26google_cver%3D1

43 B
888 B

48ms
47ms

Image
image/gif

185.89.210.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAqUKe8smsJ8Po2jbJ34lFo%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJXmOhCTqWIY3vqy7gEwAQ&v=APEucNWC6uywtNlLhv_CnGLxs1r3kSITNShB9z0OC0PXpXglnkeqC7z1lYr5IK8GIoAuPdo57HiOWo9XmOqOrGTmH0emoJ4L6vFByUzUsOWOwmHk1s9BuXMmGsLICfMXL94rvy-ESESmT1xmIrAjiqsnWQJOzJJf_Q15YtY4u8mwhez0l7py26w

Protocol

Server

185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
an-x-request-uuid: ff1e95e3-d995-42ca-8796-a60e11fc9df1
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.109; 80.255.7.109; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
an-x-request-uuid: a57e4b89-d3c9-48c3-8887-6ec79b46e41f
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAqUKe8smsJ8Po2jbJ34lFo%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.109; 80.255.7.109; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0A20
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzA5NjgyNzkwMTYxMDE0Mzc1Nw%3D%3D

170 B
243 B

54ms
53ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzA5NjgyNzkwMTYxMDE0Mzc1Nw%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
an-x-request-uuid: d8386232-7cfe-458b-89df-853e3f034335
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzA5NjgyNzkwMTYxMDE0Mzc1Nw%3D%3D
x-proxy-origin: 80.255.7.109; 80.255.7.109; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame B55E 4 KB
705 B 144ms
53ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 24 Jul 2023 13:00:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 24 Jul 2023 13:16:56 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame B55E 2 KB
892 B 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/ Frame B55E 23 KB
9 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/abg_lite_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

463947d0709c9f435ed523b82dd8bbccf1ea8c25dc8f08900c90c51948210665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9071
x-xss-protection: 0
server: cafe
etag: 4587423269125806604
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame B55E 3 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 17:48:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70084
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 17:48:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame B55E 20 KB
8 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B55E 179 KB
56 KB 106ms
105ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:56 GMT

GET
H2 200 39d4397462e2693449f221f9915f9e59.js Show response
www.gstatic.com/mysidia/ Frame B55E 33 KB
14 KB 145ms
47ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/39d4397462e2693449f221f9915f9e59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67edbe1fe2a38ebf16fc36b42cc267e37f18629ec79feae7a177178bf6e24d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173606
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14179
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 20:41:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 13:03:30 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FC91 4 KB
1 KB 102ms
51ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 24 Jul 2023 13:06:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 24 Jul 2023 13:16:56 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame FC91 2 KB
892 B 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/ Frame FC91 23 KB
9 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/abg_lite_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

463947d0709c9f435ed523b82dd8bbccf1ea8c25dc8f08900c90c51948210665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9071
x-xss-protection: 0
server: cafe
etag: 4587423269125806604
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame FC91 3 KB
1 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 17:48:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70084
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 17:48:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame FC91 20 KB
8 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FC91 179 KB
56 KB 95ms
94ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:56 GMT

GET
H2 200 39d4397462e2693449f221f9915f9e59.js Show response
www.gstatic.com/mysidia/ Frame FC91 33 KB
14 KB 154ms
90ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/39d4397462e2693449f221f9915f9e59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67edbe1fe2a38ebf16fc36b42cc267e37f18629ec79feae7a177178bf6e24d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173606
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14179
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 20:41:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 13:03:30 GMT

GET
H3 200 5343177519946908776
tpc.googlesyndication.com/gpa_images/simgad/ Frame B55E 71 KB
71 KB 79ms
78ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/5343177519946908776

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2cc059918f651f888970a38f954978d75bda97cfe0e4c7a475e1df09eab1365

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 12:31:15 GMT
x-content-type-options: nosniff
age: 175541
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72762
x-xss-protection: 0
last-modified: Sat, 15 Jul 2023 07:23:57 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Jul 2024 12:31:15 GMT

GET
H3 200 5161436360089847629
tpc.googlesyndication.com/gpa_images/simgad/ Frame B55E 101 KB
101 KB 53ms
52ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/5161436360089847629

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb90e7e62356f01c39599caf410f7a3da61beabc98f984fe1c73cd54b64566f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 11:44:26 GMT
x-content-type-options: nosniff
age: 523950
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103651
x-xss-protection: 0
last-modified: Sun, 30 Apr 2023 22:27:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 Jul 2024 11:44:26 GMT

GET
H3 200 15343139522595259047
tpc.googlesyndication.com/gpa_images/simgad/ Frame B55E 55 KB
55 KB 89ms
88ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/15343139522595259047

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c884a5d1652fba65b3ce99b98377f24752519730bbc48a5dbe2e8904c36bc44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 14:56:46 GMT
x-content-type-options: nosniff
age: 166810
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56430
x-xss-protection: 0
last-modified: Sun, 30 Apr 2023 22:55:18 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Jul 2024 14:56:46 GMT

GET
H3

200

4091503581208051288
tpc.googlesyndication.com/simgad/ Frame B55E
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL
https://tpc.googlesyndication.com/simgad/4091503581208051288

107 KB
107 KB

41ms
40ms

Image
image/png

2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4091503581208051288

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 14:59:17 GMT
x-content-type-options: nosniff
age: 166659
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109931
x-xss-protection: 0
last-modified: Wed, 23 Oct 2019 12:45:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Jul 2024 14:59:17 GMT

Redirect headers

date: Sun, 23 Jul 2023 21:42:03 GMT
x-content-type-options: nosniff
server: cafe
age: 56093
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/4091503581208051288
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 22 Aug 2023 21:42:03 GMT

GET
DATA 200
OK truncated
/ Frame FC91 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

624907996767536446
tpc.googlesyndication.com/simgad/ Frame FC91
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r
https://tpc.googlesyndication.com/simgad/624907996767536446

8 KB
8 KB

44ms
44ms

Image
image/png

2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/624907996767536446

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 19:41:58 GMT
x-content-type-options: nosniff
age: 149698
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8502
x-xss-protection: 0
last-modified: Tue, 09 Apr 2019 09:00:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Jul 2024 19:41:58 GMT

Redirect headers

date: Mon, 24 Jul 2023 09:30:34 GMT
x-content-type-options: nosniff
server: cafe
age: 13582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/624907996767536446
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 23 Aug 2023 09:30:34 GMT

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ 30 B
271 B 272ms
272ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=f9cd014e-968c-4461-9128-3aa1aac0333c

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 css
fonts.googleapis.com/ Frame AA37 4 KB
728 B 80ms
52ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 24 Jul 2023 12:17:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 24 Jul 2023 13:16:56 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame AA37 2 KB
892 B 82ms
82ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/ Frame AA37 23 KB
9 KB 81ms
81ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/abg_lite_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

463947d0709c9f435ed523b82dd8bbccf1ea8c25dc8f08900c90c51948210665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9071
x-xss-protection: 0
server: cafe
etag: 4587423269125806604
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame AA37 3 KB
1 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 17:48:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70084
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 17:48:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame AA37 20 KB
8 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AA37 179 KB
56 KB 90ms
89ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:56 GMT

GET
H2 200 39d4397462e2693449f221f9915f9e59.js Show response
www.gstatic.com/mysidia/ Frame AA37 33 KB
14 KB 99ms
58ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/39d4397462e2693449f221f9915f9e59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67edbe1fe2a38ebf16fc36b42cc267e37f18629ec79feae7a177178bf6e24d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173606
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14179
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 20:41:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 13:03:30 GMT

GET
DATA 200
OK truncated
/ Frame AA37 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

4091503581208051288
tpc.googlesyndication.com/simgad/ Frame AA37
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL
https://tpc.googlesyndication.com/simgad/4091503581208051288

107 KB
107 KB

43ms
43ms

Image
image/png

2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4091503581208051288

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 14:59:17 GMT
x-content-type-options: nosniff
age: 166659
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109931
x-xss-protection: 0
last-modified: Wed, 23 Oct 2019 12:45:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Jul 2024 14:59:17 GMT

Redirect headers

date: Sun, 23 Jul 2023 21:42:03 GMT
x-content-type-options: nosniff
server: cafe
age: 56093
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/4091503581208051288
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 22 Aug 2023 21:42:03 GMT

GET
DATA 200
OK truncated
/ Frame B55E 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3c87b6edeb05f36e4b924c7b9d4168d99e2f6e70394ac06984aee6325c590c6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame FC91 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68074915bfa5cc29787af554c881b2a0b0519d930ca399ec19def00c0976548c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DFBD 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc15a40476f5b36c35bd644c43442bb4cda3a7ea333536e43985403c25dd4f21

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame AA37 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1edd09b2535636bf015c3acab43e041cf25f5efa0cb0a48a8d4992cfae43dd90

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5D 0
56 B 145ms
144ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6617530619212&version=m202306200101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5D 0
56 B 144ms
144ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6617530619212&version=m202306200101&ct=76&x=1&cor=11609389541979658000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7B5D 103 KB
40 KB 115ms
114ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A3DHM2uneSlymDUTVLfloc9RKPMpD_7_tD2X0qYkeTrC5qfO5MzueI_iuilUi0lEf6TL-8HAJ3RVUX03gQkoUZ-IL4c52X97cF9dszwMMUsfzgpS39ctJbsRmzW5SEsQEjmoezYAF56oUnQ6tqStZzZTUuHjnlH_ksVkRhG7WUA1ZQd5s&dbm_d=AKAmf-C_DxBF1-ox_vcM-Dlx3G7panEM_chuIVENq1jZm_kiAz3TVD29P-pnNAKNqVoDFrPbV17hshzXpEPANWzzn2Vb-pXe2R2DsQG2y7hlnPb0TUQHRFxoA4QgicrQpF8uRMBgJEz7BOtURURm1m5Us24vJathSHBdXqlKFYjaVb18V6_0BF2WsLJuVHbTxOm8lW69ICB4bJV2gZQAjccHixnTRLBAKlc8UQ0JkcnxmbCQxBnpv_pwTbovRAMnL4apUkCVca22pC9fH_fq1AOX0GFsdJLU1ZJwqb6i-xX-j60Bn-xyERnFLrfscwWkvxiCjDBjp2bPnQsmusAKb1jTBbJbOLQFleDXjQ9fUt3voBLCSj2ZCYYY_GVSzVntPuc9RiRDOFWZgPYjI2OjTSxIartapTJCpHyaOKss7_i93XeHUlOtoY8qrasqqUXgl1d7CnwlqL9RSULHjccLz9cWKsmWdlx5RJBUbl7KiYwWgMZdhzgm55NbGR1S_VWfNY3WGx-6ZnFxH_4BRdu_cb3WDFDRsUdBBVBEA-0xtenm-wCtevC_8Ml1joCEGHZ5vV58qCbAc81lTE5huaPXJrn_ZOQfMuhoimhsK7aAhRotDJG3Nn69uL4JcGoEHWVm8s79xSAk0RyFG7tcvLx-PrKYu1l-F__3_VEccZpDorbfs8UVcY49bWAYXkwzNOcFogYIqQqDwXW8DjMPIxk4D_Qs4USuFUiphuHlD9yWulPDKQpRRmSAB-su73bmDWsyGmeEBIAVgUAp1iExfOzl9pdG-5Mq2Zi8BgYsI09U6LRtYq3BF-jJqkZxus8_gC7n4ouZIIyEGW3HuCSoTxC5QUJX4Fmt3T6d0Uim_0HqYlLd5Ujezht46mWi2Fj4EpbeaQ22JQSCIScrtss6QOW_lKPa116LT7JnoUKqWEUaYrwumBeYckkkp3E7l4zd2sukP0E2OPkd8vhXVwXr7KWH5WZE-F5GPUgh25FPdP9lhZigfro9CSyoJYq1leUSnCSVtQFiEqiFDmiam7S_cp0S8aZTzUB_vtIQOZOUhByxq6WkebXAkCzxucRu4kC-F6IwuQwlvQs4L4JftBwZ4S8FqPsxAAN614-mtV8nbfIGBruwtXK6uqqoDhXBzbrmJffERGlJtOKbxO3xOol4qK0doOHkTfRe8uaI3wDdbbYqWYy3YDWncvuUtqsXxeZ1obZKVkTSEGR4h76Y9xCE5RIcXNeHAfJeR5mKcU1F9CX_pxMDV90XsnMryhn4ZBHYLaRaDMaBc6KfRxH_PtE70KwCbSrRp_iJbM2_RdLYGewdSFyP_exi9Gb1k9ZeUX7z34nFljYhnIZCkAtMjNEGmigG5tCB-ImA-z1NiNTdmGAi0W7M5trTZR2RKsB-9TWkqyj6A7O3cwCP4oHRHaJdUo9rZaQPUFTezlDLoUsTBBfCx2L5dfTFNhlqBfBCKIDeBkjLUVjJLNeNCwtKlGzGVmqCa1TnGLhqRDS7GO1PkAdbCuGV_gUzmE3DiXTo6t7R3z5VM0fY13sMz6umVb8fh6g24fNNC7z9fsTYXiD17HvOE8YJgRxHfCzSiG9Ozi0dXa4wIAGT0LjBkx1rRLJ8zES17ikGOetFKbQOXXnFBZ5mxxjFp468_b2Bv0ajcytmxQyB8Z2cNkxURJRSRr9JSYsL9Pl_G7HIBHuvLOz87iC3aXlBaRQ92A_jpqO7Va86E4ogdiLTc1RPT9RV6vZxJF77adMyKBUXFb_VxTAltIZwOdTV_NnT9UuVONXQjDW-sdugVAgYmlYUaXM5AsV6tLFGaFrd8-nm9MilvjyXQKdNTt1_6cU5elfSce9PRuO1cimAuT0xKzwblUkm3GO0dV-Bgb0pUfcmEwUhoP2ceCPM2Qo_C9d7F4T3bwm3cJfegrYV-w06GZuZMuUmP4QYfuAHP5Ypag7zLr6oMF_fJFMzVajxDgYmn1VxxP6D9DHXsuKV13z-5XRrzzJ_49NqemZQtMhHapocwCNhP1XqSKd1XR5a5wspOWsgwud0dDRz57e8nFo2u7SeX8uszqp02Qfma2ta62fq0pi7mK41Ks2dZTW2xY5Qcx6cT-rUllq9M3ijiABwMCzz4bYh-mCh0DMbwguqTvIo-s7rinLUVKSAbL33SgSHhkxLiNQ1uLP9MhMi8JeMSJdrD4t0s2cLp4Q6C2dxldWj-CkiedizR3OEwYOoHHOvqLS-RfBRJAmq1QTBBrYr3MiAXzlPSFHUTM_tKEH_4dSddgdSql4mSfYlqD8OVQWCG8AXESF7scirep_2n_2MQ_dWZdyMEq7aRckYcfheU_rv3WtnQtciP4_iE6fQxNS9dNm85jsk664Ni-Q61qaCm3Tu1EsFm-CCfvUT47Erv-sXkrr1oP5eB_Ep1w7bc1_EX5SptBJl-d5y9q0nbxzcnO8PkNkhYu6ksvCTZ3JaXCsHC9uvaZ5aCFHmbT-jyhuAHSD-Vs4OY-f25NQlg-q5IeluPqd2znjjkyQcUy0Aq0a3dhDjFN4lTXp8OCHJCNKEAU8zffnlDPuSrHRWZuQ-pO4XgtE1rKBSvbY_SoWfWqvd5_i3JsereFIl9IJ5sZ-h2_0qroO_37oMMp57vJQ5CGUfwV-icNNVKILxagpsd1DtsX3L8DMf2UVzllMOiWnfgLnRxUAWy2hQ9ZmBiYzcxK5QhZO9uAuLytesdi7kwsv3NgtOi-FoQGSGqV0D2PFwMGvhbGK5mMBATuk7FzLYMtJCZ98CRdwsdFCspJTG3ho95cnrv8QUL0qifP7ddWkH8gdCAMRN7YE1J2CzmSS0AAgF7rCwlbJNvjZZqqyklwu1kvbcE_YWx0rt8rdf1dHLcRfHv5CVRlZGWvCe-MLm1qMunaGITmxRBuFOQ7ym5mKeZLR-kPqPcQ1chOgTIiWgeECeu_zxfas9kM8DjDpyUSoURxRyLRqTWxe3vaYvA98NWwOSACH2T70FQLDCGq_-F0s-gR1S6GAV6YYar66Cpj5-j_kvlvmYfszr1yV_J9tNbeu8-ipLwlWE72hECNRsQQNs8fjawIHP2paZbgjGQNVUR2yrpc6fEdl7F-ADU7ib01c3_zzOQP1rlFpBPJTpe9Z56iq4aQzeH4UT9HAj_FNhshquh8B02f2UNkZUNFkegpa6jS0mE3-dS3T7D5wOCBRtHLDl-WI5azKxkgsZfOoPQvPaWnP2wDH-bRs1FfOkR8e_uFee_qLoPuJ0HnKBte2S4EfD60ETaJc4XTFE74ghdjc2z8SaGF_JBACx4UdDGK2oidhkCxiHOQRvhlScSU_uNKpvGMgMYrj4fXvC7VvRDfzO&cid=CAQSSwBpAlJW27YxyycgyXslx2R43BUoNeB8u_jYaUJbhNDkXlkDLYGkhVpsqTagm-1r7QT82I2FuE_dl26rx29Ta1a2Mbnmc7OP41-jjBgB&dv3_ver=m202306200101&rfl=https%3A%2F%2Freurl.cc%2F&ds=l&xdt=1&iif=1&cor=11609389541979658000&adk=250412560&idt=322&cac=0&dtd=20

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ace934a05cd159e6680e2b6825e8c62620a71959426e65e0845b0ef30ada6a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40418
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame E339 8 KB
8 KB 42ms
42ms Document
text/html 2600:9000:2250:8200:0:e06c:e940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:8200:0:e06c:e940:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4afcc52fb5e910a9cf7ccc4ec0052554cb02c36ba928f327543aaa3f4875c8e3

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 25
content-length: 8044
content-type: text/html
date: Mon, 24 Jul 2023 13:16:37 GMT
etag: "0b44aaded4ac035026960761287ca6f0"
last-modified: Tue, 18 Jul 2023 10:10:09 GMT
server: AmazonS3
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
x-amz-cf-id: kWOd8d7mXMVmSO9jw4z3RWol3FBuThk4pKkAlWSR8syU_ILiSoNs0A==
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: rSp6gV2DnV6BuelF1NBndEu6T09ZZ47E
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ Frame DFBD 662 B
1 KB 42ms
41ms Script
application/javascript 2600:9000:2250:8200:0:e06c:e940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:8200:0:e06c:e940:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: 50cz_pwrU5udMFo3kRS4xxzQYutiATyN
date: Mon, 24 Jul 2023 13:16:13 GMT
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
last-modified: Fri, 14 Jul 2023 03:29:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 44
x-amz-server-side-encryption: AES256
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 662
x-amz-cf-id: CsoDNb0xg9UeyVc2LL6i0kSTCfLuAcZMA9JPF7CszjxMuOsfx8BTtg==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame F551 8 KB
8 KB 44ms
44ms Script
application/javascript 2600:9000:2250:8200:0:e06c:e940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:8200:0:e06c:e940:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8afa10ead3b224b6b37146947e8b9d00ea7da22045c6b06d645fafa09c0c135

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: ybDivScCyHpadNBmEhHtC2lZoRiqGu5Z
date: Mon, 24 Jul 2023 13:16:48 GMT
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
last-modified: Fri, 21 Jul 2023 01:41:18 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 9
x-amz-server-side-encryption: AES256
etag: "b2485f9f7dcdc101f14e264ecdb9d315"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 7976
x-amz-cf-id: VDGPUTzPCEUvLFHCGj-SK5izjQZnoFFX6CCLl-0i6_wNCgVCmwgscA==

GET
H2 200 cm Show response
t.ssp.hinet.net/ 0
187 B 270ms
269ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=f9cd014e-968c-4461-9128-3aa1aac0333c

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
strict-transport-security: max-age=0
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 pixel
f9cd014e-968c-4461-9128-3aa1aac0333c.t.ssp.hinet.net/ 0
79 B 1492ms
267ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f9cd014e-968c-4461-9128-3aa1aac0333c.t.ssp.hinet.net/pixel?bd=f9cd014e-968c-4461-9128-3aa1aac0333c&t=a546ca&referrer=%25%25%20referrer%20%25%25

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:57 GMT
strict-transport-security: max-age=0
server: nginx
content-length: 0
content-type: image/png

GET
H2 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame B55E 21 KB
21 KB 175ms
86ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 06:34:45 GMT
x-content-type-options: nosniff
age: 110531
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Jul 2024 06:34:45 GMT

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame B55E 20 KB
20 KB 185ms
103ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:40:42 GMT
x-content-type-options: nosniff
age: 160574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 16:40:42 GMT

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame E533 0
218 B 848ms
276ms Document
text/html 18.178.181.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.178.181.226 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-181-226.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 24 Jul 2023 13:16:57 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 cm.php Show response
fcm.holmesmind.com/ Frame 44D2 39 B
182 B 256ms
139ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 24 Jul 2023 13:16:56 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame E339 409 B
632 B 866ms
262ms Script
application/javascript 52.197.92.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.197.92.130 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-197-92-130.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 24 Jul 2023 13:16:57 GMT
server: nginx/1.18.0 (Ubuntu)
content-type: application/javascript; charset=utf-8

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame E339 5 KB
3 KB 267ms
266ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

9c988e280a9af2e0bfc476f7ada40e1984db51651029927933b16de44400c28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:56 GMT
strict-transport-security: max-age=0
content-encoding: gzip
last-modified: Wed, 16 Nov 2022 03:58:03 GMT
server: nginx
etag: W/"63745fcb-142e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
expires: Mon, 24 Jul 2023 13:26:56 GMT

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame E339 0
217 B 934ms
361ms Image
text/html 18.178.181.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.178.181.226 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-178-181-226.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:57 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
content-type: text/html; charset=UTF-8

GET
H2

200

cm
c.holmesmind.com/ Frame E339
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
509 B

155ms
154ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:57 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Mon, 24 Jul 2023 13:16:56 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AA37 16 KB
16 KB 95ms
50ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 01:50:32 GMT
x-content-type-options: nosniff
age: 213984
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 01:50:32 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AA37 0
0 84ms
84ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_-sYx3m-ZP_IHtKT-wax-peABIz538Zt2JLe0YsMrcjK2sgbEAEg0syBGmCVyquCtAegAbC6odcDyAEJqQLFi-_zwZeyPuACAKgDAcgDywSqBOQBT9Cwz0YbW7Ivw3NHBgdWTuKr_52GF6GyzPYmi3DLm2EL037rJ5JvPu2RvjUL7X3rbzjqL_WuNNKp-eNpcEvw8p1nR5-QD19o3veIhZOsVWoKev9xGiB0GtA8N5XUPZxDocxkhiuglhQm5VU1O8GXlh070wqDCnN8_eryZFh0AU-zHqI0xgMIrcxhWv2-y3mhC8L3BVIIr7SqitaTirS4b4FrclHgynnEfHVnMwuF0_LY1ZyJfNE47Me60pU6OAzub5NnPl1oRt6oMixK0BppnhmqKCIH06rnGfxxmc8fVaW4oqmawATspL6erAPgBAGSBQQIBBgBkgUECAUYBKAGLoAHv9m9YKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBCIlBXSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDyAsB2BMMiBQD0BUBgBcBshceChwIABIUcHViLTQxMjY1NTQ3NzkzOTM5ODYY4swZ&sigh=GpgCv7al2V0&uach_m=[UACH]&cid=CAQSSwBpAlJW3pQxFT3XQhXLzocWp1MPc-m_iaG42CTuHeZhPBFrEtzvUj2dMsGypy3b71NJAldInXs0-dJeXpBY6sBrwQWKRv_NqlAaWRgB&template_id=494&cbvp=2&vis=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FC91 16 KB
16 KB 64ms
41ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 01:50:32 GMT
x-content-type-options: nosniff
age: 213984
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 01:50:32 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame F551 7 KB
1 KB 856ms
284ms Script
text/html 175.41.216.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=14209
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 175.41.216.229 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-175-41-216-229.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 67988687e1abdb7513a40ec60f8ed45c834949e86c1c9fa76983d00590ce0da4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 24 Jul 2023 13:16:57 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js Show response
pagead2.googlesyndication.com/bg/ Frame 5FCC 37 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:06:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14655
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Jul 2024 13:06:04 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1512463/72069454/ Frame 7B5D 249 KB
75 KB 191ms
57ms Script
application/javascript 52.30.88.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1512463/72069454/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1013433103&ias_pubId=pub-1310852604335254&ias_chanId=1&ias_placementId=20291930156&bidurl=https://reurl.cc/qZ40Kn&ias_dealId=549644393847793680&adsafe_par&ias_impId=v4~~ABAjH0gbCbRv_fy6YN9ryd0Q1U6Z
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.88.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-88-149.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2a2c004a5e7ed49db8f7321634194e2520b9c52a1933a9880f0bb63f8b0bb795

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:56 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 7B5D 111 KB
39 KB 149ms
40ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
Origin: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 08:46:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16209
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jul 2023 08:46:47 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/elements/html/ Frame 7B5D 11 KB
4 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A3DHM2uneSlymDUTVLfloc9RKPMpD_7_tD2X0qYkeTrC5qfO5MzueI_iuilUi0lEf6TL-8HAJ3RVUX03gQkoUZ-IL4c52X97cF9dszwMMUsfzgpS39ctJbsRmzW5SEsQEjmoezYAF56oUnQ6tqStZzZTUuHjnlH_ksVkRhG7WUA1ZQd5s&dbm_d=AKAmf-C_DxBF1-ox_vcM-Dlx3G7panEM_chuIVENq1jZm_kiAz3TVD29P-pnNAKNqVoDFrPbV17hshzXpEPANWzzn2Vb-pXe2R2DsQG2y7hlnPb0TUQHRFxoA4QgicrQpF8uRMBgJEz7BOtURURm1m5Us24vJathSHBdXqlKFYjaVb18V6_0BF2WsLJuVHbTxOm8lW69ICB4bJV2gZQAjccHixnTRLBAKlc8UQ0JkcnxmbCQxBnpv_pwTbovRAMnL4apUkCVca22pC9fH_fq1AOX0GFsdJLU1ZJwqb6i-xX-j60Bn-xyERnFLrfscwWkvxiCjDBjp2bPnQsmusAKb1jTBbJbOLQFleDXjQ9fUt3voBLCSj2ZCYYY_GVSzVntPuc9RiRDOFWZgPYjI2OjTSxIartapTJCpHyaOKss7_i93XeHUlOtoY8qrasqqUXgl1d7CnwlqL9RSULHjccLz9cWKsmWdlx5RJBUbl7KiYwWgMZdhzgm55NbGR1S_VWfNY3WGx-6ZnFxH_4BRdu_cb3WDFDRsUdBBVBEA-0xtenm-wCtevC_8Ml1joCEGHZ5vV58qCbAc81lTE5huaPXJrn_ZOQfMuhoimhsK7aAhRotDJG3Nn69uL4JcGoEHWVm8s79xSAk0RyFG7tcvLx-PrKYu1l-F__3_VEccZpDorbfs8UVcY49bWAYXkwzNOcFogYIqQqDwXW8DjMPIxk4D_Qs4USuFUiphuHlD9yWulPDKQpRRmSAB-su73bmDWsyGmeEBIAVgUAp1iExfOzl9pdG-5Mq2Zi8BgYsI09U6LRtYq3BF-jJqkZxus8_gC7n4ouZIIyEGW3HuCSoTxC5QUJX4Fmt3T6d0Uim_0HqYlLd5Ujezht46mWi2Fj4EpbeaQ22JQSCIScrtss6QOW_lKPa116LT7JnoUKqWEUaYrwumBeYckkkp3E7l4zd2sukP0E2OPkd8vhXVwXr7KWH5WZE-F5GPUgh25FPdP9lhZigfro9CSyoJYq1leUSnCSVtQFiEqiFDmiam7S_cp0S8aZTzUB_vtIQOZOUhByxq6WkebXAkCzxucRu4kC-F6IwuQwlvQs4L4JftBwZ4S8FqPsxAAN614-mtV8nbfIGBruwtXK6uqqoDhXBzbrmJffERGlJtOKbxO3xOol4qK0doOHkTfRe8uaI3wDdbbYqWYy3YDWncvuUtqsXxeZ1obZKVkTSEGR4h76Y9xCE5RIcXNeHAfJeR5mKcU1F9CX_pxMDV90XsnMryhn4ZBHYLaRaDMaBc6KfRxH_PtE70KwCbSrRp_iJbM2_RdLYGewdSFyP_exi9Gb1k9ZeUX7z34nFljYhnIZCkAtMjNEGmigG5tCB-ImA-z1NiNTdmGAi0W7M5trTZR2RKsB-9TWkqyj6A7O3cwCP4oHRHaJdUo9rZaQPUFTezlDLoUsTBBfCx2L5dfTFNhlqBfBCKIDeBkjLUVjJLNeNCwtKlGzGVmqCa1TnGLhqRDS7GO1PkAdbCuGV_gUzmE3DiXTo6t7R3z5VM0fY13sMz6umVb8fh6g24fNNC7z9fsTYXiD17HvOE8YJgRxHfCzSiG9Ozi0dXa4wIAGT0LjBkx1rRLJ8zES17ikGOetFKbQOXXnFBZ5mxxjFp468_b2Bv0ajcytmxQyB8Z2cNkxURJRSRr9JSYsL9Pl_G7HIBHuvLOz87iC3aXlBaRQ92A_jpqO7Va86E4ogdiLTc1RPT9RV6vZxJF77adMyKBUXFb_VxTAltIZwOdTV_NnT9UuVONXQjDW-sdugVAgYmlYUaXM5AsV6tLFGaFrd8-nm9MilvjyXQKdNTt1_6cU5elfSce9PRuO1cimAuT0xKzwblUkm3GO0dV-Bgb0pUfcmEwUhoP2ceCPM2Qo_C9d7F4T3bwm3cJfegrYV-w06GZuZMuUmP4QYfuAHP5Ypag7zLr6oMF_fJFMzVajxDgYmn1VxxP6D9DHXsuKV13z-5XRrzzJ_49NqemZQtMhHapocwCNhP1XqSKd1XR5a5wspOWsgwud0dDRz57e8nFo2u7SeX8uszqp02Qfma2ta62fq0pi7mK41Ks2dZTW2xY5Qcx6cT-rUllq9M3ijiABwMCzz4bYh-mCh0DMbwguqTvIo-s7rinLUVKSAbL33SgSHhkxLiNQ1uLP9MhMi8JeMSJdrD4t0s2cLp4Q6C2dxldWj-CkiedizR3OEwYOoHHOvqLS-RfBRJAmq1QTBBrYr3MiAXzlPSFHUTM_tKEH_4dSddgdSql4mSfYlqD8OVQWCG8AXESF7scirep_2n_2MQ_dWZdyMEq7aRckYcfheU_rv3WtnQtciP4_iE6fQxNS9dNm85jsk664Ni-Q61qaCm3Tu1EsFm-CCfvUT47Erv-sXkrr1oP5eB_Ep1w7bc1_EX5SptBJl-d5y9q0nbxzcnO8PkNkhYu6ksvCTZ3JaXCsHC9uvaZ5aCFHmbT-jyhuAHSD-Vs4OY-f25NQlg-q5IeluPqd2znjjkyQcUy0Aq0a3dhDjFN4lTXp8OCHJCNKEAU8zffnlDPuSrHRWZuQ-pO4XgtE1rKBSvbY_SoWfWqvd5_i3JsereFIl9IJ5sZ-h2_0qroO_37oMMp57vJQ5CGUfwV-icNNVKILxagpsd1DtsX3L8DMf2UVzllMOiWnfgLnRxUAWy2hQ9ZmBiYzcxK5QhZO9uAuLytesdi7kwsv3NgtOi-FoQGSGqV0D2PFwMGvhbGK5mMBATuk7FzLYMtJCZ98CRdwsdFCspJTG3ho95cnrv8QUL0qifP7ddWkH8gdCAMRN7YE1J2CzmSS0AAgF7rCwlbJNvjZZqqyklwu1kvbcE_YWx0rt8rdf1dHLcRfHv5CVRlZGWvCe-MLm1qMunaGITmxRBuFOQ7ym5mKeZLR-kPqPcQ1chOgTIiWgeECeu_zxfas9kM8DjDpyUSoURxRyLRqTWxe3vaYvA98NWwOSACH2T70FQLDCGq_-F0s-gR1S6GAV6YYar66Cpj5-j_kvlvmYfszr1yV_J9tNbeu8-ipLwlWE72hECNRsQQNs8fjawIHP2paZbgjGQNVUR2yrpc6fEdl7F-ADU7ib01c3_zzOQP1rlFpBPJTpe9Z56iq4aQzeH4UT9HAj_FNhshquh8B02f2UNkZUNFkegpa6jS0mE3-dS3T7D5wOCBRtHLDl-WI5azKxkgsZfOoPQvPaWnP2wDH-bRs1FfOkR8e_uFee_qLoPuJ0HnKBte2S4EfD60ETaJc4XTFE74ghdjc2z8SaGF_JBACx4UdDGK2oidhkCxiHOQRvhlScSU_uNKpvGMgMYrj4fXvC7VvRDfzO&cid=CAQSSwBpAlJW27YxyycgyXslx2R43BUoNeB8u_jYaUJbhNDkXlkDLYGkhVpsqTagm-1r7QT82I2FuE_dl26rx29Ta1a2Mbnmc7OP41-jjBgB&dv3_ver=m202306200101&rfl=https%3A%2F%2Freurl.cc%2F&ds=l&xdt=1&iif=1&cor=11609389541979658000&adk=250412560&idt=322&cac=0&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 09:26:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13808
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Aug 2023 09:26:48 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/ Frame 7B5D 30 KB
11 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cf6b0041792515d9036fad75e278ddc885672587d77908729cc9b5d66ca3dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 18:10:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11528
x-xss-protection: 0
server: cafe
etag: 1206305422853166885
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 18:10:04 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7B5D 41 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 21:41:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 401732
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jul 2024 21:41:24 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FC91 0
0 86ms
85ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CFEMKx3m-ZP7IHtKT-wax-peABL2Npq9v582vrL8OitGj7b4BEAEg0syBGmCVyquCtAegAbC6odcDyAEJqQLFi-_zwZeyPuACAKgDAcgDywSqBOQBT9Cf9n6skSfS4s0NKu6iW7YbacMsg5qHPse4bArPgTpxw2L71SDiJr1_D9qx4QuLBr12Ll1scieFjEkhKhDxoBiMOuE3ONylkpnJphOwygV73YwR2bKCmViWsS9lBMRmEjZXBBOeS0LkBeLDXO1z2uEPejuRt8ppioX6Gti2bwWmtajxmI7Enh9U4qylICxJDAzWBdvwbBwwoTInWffjq0T97l3ElT9YG78aVw9UDjdkzCBdeNBfeAWIG5bp5lgkqSirm5calBqoAK43rf5RwJgILlpcGA9KNnOlEOvIqrWAluCbwAT5nKmq4APgBAGSBQQIBBgBkgUECAUYBKAGLoAHxfetPqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBCE9xPSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDyAsB2BMMiBQC0BUBgBcBshceChwIABIUcHViLTQxMjY1NTQ3NzkzOTM5ODYY4swZ&sigh=xOkP2467CGc&uach_m=[UACH]&cid=CAQSSwBpAlJW3pQxFT3XQhXLzocWp1MPc-m_iaG42CTuHeZhPBFrEtzvUj2dMsGypy3b71NJAldInXs0-dJeXpBY6sBrwQWKRv_NqlAaWRgB&template_id=494&cbvp=2&vis=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 7B5D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c885128f0f90211d04e254799bb67f1e0686cec66d9bbe0b10e6a9e1dba7db4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js Show response
pagead2.googlesyndication.com/bg/ Frame B593 37 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:06:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14655
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Jul 2024 13:06:04 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B55E 0
0 83ms
83ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CiUpxx3m-ZPzIHtKT-wax-peABIz538Zt2JLe0YsMrcjK2sgbEAEg0syBGmCVyquCtAegAbC6odcDyAEJqQLFi-_zwZeyPuACAKgDAcgDywSqBN0BT9DD1OICuSo7Y0wcJDRubwlke8b49sNer29QMgYK6xnpCmSNL-3BlCVEDi8VMXoXDIdk9hF6dlciK1cVpJnCGLry6B25NSAY2eYZBDAryKMzzn3CYZmg7Pu95JeAuEny0S297VgkqFVWvkMqjb4mHsTvTDA0wUZCdT_uTLu6Tb7_UPQoYvW9w80MLLkT_dZX7PyeN0cqwdS4HNhY-qErnvP3lZNPS3BlQmpy6tiQVrYHO5705TIj7Y1-MCalG-337RN4zwMSTao_QRGcDQCNK5ISsF34NepiU4UH1pPABOykvp6sA-AEAZIFBAgEGAGSBQQIBRgEoAYugAe_2b1gqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEPqwDdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgPICwHYEwyIFAPQFQGAFwGyFx4KHAgAEhRwdWItNDEyNjU1NDc3OTM5Mzk4NhjizBk&sigh=qYqGGvHhwg0&uach_m=[UACH]&cid=CAQSSwBpAlJW3pQxFT3XQhXLzocWp1MPc-m_iaG42CTuHeZhPBFrEtzvUj2dMsGypy3b71NJAldInXs0-dJeXpBY6sBrwQWKRv_NqlAaWRgB&template_id=494&cbvp=2&vis=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H3 200 vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C2D 37 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:06:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14655
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Jul 2024 13:06:04 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 80C2 22 KB
8 KB 41ms
41ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 11:24:46 GMT
expires: Tue, 23 Jul 2024 11:24:46 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame E339 36 B
407 B 270ms
270ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

bc8c4b072fd0f0c5fb8f38493834f4b1957faa8bfad139d255babccce79671ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:57 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13125690698918494302/ Frame F8A2 4 KB
1 KB 121ms
40ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3543ec2e8dc70f600eb11ee43aa7f493fa9c639c319e9d571d038c84b52d5014

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 511078
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1317
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 18 Jul 2023 15:18:59 GMT
expires: Wed, 17 Jul 2024 15:18:59 GMT
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7B5D 0
0 192ms
84ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssxTZrWIwpIHx1gBDZQFAahA3hOAZjAdPQM1NuaDKcu9c6d2ID7Sc--UL_U4yj4hEM7hqjvfk0kJMbdKgZrQf6eZ__mylIadmz77nNX9mmptzvc1jPlzYf3d8Mlg2ROYRWlyT1bah49zD8XUOA827oWdD8hp0fFhnSWvgu60s8w8CHxJI_7SCbsQT6kTcJvnv5Yjt_wC0PvK2Z7cIMzY45249ZmZ8qb6KLIY8wyBYjsw-ZS_CPy7V3EXq7qby0_iAhapHQ1KRKFj92pJhaMtfoJAWT5X7W2f3bKTNu1C6-2KMGK36RBOZAFh-2Xvy7bd4mM099mLITMlGW63A14hZLphU5ZGlQhWMm4KsEyVpQ7HFkRkZRNv7bTrtJ9hKO-7pXGkouKtLigI9uLdDNnl0LD56Anj32ismM9NiAuFjkNqwZ3OYjY50Jiflkvso3fZYTJgZ-j8aYcevFswGqBM47o9nae-8irIwU3xvdUzIJgE440t2AU7Ja2zF3AEJT_NomGKsHoLPC_WgJhcKyuz0_4_kj6PWiFNfyAojl4qntb4jRNyJ8-iHEnINMpWB-DXxCoSd0TBcBSqG0D02KQoIN4CZyrAgnqginmwpHoPQHlaePOEfbGBlYWLBiYuDtakiOJ_cKvmGaSYLvLvygUEzp5oGgZCBvbTa3th0oQAW8d3EYNSI_Gyc_XXYeVdx6Szb5VdGAHXM8j6Mi2n3O9SvC825hkbzPFX_IUgWOa8eDXHFxO-LvtmL_E60_mzpENaR_OO4xq-i_KjA3t6UjLeZy-4VP9g_lO_b7vwmvzQ1VFd2dIWf_7icER3BJlzjk63EXal-yCHyhI2EVBWCHZd_MktgYEHuOEXPaybUQxMi3a8_4Be1gDdhrMnjFrZ4jylyxf-N5G_loPQk1pHKC4UaTqt2WrZVGg1kzAlt3klPvwzrAgaFHd7X4gCB2viEB-8uMNUGQ9unYofDX2fY55WWilh3uiBYN6wbFPrEqz1mOoYbBTlu3O1irJe9Dy9KFa8VtO269_lXILMebWozza2dTzFe9xKJ-kAqFUzyWPb9RTqsZEJ6005eOddfigGHe9leKxBdEEaw5GLnT7uxYw-CnT9PIOyoaaF9dg6OHycTQIjraovRP6fWWCVugapH4lwwNiWnOL4O6rJjf5Mrm2GHNYhkf9VRDgHU6PGtrgFeTKBoxr2eWySrpeoARkaedWG6jJYDGgvpcFq5RmuFN7_NIMForf6V22MvqpROm1X7k-wVu8QnP2HIZOGC-f18O2TQ&sai=AMfl-YRLhuqR1U3YAr-qHo6YRSqYKCyKMzCc0y7SY0gUVRxo5lQ83B18F06bUx6eFERYVOOs7XkPtx2rynAfPbkOZsPNSTae3FSFHMocD_Jv42Gp9C707qzt8mL99BG1vFj8eW36SwSR2xrGhUVdugHQGvTvDnx9T39dEa7w_QWcyciMH3lGY4ti13SaZdYSxINPRefYBaXjHDAKvPSsjJm4RL7t90hYH3t1IcDYyv8Y0uZj3hDqjlEnCWl0JHp2sKvwqHjkh1_BKfx2Z56HC2nRVX0lDhky-nuiGXTfYfhL6TlmWgr-45htXPIK&sig=Cg0ArKJSzPqY0oJIDM4fEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=411&cbvp=1&cstd=407&cisv=r20230719.89629&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 24 Jul 2023 13:16:57 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:57 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 7B5D
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1512463/72069454/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1013433103&ias_pubId=pub-1310852604335254&ias_chanId=1&ias_placementId=20291930156&bidurl=ht...
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}&adContainerId=brand_safety_yHm-ZKjuJc6XjuwP1YuM2As&cbFunctionName=goog_wrapCb_yHm-ZKjuJc6XjuwP1YuM2As&true_pb=https%3A%2F%2Fstatic.adsa...

1 KB
1 KB

78ms
49ms

Script
application/javascript

2600:9000:223f:1c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}&adContainerId=brand_safety_yHm-ZKjuJc6XjuwP1YuM2As&cbFunctionName=goog_wrapCb_yHm-ZKjuJc6XjuwP1YuM2As&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js
Requested by: Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:223f:1c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:15:35 GMT
x-amz-version-id: C3DOxT9tBkGxYVtBTndBahfgjeGsI.gF
content-encoding: gzip
via: 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 252083
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Fri, 21 Jul 2023 15:15:33 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: PpiP3XlyUg3xRGccig9ltlnTsLuFNRCD57mdyXdAG8znQS4hfEO4CQ==

Redirect headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:57 GMT
server: nginx
x-server-name: app19.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}&adContainerId=brand_safety_yHm-ZKjuJc6XjuwP1YuM2As&cbFunctionName=goog_wrapCb_yHm-ZKjuJc6XjuwP1YuM2As&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 462A 91 KB
23 KB 150ms
45ms Script
application/javascript 2600:9000:223f:1c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:1c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 26430041
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: AkqyflMMffjB9B1J8bp0tQcZgQZ6ltgWDcxIG0z0Cn5yep_oIkigdQ==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7B5D 43 B
215 B 405ms
119ms Image
image/gif 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1512463&asId=80e4badc-b792-cc2c-eb6c-e960d18c8e24&tv=%7Bc:ji3RbF,pingTime:-3,time:83,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:43%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:83,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:42,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B72~0%5D,as:%5B72~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tKVUk9K+11%7C12%7C13%7C14*.1512463-72069454%7C141%7C142%7C143%7C15%7C161%7C171%7C181%7C1911%7C1912%7C192,idMap:14*,rmeas:1,rend:0,renddet:DIV,siq:44%7D&br=c
Requested by: Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:57 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7B5D 43 B
215 B 400ms
118ms Image
image/gif 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1512463&asId=80e4badc-b792-cc2c-eb6c-e960d18c8e24&tv=%7Bc:ji3RbH,pingTime:-6,time:85,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:85,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:42,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B74~0%5D,as:%5B74~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tKVUk9K+11%7C12%7C13%7C14*.1512463-72069454%7C141%7C142%7C143%7C15%7C161%7C171%7C181%7C1911%7C1912%7C192,idMap:14*,rmeas:1,rend:0,renddet:DIV,siq:44%7D&tpiLookup=ao:reurl.cc*&br=c
Requested by: Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:57 GMT
server: nginx
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js Show response
pagead2.googlesyndication.com/bg/ Frame 80C2 37 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:06:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 653
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14655
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Jul 2024 13:06:04 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7B5D 43 B
216 B 396ms
117ms Image
image/gif 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1512463&asId=80e4badc-b792-cc2c-eb6c-e960d18c8e24&tv=%7Bc:ji3RbN,pingTime:-2,time:91,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1223,beZ:1225,mfA:1228,cmA:1230,inA:1231,inZ:1237,prA:1237,prZ:1259,si:1266,poA:1268,poZ:1296,cmZ:1296,mfZ:1296,loA:1307,loZ:1311,ltA:1313,ltZ:1314%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:43%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:91,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:42,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B80~0%5D,as:%5B80~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tKVUk9K+11%7C12%7C13%7C14*.1512463-72069454%7C141%7C142%7C143%7C15%7C161%7C171%7C181%7C1911%7C1912%7C192,idMap:14*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:DIV,siq:44,sinceFw:45,readyFired:true%7D&br=c
Requested by: Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:57 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 style.css
s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/ Frame F8A2 2 KB
514 B 41ms
40ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10eee3e0630c3ec9d83927e39db9b412ea08f8c94fdf134b0894cba97c293849

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 08:22:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 363289
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 485
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 Jul 2024 08:22:08 GMT

GET
H2 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.20.4/ Frame F8A2 113 KB
33 KB 135ms
50ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.4/TweenMax.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ba1b9960f6bcc2d49080931ddd405a8fda579f905c7094d567d2b5823ae7970

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 998113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 33534
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-1c274"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rCZl%2BOv9MJJ7UBUH42RG2mk4QjUZMk7TRINON%2F7U1tVXzK54jV%2F4hns%2B1uNhn2mslyEEPTzgNZ5vPPJz0a5CJGE3hx8vwWO9leoGQU9pdTnKvft5fA6fV%2F9giwwp3%2FYR%2FKHX2Ic4fihLhaangeqY9FS3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7ebc70cae99b9122-FRA
expires: Sat, 13 Jul 2024 13:16:57 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/13125690698918494302/javascripts/ Frame F8A2 2 KB
788 B 41ms
40ms Script
application/x-javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/javascripts/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c588956eaa29edeaf91c75cfb160009bdfae2176df3d0cfe3c1fb388ed39783a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 17:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330410
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 759
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 Jul 2024 17:30:07 GMT

GET
H3 200 logo02.png
s0.2mdn.net/sadbundle/13125690698918494302/images/ Frame F8A2 9 KB
9 KB 40ms
40ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/images/logo02.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab43203ab1381240c7e3ed3d2df11ab5231a141265a1cff1d1ad600be194e1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 17:29:30 GMT
x-content-type-options: nosniff
age: 416847
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9093
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jul 2024 17:29:30 GMT

GET
H3 200 symbol.png
s0.2mdn.net/sadbundle/13125690698918494302/images/ Frame F8A2 2 KB
2 KB 43ms
42ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/images/symbol.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96709a5a10bdb0093ac9d15ba2669f29cfed584e385fb83520288c635074df9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 18:12:02 GMT
x-content-type-options: nosniff
age: 414295
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2514
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jul 2024 18:12:02 GMT

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/13125690698918494302/images/ Frame F8A2 16 KB
16 KB 68ms
67ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/images/bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55cf07a0c9e1fe961ad1fb7d9b58554812a9df0e3fec9cc5bcccd41051e5b2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 17:42:15 GMT
x-content-type-options: nosniff
age: 502482
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16081
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jul 2024 17:42:15 GMT

GET
H3 200 push01.png
s0.2mdn.net/sadbundle/13125690698918494302/images/ Frame F8A2 10 KB
10 KB 58ms
57ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/images/push01.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efcf21ec442a44a02bccf28f46d0af24a9ff9a71487e515448ca29dc7017bf41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 12:04:53 GMT
x-content-type-options: nosniff
age: 349924
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10226
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 Jul 2024 12:04:53 GMT

GET
H3 200 push01b.png
s0.2mdn.net/sadbundle/13125690698918494302/images/ Frame F8A2 8 KB
8 KB 50ms
49ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/images/push01b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bf535b6357d664dbe0b41ad2cf74e2f00a18f7501cf939c39d0560303e7aab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 10:19:34 GMT
x-content-type-options: nosniff
age: 356243
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8594
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 Jul 2024 10:19:34 GMT

GET
H3 200 name.png
s0.2mdn.net/sadbundle/13125690698918494302/images/ Frame F8A2 2 KB
2 KB 80ms
79ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/images/name.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4575ca3c3884db71f180dafedec17edb6d4f303af9323718e45844aef490654

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 12:50:29 GMT
x-content-type-options: nosniff
age: 519988
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1805
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jul 2024 12:50:29 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/13125690698918494302/images/ Frame F8A2 1 KB
1 KB 67ms
66ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/images/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

787eb0b8a47f314a9e63e5b07b9f0042521c69bd4bc1126ca798e55428e476ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 08:54:33 GMT
x-content-type-options: nosniff
age: 102144
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1217
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jul 2024 08:54:33 GMT

GET
H3 404 legal.png
s0.2mdn.net/sadbundle/13125690698918494302/images/ Frame F8A2 43 B
64 B 469ms
468ms Image
image/gif 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/images/legal.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:57 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
expires: Mon, 24 Jul 2023 13:16:57 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/13125690698918494302/images/ Frame F8A2 6 KB
6 KB 43ms
42ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13125690698918494302/images/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f920c7edaf3b1f00d7b5fdbbd4823adfb3c7823954867a0b119d04270394238d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13125690698918494302/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 12:50:29 GMT
x-content-type-options: nosniff
age: 519988
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6015
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 13:28:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jul 2024 12:50:29 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame E339 171 KB
46 KB 41ms
41ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5facf3ca997fd8a7658579d40b8bc44a659e12df5b45b2f1f1713f987b86366c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 24 Jul 2023 13:16:57 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46993
x-xss-protection: 0
pragma: public
x-fb-debug: CPUcPh/O4FrIq8v4t2MfW9PVt2vTu5xElYtlD+EAsrpU6573WuI+vlL4NIL1e7RYR3xV3d+b9uCOZhflJppduQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame F551 2 KB
1 KB 355ms
329ms Script
text/html 175.41.216.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc&n=655&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=3310-X7pqoIpXy4shFsA0x8Q2CnkmlFb0x8Ip&fp_uuid=3310-4909f65d78db72a209db767eae21e49972fb3db1ae0a75dca9a51ca0f1d50711&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 175.41.216.229 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-175-41-216-229.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: bde57df8b0262c098eef0a46abb024d139f0ff5be5a010d7f258bb0dc3f649c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 24 Jul 2023 13:16:57 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame F551 6 KB
7 KB 43ms
43ms Script
application/javascript 2600:9000:2250:8200:0:e06c:e940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:8200:0:e06c:e940:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 17b74954021249d3b59e7ab8c8248edc265666ee65127c8f01825f0ada0adcc2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: u3L28Xt1KqU76H00EInRZdWnsemjGRZo
date: Mon, 24 Jul 2023 13:16:10 GMT
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
last-modified: Fri, 14 Jul 2023 03:28:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 49
x-amz-server-side-encryption: AES256
etag: "d653bf20e2f03cb602105cbd317c55ed"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 6650
x-amz-cf-id: 445J7AFbaij6fW1aNdvUySqh6fckJgByW9voJxjTnMqpZE5nMw6BMw==

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 80C2 0
20 B 146ms
146ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BEFAryHm-ZKjuJc6XjuwP1YuM2AsAAAAAOAHgBAI&bg=!Z2SlZDDNAAZsPphkTD47ADkAdvg8WqIh7NXwPv3Oows-9Ky7uDLNeCDCFeuqPpo4mK8QetQXrj0hGHbZxTS8RgoWt_A9j14WK-YCAAAA_VIAAAAOaAEHmQNODPY-2J7ZyT2kiiw50b60NgiJp6op-U4ibCqfCaNQn2ZG52C-2OXAjm7oY4ZBz9CVdPDJmNDAdUsxRDg8AHUUlnDsw2AWsf5UI-1td6Ubc37qBwW_Uvwil0OHFmMpOs4efGXTdvXnjA1Dprqiurn4pGWnC5RExmHLbgiBlKl8l3cL0FwWEMh7rCrTbRvoNyfd-N62IHjCA_WxNZ8QcASstSkJglypxSurBiaOWdEDnZaWMVTnTR0XOQkP0dH9lJCBtfTVw_7cjbrD2i_6rMwbk1tMxOS32JgVkXRyS0iwjpkUdm9n9GXjW9O4CIs-Fu67l-Yo_QTbxfuyOL5DOtTHGOBXbw04OginYcz40q-5BhIYV3pFBlb7KYF03SYnJx-xYFrHKETxJUuIR1P-XS23vB7HAMIjQtoYWH21MSrv513Go-8-Erz06M5lf_rJoxHkBA6ccxyahrRdNOS2WxBuXaVIQIbKo1dSvVxLqOTCevU1dnHpZ9wJ_n8W1e9m7alE94I3I1V3N6tZ1vuuncZzdq0UvLXkdFF2E6MHn5lT_0ZkJNd87qOBX-QCx9tsISLSvD2Y7gWMbMy-tcQnFFM13akAflVWICzBx2WXCUGTYVkHOkwriDhzbrd45LHdqP7bb4iV2_-UtsWsuIjMV6Oca_AHHl0jaQ9VH47oh02G61wf-t3tBRBUyUCn-_OJ7zCJguQCtka4l5KwiKnRD406oIW-J39laeHD71VF0TzCkh3Y0lK9xRTYKkHb7LfHdhNyKiP3xe_hoCi6HZ_IEv6nmVR8mfMk1z0cbdw_2vKZ0-gTnIVK0Vrn1rE8GBCg2-rxU8NmY-UEMas1-iUfX-VpHKp-Q5nqt9wCmHWlF-dkmUlkbnOYgcl9TdrHS8pwsm43lPOT2yNFvkHLsCUiY2mh55h1HZqhwa_lyxe2hM2ayD3Jv6wA29Lw66mdXzbPyQIqsFvwnNvOg8J95lihlFwsA4tbAndIA2_45qHwnOzTXBblq-gkk1aNDUygyQciXD1LHkN9CnrGd5JWR_3H4O0c98XDDDY99AMFtGQU5nyswK4llY8Q0JMDvDUo-BQB642wazQbFtJ8wrO0r5J6KNSKVGX2cXc71qPOeYdaxFP6

Requested by

Host: 3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
URL: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame F551
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=jqJbha0GCDa-qFcyy3m-ZA

2 B
159 B

309ms
308ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=jqJbha0GCDa-qFcyy3m-ZA
Protocol: H2
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:59 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Mon, 24 Jul 2023 13:16:59 GMT
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: nginx
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: null
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=jqJbha0GCDa-qFcyy3m-ZA
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AA37 42 B
64 B 228ms
147ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstgHDKEDI2XaSAQvKXx2j_8RMgY-cd9wQa0MuHD-ouGwCLvVKKGhlaoTI3aIlZ_fkSfTH6BjbZG8fLu5wsnxj8lsLyF7nCjzOnXQfStcCARB64ltGV6Rg4Yq1XpyKFTsGl7DPQWQMMsQGZF&sai=AMfl-YSaKll6uFeYCK-9Ug4Mc3oB5aNFtCozyjdYPyPFQd7wFT2664FwlA4SPArw5-KLH3117oLkLc85coqdQJs32x1CW1cxxjMfoct76g6EopQU6YxrgpjoncnyBDf8RcWA0Q7fI90RcxrMDIwt&sig=Cg0ArKJSzFZT_gtRvxwxEAE&cid=CAQSSwBpAlJW3pQxFT3XQhXLzocWp1MPc-m_iaG42CTuHeZhPBFrEtzvUj2dMsGypy3b71NJAldInXs0-dJeXpBY6sBrwQWKRv_NqlAaWRgB&id=lidar2&mcvt=1001&p=108,650,358,950&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3242553145&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690204616259&rpt=453&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7B5D 0
0 78ms
77ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssxTZrWIwpIHx1gBDZQFAahA3hOAZjAdPQM1NuaDKcu9c6d2ID7Sc--UL_U4yj4hEM7hqjvfk0kJMbdKgZrQf6eZ__mylIadmz77nNX9mmptzvc1jPlzYf3d8Mlg2ROYRWlyT1bah49zD8XUOA827oWdD8hp0fFhnSWvgu60s8w8CHxJI_7SCbsQT6kTcJvnv5Yjt_wC0PvK2Z7cIMzY45249ZmZ8qb6KLIY8wyBYjsw-ZS_CPy7V3EXq7qby0_iAhapHQ1KRKFj92pJhaMtfoJAWT5X7W2f3bKTNu1C6-2KMGK36RBOZAFh-2Xvy7bd4mM099mLITMlGW63A14hZLphU5ZGlQhWMm4KsEyVpQ7HFkRkZRNv7bTrtJ9hKO-7pXGkouKtLigI9uLdDNnl0LD56Anj32ismM9NiAuFjkNqwZ3OYjY50Jiflkvso3fZYTJgZ-j8aYcevFswGqBM47o9nae-8irIwU3xvdUzIJgE440t2AU7Ja2zF3AEJT_NomGKsHoLPC_WgJhcKyuz0_4_kj6PWiFNfyAojl4qntb4jRNyJ8-iHEnINMpWB-DXxCoSd0TBcBSqG0D02KQoIN4CZyrAgnqginmwpHoPQHlaePOEfbGBlYWLBiYuDtakiOJ_cKvmGaSYLvLvygUEzp5oGgZCBvbTa3th0oQAW8d3EYNSI_Gyc_XXYeVdx6Szb5VdGAHXM8j6Mi2n3O9SvC825hkbzPFX_IUgWOa8eDXHFxO-LvtmL_E60_mzpENaR_OO4xq-i_KjA3t6UjLeZy-4VP9g_lO_b7vwmvzQ1VFd2dIWf_7icER3BJlzjk63EXal-yCHyhI2EVBWCHZd_MktgYEHuOEXPaybUQxMi3a8_4Be1gDdhrMnjFrZ4jylyxf-N5G_loPQk1pHKC4UaTqt2WrZVGg1kzAlt3klPvwzrAgaFHd7X4gCB2viEB-8uMNUGQ9unYofDX2fY55WWilh3uiBYN6wbFPrEqz1mOoYbBTlu3O1irJe9Dy9KFa8VtO269_lXILMebWozza2dTzFe9xKJ-kAqFUzyWPb9RTqsZEJ6005eOddfigGHe9leKxBdEEaw5GLnT7uxYw-CnT9PIOyoaaF9dg6OHycTQIjraovRP6fWWCVugapH4lwwNiWnOL4O6rJjf5Mrm2GHNYhkf9VRDgHU6PGtrgFeTKBoxr2eWySrpeoARkaedWG6jJYDGgvpcFq5RmuFN7_NIMForf6V22MvqpROm1X7k-wVu8QnP2HIZOGC-f18O2TQ&sai=AMfl-YRLhuqR1U3YAr-qHo6YRSqYKCyKMzCc0y7SY0gUVRxo5lQ83B18F06bUx6eFERYVOOs7XkPtx2rynAfPbkOZsPNSTae3FSFHMocD_Jv42Gp9C707qzt8mL99BG1vFj8eW36SwSR2xrGhUVdugHQGvTvDnx9T39dEa7w_QWcyciMH3lGY4ti13SaZdYSxINPRefYBaXjHDAKvPSsjJm4RL7t90hYH3t1IcDYyv8Y0uZj3hDqjlEnCWl0JHp2sKvwqHjkh1_BKfx2Z56HC2nRVX0lDhky-nuiGXTfYfhL6TlmWgr-45htXPIK&sig=Cg0ArKJSzPqY0oJIDM4fEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1059&vt=11&dtpt=648&dett=3&cstd=407&cisv=r20230719.89629&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 24 Jul 2023 13:16:57 GMT

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame F551 5 KB
3 KB 267ms
267ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

9c988e280a9af2e0bfc476f7ada40e1984db51651029927933b16de44400c28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:57 GMT
strict-transport-security: max-age=0
content-encoding: gzip
last-modified: Wed, 16 Nov 2022 03:58:03 GMT
server: nginx
etag: W/"63745fcb-142e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
expires: Mon, 24 Jul 2023 13:26:57 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7B5D 42 B
64 B 147ms
147ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv3XJyrRoNYxK_X1Uy4LwkFYPRIb3XQEvzmSk977UEpLhMMDVeR3OgsetPEFCMREDmANW4jOT-w51Vm7N0Uqg0oCyRfvQetiropYbeY2RLVMXZ3Fx8keCF0GjuKtb50bVtw6wl89LajRptH&sai=AMfl-YSH99EbcCvEdKbyALnZYFCPO86kaCcM2kepmRapfHfFQmoOj-OczYxSWUUz7jZnIRfNEOml45XWk9B9mAJErHHGyW79aa1vJMKUdvYPWkPPG9t_UCtg5vtLpAieOAoiW05ItMrpYQF7Fm5l&sig=Cg0ArKJSzI3dpEq8HvCoEAE&cid=CAQSSwBpAlJW27YxyycgyXslx2R43BUoNeB8u_jYaUJbhNDkXlkDLYGkhVpsqTagm-1r7QT82I2FuE_dl26rx29Ta1a2Mbnmc7OP41-jjBgB&id=lidar2&mcvt=1030&p=979,1353,1229,1653&mtos=1030,1030,1030,1030,1030&tos=1030,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3261691140&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690204615990&rpt=873&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FC91 42 B
64 B 146ms
145ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstZ7khPOpASYccEE8_CDJLy84rVR6Xx5i7SeZV33HnDNHsKQ-HfWHylPqTcWoEptfmyvHfbQV7cuKZBJ_p1N8y8196Ph-7QpuROC2I5MsYXtczGEl57hhmUZrZAje92Qa-Nv0oT4Y4ykjUw&sai=AMfl-YQr4I_AhSdLHvrAbO6AZaaUm_ZdekZJYkSSlNmUk1cLGCftrgZXiQ8YQIZGvo1WhBAAd3zyg8iH-Z9hEtkQ732UU8f9AiFXaPYFWLj3cwhAkOCyzYO2NsVLcAH4-AxFp3gnbcpX1hrbXTGt&sig=Cg0ArKJSzKT_apg44pUoEAE&cid=CAQSSwBpAlJW3pQxFT3XQhXLzocWp1MPc-m_iaG42CTuHeZhPBFrEtzvUj2dMsGypy3b71NJAldInXs0-dJeXpBY6sBrwQWKRv_NqlAaWRgB&id=lidar2&mcvt=1032&p=108,270,358,570&mtos=1032,1032,1032,1032,1032&tos=1032,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=827794272&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690204616246&rpt=579&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7B5D 43 B
215 B 118ms
117ms Image
image/gif 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1512463&asId=80e4badc-b792-cc2c-eb6c-e960d18c8e24&tv=%7Bc:ji3RlU,pingTime:-10,time:718,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE1LjAuNTc5MC4xMDIgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1690204617929%7C%7Cdebff471eeed88c0ec8f5ff051fc42e2%7C%7C375be7bc26b7869f53a37d263e47ad85%7C%7C3339d4efd73947c6cc0dd7484c7ea50e%7C%7Cc11f0ed7061f8fdb5df67dc97dd79fcb%7C%7C45a76245fb087979ffe778af51e79239%7C%7C398572ab871ce19278f41f244dc0b90b%7C%7C56ed20e97b2914b3559665109121ef08%7C%7C1663701684%7D
Requested by: Host: reurl.cc
URL: https://reurl.cc/qZ40Kn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:57 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B55E 42 B
64 B 148ms
147ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuyDrI2VKAbePtXXwECGT7x8G9ytIICJvCrIb0cPJV0TT1g2JVL6jNC3aF8rxWAKO5-G-L_zFTBmISc-M8xPilriD2VkYO_BuJYbdRuMLXpki0VHRpDx2SYCML9b7qUGswS5pJKkaroOaQB&sai=AMfl-YTRMTr-l6haqCNTeojRNvWcfOC75Plgm-iIbmsEkhiTlXvWLRYKUeKF_uv77YvZmV31EkguSnLqLTTY6j3AVqYjf-X5AMse45O4hmK4qKoLHOtHwauCBcJpp1WWVrohFeAbvhaeUjW335Gs&sig=Cg0ArKJSzOV7RRs74DixEAE&cid=CAQSSwBpAlJW3pQxFT3XQhXLzocWp1MPc-m_iaG42CTuHeZhPBFrEtzvUj2dMsGypy3b71NJAldInXs0-dJeXpBY6sBrwQWKRv_NqlAaWRgB&id=lidar2&mcvt=1025&p=505,315,595,1285&mtos=1025,1025,1025,1025,1025&tos=1025,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=81851380&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690204616234&rpt=661&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame F551 9 KB
9 KB 44ms
44ms Script
application/javascript 2600:9000:2250:8200:0:e06c:e940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc&n=655&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=3310-X7pqoIpXy4shFsA0x8Q2CnkmlFb0x8Ip&fp_uuid=3310-4909f65d78db72a209db767eae21e49972fb3db1ae0a75dca9a51ca0f1d50711&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:8200:0:e06c:e940:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 163861ba1f99a5f399021588724bc0930e9de7f7dea9c4a5d8d06e03f169f30c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: O7sZGT0knnzygQhuPzTFxlRFCbP1u_sa
date: Mon, 24 Jul 2023 13:16:43 GMT
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
last-modified: Fri, 14 Jul 2023 03:29:39 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 22
x-amz-server-side-encryption: AES256
etag: "5605cb8cc8a95ce9c39d43b26ce2823b"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 8980
x-amz-cf-id: NvsGqYFBGQJlvg91DXUouXps_d9ZTR2f6bZlQvcbpSrdD2dFmPPl7w==

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame F551 36 B
400 B 270ms
270ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

bc8c4b072fd0f0c5fb8f38493834f4b1957faa8bfad139d255babccce79671ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:58 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame DFBD 0
0 158ms
76ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstLwo2i0qXkKshuguf1XOLrD8OPOlTO7KWZPCUmlYZbMLWLsX--6yHHKQQvMQMBYSQx_nqeh_j5D8jPUGimQG2zWUi5FH5JCMywuSKi3DHn0DfXXSNMF2W1IH8uUB_FLrE-Dqqj3ZJ9MP06-1a_NgZBW1CNm1emIBBs-iTb37RumIAN_l6TkrA604phhTAn41knaiqlUUxGkPorBCjGSgXMgl9DHN0F3Wj4QQjmaLybgc7w1mMvuZryRUOOhHSpUb1xql7Zlnm5PbIuzUai6T61GoflI7i3xLVAo-xkOUAU8Pe4EouRVD_N8FTLGfy12yzgYbbnEuaXbmMxOWVeq5mXsaJJQJWDLeqwKPdi8A&sai=AMfl-YQJp8ZfpP6UHzrqAzlkK1dHXf8uaAfreJt3APOSCTQj5R1GaEa2mJ5STclOR-Kwakd7QI7vP9hVSwD6E9plj6tfAlJqIrh1g2ym2y5LmOQC0Z6YrDzkgCEoleX2zk7jG_a__iIj80VupfheHag&sig=Cg0ArKJSzBbxmyjgWQENEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 24 Jul 2023 13:16:58 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 90ms
90ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202307180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9fce68ef13e859aa2088afb2b07ab31cb5a5e5eeb143c9ed53b3f3b3b2c36092

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11765
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 140ms
140ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 24 Jul 2023 13:16:58 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7B5D 43 B
215 B 140ms
139ms Image
image/gif 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1512463&asId=80e4badc-b792-cc2c-eb6c-e960d18c8e24&tv=%7Bc:ji3RrG,time:1076,type:e,im:%7Bpci:%7Btdr:1006%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1076,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:42,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1065~0%5D,as:%5B1065~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:121,fm:tKVUk9K+11%7C12%7C13%7C14*.1512463-72069454%7C141%7C142%7C143%7C15%7C161%7C171%7C181%7C1911%7C1912%7C192,idMap:14*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:44,sis:407%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:58 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CB35 13 KB
5 KB 40ms
40ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 653
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:06:05 GMT
expires: Tue, 23 Jul 2024 13:06:05 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 226C 783 B
972 B 51ms
50ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

89a8f37db9c91c775eaf22b7805e188906ac4f519d685e45105434ec3adf7cc5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nOWyDS6xNIFmgXHzv7E4Rg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-nOWyDS6xNIFmgXHzv7E4Rg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:58 GMT
expires: Mon, 24 Jul 2023 13:16:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js Show response
pagead2.googlesyndication.com/bg/ Frame CB35 37 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:06:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 654
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14655
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Jul 2024 13:06:04 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 226C 0
0 140ms
139ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202307180101&jk=3060682546675321&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CB35 0
12 B 44ms
42ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?h1ViuA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame F551 0
187 B 272ms
271ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=3310-X7pqoIpXy4shFsA0x8Q2CnkmlFb0x8Ip&mp=f9cd014e-968c-4461-9128-3aa1aac0333c

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:58 GMT
strict-transport-security: max-age=0
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 pixel
f9cd014e-968c-4461-9128-3aa1aac0333c.t.ssp.hinet.net/ Frame F551 0
79 B 267ms
266ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f9cd014e-968c-4461-9128-3aa1aac0333c.t.ssp.hinet.net/pixel?bd=f9cd014e-968c-4461-9128-3aa1aac0333c&t=50ef57&referrer=https%3A%2F%2Freurl.cc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:58 GMT
strict-transport-security: max-age=0
server: nginx
content-length: 0
content-type: image/png

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 9C3D 81 KB
27 KB 110ms
110ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

338acabd8cb06dd602979dce6b11534388bba9e2b8b30fc1473ffe11d96b2876

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27824
x-xss-protection: 0
server: cafe
etag: 422 / 19562 / 31076291 / config-hash: 6641860603076998902
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:58 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307200101/ Frame 9C3D 385 KB
122 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307200101/pubads_impl.js?cb=31076291

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d14af6714f8e174042d16f9ee9938f7986b826935f217c43cd3570945f8a8a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 06:20:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24980
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125319
x-xss-protection: 0
server: cafe
etag: 4098493636285064892
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 23 Jul 2024 06:20:38 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5D 0
20 B 140ms
140ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6617530619212&version=m202306200101&ct=76&x=1&cor=11609389541979658000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9C3D 118 KB
39 KB 549ms
548ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4496953786899925&correlator=4215854625860076&eid=31076291%2C31068367&output=ldjh&gdfp_req=1&vrg=202307200101&ptt=17&impl=fif&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14209&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x100%7C320x100%7C320x50&ifi=1&adks=2995874615&sfv=1-0-40&sc=1&cookie=ID%3D35b39120d8d29ac8%3AT%3D1690204615%3ART%3D1690204615%3AS%3DALNI_MasEJ1I_6nAJjPBbqWikvN_OiWB4w&gpic=UID%3D00000c70704870d7%3AT%3D1690204615%3ART%3D1690204615%3AS%3DALNI_MbuSk8AigbOyG_MWdVIzwMmLVKOEA&abxe=1&dt=1690204618928&lmt=1690204618&adxs=640&adys=358&biw=1600&bih=1200&isw=320&ish=100&scr_x=0&scr_y=0&btvi=0&ucis=ydj1g5djb9ok&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=3&url=https%3A%2F%2Freurl.cc%2FqZ40Kn&ref=https%3A%2F%2Freurl.cc%2FqZ40Kn&top=https%3A%2F%2Freurl.cc%2FqZ40Kn&frm=23&vis=1&psz=320x100&msz=320x0&fws=256&ohw=0&ea=0&ga_vid=1747776942.1690204615&ga_sid=1690204619&ga_hid=1985136137&ga_fc=true&dlt=1690204618669&idt=231

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307200101/pubads_impl.js?cb=31076291

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b987ac6ffe9914b94f024848ec78cd02ecc01fd0b037cb00620cffd500d39dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:59 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40015
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9C3D 15 KB
12 KB 87ms
87ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202307200101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307200101/pubads_impl.js?cb=31076291

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9980eb038293b89a72684eb5231b85e6acb60eea46fffed78f78d594e258a214

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11853
x-xss-protection: 0

GET
H2 200 container.html Show response
a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 30A3 6 KB
3 KB 108ms
75ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307200101/pubads_impl.js?cb=31076291

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:59 GMT
expires: Tue, 23 Jul 2024 13:16:59 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9C3D 17 KB
6 KB 88ms
87ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307200101/pubads_impl.js?cb=31076291

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 24 Jul 2023 13:16:59 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DFBD 42 B
64 B 145ms
144ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst7FYahnMYZGm8K0Vh6DBLEhec0Uh7rBpY6cqUCde47wuI-ym09aJbyJIakQP21Enu98FVg9cNwA0Fqc1i3FjAaEIyGMetsEsEM0wylHCKoI4kFvWLa&sig=Cg0ArKJSzH374zntdnS5EAE&id=lidar2&mcvt=1000&p=378,800,478,1120&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230719&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3271617715&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690204616269&rpt=1868&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 192ms
192ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202307180101&jk=3060682546675321&bg=!mJulm8_NAAZsPphkTD47ADkAdvg8Ws94WtsbsrK0lGqEMoopu7GvI-aUsQoqG819aNV2-9FC31udSa01ppxTeoKeI2XbuOYo-NsCAAAAg1IAAAAIaAEHCgB0lbgDd9QZH9p0-Z4A75PR--FGNZ6z90PuZvehPdO0xI97e9_xlTNOI7zo95g2TA0QBT3K1JMmc_pWqvTLORl7UbwqOd2ChpFxEc7EosmUKgIRTLMINXABRrlcMHChRUGTD_UtEHg9z0fGeOfysHCxi382tsmZAump4Yce8wxKUKWI24Y2bzjh3Ktstx6bF8Lcz9jiAJUyjcWfLQM-jpUC7QRCEUjvnOcUlQBbX6-v_fCoT7T1owTxHB6qs1JhQqWx4LNQFx_uVjOuucqh4WdycT64Pq4QV0maUC2PLUmDjhOhLE35WN7I5pBbmlAWBSvjMxfqUBZmbeHcZ613Ew2vzyi_d6m4qhs6KtJi_HC8VpUbsiZAEZMQa9AYxmI5ViLRk5Qp0gZhcdulRC-NDe-KuJ6t6hEcrzN7o4Vf34uyeusZF441gPO0OGRfakqJ0NjIwJd_QG-kPlDAwQiPM9nZDg648jLwtqdF4PP-m77AppCy1DMqurvQGohb0PU6dg2HegaPl3GjMoa6IBkU7IO4qlLF1bx4MHkEfStf74P3KsO6ngtvFu9lzTK-64G-I6zQg5SPTK2kL9l7EiZYFjsM42U_6Mtb_JpwvJkFzOEV4BMWC-xB4Fj1nV4mbgfcFJpt4uf6TGnbhRXqZ_gni0CHhwYPbRqLM1TB6uLxvG4_T6iCu5dR8jbxUo39WNnvtPnRYH_BA5P4cx9aMscMiqBdXhRSHRNbzctYSKI6cyaQi5c-zhWbRsfILOFaMt4tSsyQ6kdI-5I7_LIE7X2gi70okmHYT-PnECtFLnHzHCxjX3EHP2SEUhoociWlvjTUfA6HPYLGSZ55_PP_2vYBo5cv78dPycrru2sU9Ex-LkNZh2zZs8_7EeVTl8YxpC-G8GuP7HeqCL_ILY5mQHP6RinZ9RWULDkT9j1vFRn9j02pdhf-cJmK-p8_OWUCvr_kzIarKh_qOYJCS8jkXtVnyn_DJNB78mEWJnJ-wArhSBTIdoIk_caWQJW-Xe2u3dwpv0EiVH_Qnan0tZs4GUGQiDGSZCAptlHAVKzRMNzAi-AA-XFogGPudyjSMrgJTyrc6XZVJA85BwAcEvpipD410GuD6lSAX-4SkuWeMftqwGXfsBCfQyEeO5vTFxDOX9gjViHB
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2447 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 654
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:06:05 GMT
expires: Tue, 23 Jul 2024 13:06:05 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3060 783 B
534 B 52ms
50ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9d1b579cd26cbaf65cf28d73a74fba56aa313aad44593dd94f713a7aadefbd2e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-b2OeggR0A2FQram3WtnVrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-b2OeggR0A2FQram3WtnVrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:59 GMT
expires: Mon, 24 Jul 2023 13:16:59 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js Show response
pagead2.googlesyndication.com/bg/ Frame 2447 37 KB
14 KB 88ms
88ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:06:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 655
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14655
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Jul 2024 13:06:04 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3060 0
0 141ms
141ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202307200101&jk=4496953786899925&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7B5D 43 B
215 B 148ms
148ms Image
image/gif 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1512463&asId=80e4badc-b792-cc2c-eb6c-e960d18c8e24&tv=%7Bc:ji3RI6,pingTime:1,time:2094,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:43%7D,%7Bpiv:100,vs:i,r:,t:1093%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1093,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:42,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1082~0,0~100%5D,as:%5B1082~300.250%5D%7D%7D,%7Bsl:i,t:1093,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:142,fm:tKVUk9K+11%7C12%7C13%7C14*.1512463-72069454%7C141%7C142%7C143%7C15%7C161%7C171%7C181%7C1911%7C1912%7C192,idMap:14*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:44,sis:407%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:59 GMT
server: nginx
x-server-name: dt25.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7B5D 43 B
215 B 147ms
147ms Image
image/gif 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1512463&asId=80e4badc-b792-cc2c-eb6c-e960d18c8e24&tv=%7Bc:ji3RI6,pingTime:1,time:2094,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:43%7D,%7Bpiv:100,vs:i,r:,t:1093%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1093,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:42,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1082~0,0~100%5D,as:%5B1082~300.250%5D%7D%7D,%7Bsl:i,t:1093,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:142,fm:tKVUk9K+11%7C12%7C13%7C14*.1512463-72069454%7C141%7C142%7C143%7C15%7C161%7C171%7C181%7C1911%7C1912%7C192,idMap:14*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:44,sis:407%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:59 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7B5D 43 B
215 B 146ms
145ms Image
image/gif 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1512463&asId=80e4badc-b792-cc2c-eb6c-e960d18c8e24&tv=%7Bc:ji3RI7,pingTime:1,time:2095,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:43%7D,%7Bpiv:100,vs:i,r:,t:1093%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1002,o:1093,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:42,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1082~0,0~100%5D,as:%5B1082~300.250%5D%7D%7D,%7Bsl:i,t:1093,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:142,fm:tKVUk9K+11%7C12%7C13%7C14*.1512463-72069454%7C141%7C142%7C143%7C15%7C161%7C171%7C181%7C1911%7C1912%7C192,idMap:14*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:44,sis:407,metricId:publ1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:16:59 GMT
server: nginx
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2447 0
12 B 39ms
39ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?pxOljQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:59 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 container.html Show response
a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6C04 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307200101/pubads_impl.js?cb=31076291

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:16:59 GMT
expires: Tue, 23 Jul 2024 13:16:59 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 6C04 4 KB
751 B 51ms
50ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 24 Jul 2023 13:16:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 24 Jul 2023 12:06:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 24 Jul 2023 13:16:59 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 6C04 2 KB
905 B 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53867
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/ Frame 6C04 23 KB
9 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/abg_lite_fy2021.js

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

463947d0709c9f435ed523b82dd8bbccf1ea8c25dc8f08900c90c51948210665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53867
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9071
x-xss-protection: 0
server: cafe
etag: 4587423269125806604
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 6C04 3 KB
1 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 17:48:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70087
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 17:48:52 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 230C 1 KB
643 B 40ms
39ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 803
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jul 2023 13:03:36 GMT
etag: 48472445140208031
expires: Tue, 25 Jul 2023 13:03:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 6C04 20 KB
8 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 22:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53867
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Aug 2023 22:19:12 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6C04 0
0 47ms
47ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQAQvLVCIJnMvxaQinWm-eLv8iAB8BkJlrt18JdqKzBb1BO_ZGHHWadkF0NhFBzOcNDR_d0m35Dhg6q9Tkc3s1Mhasn6w
Requested by: Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6C04 179 KB
56 KB 96ms
95ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 Jul 2023 13:16:59 GMT

GET
H2 200 39d4397462e2693449f221f9915f9e59.js Show response
www.gstatic.com/mysidia/ Frame 6C04 33 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/39d4397462e2693449f221f9915f9e59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67edbe1fe2a38ebf16fc36b42cc267e37f18629ec79feae7a177178bf6e24d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173609
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14179
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 20:41:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 13:03:30 GMT

GET
DATA 200
OK truncated
/ Frame 6C04 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

624907996767536446
tpc.googlesyndication.com/simgad/ Frame 6C04
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r
https://tpc.googlesyndication.com/simgad/624907996767536446

8 KB
8 KB

41ms
41ms

Image
image/png

2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/624907996767536446

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 19:41:58 GMT
x-content-type-options: nosniff
age: 149701
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8502
x-xss-protection: 0
last-modified: Tue, 09 Apr 2019 09:00:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Jul 2024 19:41:58 GMT

Redirect headers

date: Mon, 24 Jul 2023 09:30:34 GMT
x-content-type-options: nosniff
server: cafe
age: 13585
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/624907996767536446
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 23 Aug 2023 09:30:34 GMT

GET
DATA 200
OK truncated
/ Frame 6C04 205 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06618129f9e3a537dc09fb2692beea2a9a9b9533cc513078d3db6582be6073ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 6C04 16 KB
16 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 01:50:32 GMT
x-content-type-options: nosniff
age: 213987
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 01:50:32 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 230C 35 B
463 B 158ms
47ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEFU66hzvDiO4j9Rzz5ZiVJk&google_cver=1&google_push=AaAOQGE0pwhMrAP0Dzuzia9AZ_FaI-z3is3U1cBjKztVED3mVvrdGCz3bf7mzSBoveiQTNSNlr_zyHYZUwh6FTbhLTOUlDJFTHU

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:17:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 230C
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFpdIffFzh0l0MZUrPDdk_0&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFpdIffFzh0l0MZUrPDdk_0&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SWhZMkRNOUgxUW5WcVE1&google_gid=CAESEFpdIffFzh0l0MZUrPDdk_0&google_cver=1&google_push=AaAOQGErj2FCidvQzpo8G4YTW7PdiLRggySpGg5X6l6w8AB...

170 B
188 B

55ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SWhZMkRNOUgxUW5WcVE1&google_gid=CAESEFpdIffFzh0l0MZUrPDdk_0&google_cver=1&google_push=AaAOQGErj2FCidvQzpo8G4YTW7PdiLRggySpGg5X6l6w8ABbpScRX7FURQ3qbWk4ZMtFfveJN4zr0cbNPqPAcL7SIBdwX_iLByw

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:17:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 24 Jul 2023 13:16:59 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-783-g46ba6fe#rel-ec2-master i-039373edd24dbbb61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SWhZMkRNOUgxUW5WcVE1&google_gid=CAESEFpdIffFzh0l0MZUrPDdk_0&google_cver=1&google_push=AaAOQGErj2FCidvQzpo8G4YTW7PdiLRggySpGg5X6l6w8ABbpScRX7FURQ3qbWk4ZMtFfveJN4zr0cbNPqPAcL7SIBdwX_iLByw
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 230C 70 B
265 B 201ms
58ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEKn9EJmbAKUVNtxuSHLYbDU&google_cver=1&google_push=AaAOQGEFH_KJipCe607_UOYFwXrKtWU6MSLIPbgTrb0Y9Cfiw5-2rF3WEBQD76nFR01u-su6p44hhuBehK1U5JESpcwf3nG_Opxe
Requested by: Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 24 Jul 2023 13:17:00 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 sync
x.bidswitch.net/ Frame 230C 43 B
146 B 183ms
40ms Image
image/gif 3.64.241.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFiwLj5MbIftUh9oX-xzoyY&google_cver=1&google_push=AaAOQGFgnGs9r_RIwbLT22kb-L4aApg9rVknxsLRriIha2LmDP5qpzVCmYZr5B7GmQw7rmOJo2j-5RRQa6B9a8KCKVplt4ZGgNzF
Requested by: Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.64.241.131 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-64-241-131.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:17:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 230C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOXHVXgTtcuFLSxWENb90uA&google_cver=1&google_push=AaAOQGFnfufizbLf9HifYrBkBDamx1zbrWmU9Lqae3KOAEWTt8K_kKaGbpMbanGJUsHoFxfGKDl3FYMu...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOXHVXgTtcuFLSxWENb90uA&google_cver=1&google_push=AaAOQGFnfufizbLf9HifYrBkBDamx1zbrWmU9Lqae3KOAEWTt8K_kKaGbpMbanGJUsHoFxfGKDl...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1MzgyMDk3NDYwNzEwNzc1MQ&google_push=AaAOQGFnfufizbLf9HifYrBkBDamx1zbrWmU9Lqae3KOAEWTt8K_kKaGbpMbanGJUsHoFxfGKDl3FY...

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1MzgyMDk3NDYwNzEwNzc1MQ&google_push=AaAOQGFnfufizbLf9HifYrBkBDamx1zbrWmU9Lqae3KOAEWTt8K_kKaGbpMbanGJUsHoFxfGKDl3FYMuvMI2DqxO11N7NYaHyhAF

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:17:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:17:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1MzgyMDk3NDYwNzEwNzc1MQ&google_push=AaAOQGFnfufizbLf9HifYrBkBDamx1zbrWmU9Lqae3KOAEWTt8K_kKaGbpMbanGJUsHoFxfGKDl3FYMuvMI2DqxO11N7NYaHyhAF
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 230C
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CFXZ6Bo5TBaeAIq0vj0Kww%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CFXZ6Bo5TBaeAIq0vj0Kww%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHpd64reI8GkSbW8FtVTuaVDZrf5BzCw9Uoii3omIC8JK6izQogg8Dnn7pDYW5H8SNAysjRuH9OY1Gog-ltTcpzTkbjuzi0

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:17:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CFXZ6Bo5TBaeAIq0vj0Kww%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHpd64reI8GkSbW8FtVTuaVDZrf5BzCw9Uoii3omIC8JK6izQogg8Dnn7pDYW5H8SNAysjRuH9OY1Gog-ltTcpzTkbjuzi0
date: Mon, 24 Jul 2023 13:16:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 230C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHhFLyet84oDgMMa7WhBpW8&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHhFLyet84oDgMMa7WhBpW8&google_hm=ZL55yMKkADhwJdA9yVDR5AAAFJMAAAIB&google_nid=index&google_push=AaAOQGHvdVTh41vgLIIHAT8Z8d-2zbG_V6n5l...

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHhFLyet84oDgMMa7WhBpW8&google_hm=ZL55yMKkADhwJdA9yVDR5AAAFJMAAAIB&google_nid=index&google_push=AaAOQGHvdVTh41vgLIIHAT8Z8d-2zbG_V6n5lWS_cjrEh6-lBXVLxhfraelGyaTbJ-Xzpyg00pitwygW0SCs9SCGdGaxclsA9C3s

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:17:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 24 Jul 2023 13:17:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHhFLyet84oDgMMa7WhBpW8&google_hm=ZL55yMKkADhwJdA9yVDR5AAAFJMAAAIB&google_nid=index&google_push=AaAOQGHvdVTh41vgLIIHAT8Z8d-2zbG_V6n5lWS_cjrEh6-lBXVLxhfraelGyaTbJ-Xzpyg00pitwygW0SCs9SCGdGaxclsA9C3s
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 230C 0
12 B 50ms
49ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KL1BVnJg1CtK-USZ5tEwnXZEmXKN-tmHmisd6OIKM-ezdNg7gwdTUMIQTF4jXsCpyyHust

Requested by

Host: a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
URL: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:16:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6C04 0
0 84ms
84ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CMDEzynm-ZMGdPMfxzQaPobaYB72Npq9vn8yvrL8O6p_coNQBEAEg0syBGmCVyquCtAegAbC6odcDyAEJqQLFi-_zwZeyPuACAKgDAcgDywSqBN4BT9CBbioedvIETO2Y7PGqTrhBcjeYNAEe3PbS39fiUV732vm3oltKh2ous6cznaW7j3q5MAj5gFqKCItjc0vxVG43KrQ7K1xWiNeXdkjM3HL4f6YkjvwxxW2L_bP8KH3mhbgDIaQP1ieOmVE7T2cwP6P5Dc82zo0ZpZYXiHMEBX0nmfAjErM4MY0HGWZo7H5xvFAT60qIafM6jVKQ3SpjifP6ocAIxymPk3UCW1SKQcvcsHndsvzet6yJnMsIQ5SRu_ZAlORUdLJYP1rKCWJeXhwtt2iC6SI81iUr-0X4wASpnKmq4APgBAGSBQQIBBgBkgUECAUYBKAGLoAHxfetPqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBCl5wnSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDyAsBogwIKgYKBMOwsQLYEwyIFALQFQGAFwGyFx4KHAgAEhRwdWItNDEyNjU1NDc3OTM5Mzk4NhjizBk&sigh=J2WiWfpHWDw&uach_m=[UACH]&cid=CAQSOwBpAlJWNONuGOC1umVWxuHONjf9nqhQtpcSKqNaMvS4C8iUaQ2Yl9dMIwFAfm5NTbTVj9A3b6LO_WUwGAE&template_id=494&cbvp=2&vis=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H3 200 vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D32 37 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/qZ40Kn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 13:06:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 655
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14655
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Jul 2024 13:06:04 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9C3D 0
0 149ms
148ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202307200101&jk=4496953786899925&bg=!mJulm8_NAAZsPphkTD47ADkAdvg8WtMBgu0p4gTneqlGghw-xDIYFih45E767z8-h65qJBRBtS-gg7-tP7z1d8LH4nCLgW1gtKkCAAAAdVIAAAAMaAEHmQMOCvv1Duzyp5PbloTk1g0DRn1Kk4Ns0VXtwOu5BKJl-pruUil19i4dWyJ6pXxNsZHdE2tINb8s9BX-PW9hRwyUs1Rc7EfjvoFhoOJa39uwY2XqHpBjScHgK9JSWFyl5Pc0Ln1LJ5_0E2AAOeY4l-61gn_9zl237Z8358lZA-sctoFZxFoorpVWuD-cyEyCvhpxLMrP4fRscxOTuASsWjYAorpCFe8fLW_uC9AB_hGtt4mw1nbEkkoXF1QtaI93jongD1lP5FWZ2CjpXW3peobaSUiCvd2hLDNZUN6MRKDje-vSnQTHCRFgVZwoPrxAXR05gC7Eejlnw6JUfH8fYUCoaPzKdjr546TgZlSL31IaFr961ZlS2eb5P3oLxqkLOgwaFHN_X6hqYGsH2k0_htUcN9c9gKXA-CblJEpa0tpOh5SsKTn45BRqMAXTPqa0IwmHKlPuQn1DHupbEQBAV3VBOA7GeObTPLH1Z7-Rs7bJ-pgp9vUNhkTBbJU2VPCdNXI59to4ZPXEQ5lzaKNr0RGtC5G-yi1_MHvXjHeh4Lcfmv42zJArZ8mmmXw9Kn5tu5uDK3f0xZE58q4KYhpK1XvJHUROXtnPeeaDc8eawyv_ZqtRSS_TqnIMa4b91wxKrP2BoVmr0ccZU2nijF-egIqkZtDdmZCfaQq9exFQoqE48IcgzIHIQLZ0X4ICGTccmOoFrAxDmt3eM6bx97dMFyBByP8aaktlZLAJfbBPYsDLZ9ua9ajYLf7m8xxXPgf5-9mD1LjF91Sk3clpG5NtpzdIoTivV_ueXgsGiPPzHrOglkhDhMqn-WR2KEFh2lIrFkQTazDtx0vMgPhVd44XX15QISqnMGhFJzhADV3Dpieo9oa-q-2Bv0Ws16LglE68kIwiNcoU09yh0Ra1oiBYKHx5SfWiNfIaWPjCcPJObsQQzGn1QmudJLUWlZ43hKc9HGo_80YI0hbqXSlDFrLnJmTXN9PgHLQRkkVlGyrKmuLlQze4dEzIhkoyW96TWD2aArs0OSJ18e88-8HsFBETWNw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

POST
H2 204 collect
region1.google-analytics.com/g/ 0
45 B 50ms
49ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je37j0&_p=149700051&cid=1747776942.1690204615&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1690204615&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FqZ40Kn&dt=Home&en=scroll&epn.percent_scrolled=90&_et=24
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:17:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6C04 42 B
64 B 152ms
151ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu0UF-uoZ5LVsxAm8weTLXkJfX3kZYfZmD9cAXmatP7ydPaHQQukzYfMapaSRMlDCwSbujEvwC5d3t5cVB3LUE1qdO6ZL2kpq1AQ1acxKrs_OVdCCuPbuBXMpckaQLsqzXt8s3X2p0QvYDa&sai=AMfl-YRmWsVZbudAPXLPvaSDs2qUvhIWdtqRDtWt7wbK2L9n_PNH2B0lZDCuewJO2scwKvtaLYUKk5vrihEyFe83_jgWJZ8kIG3hkBJoNPLfn7X8OpNt8_tTxkUiOxo&sig=Cg0ArKJSzNLldoNFKyIUEAE&cid=CAQSOwBpAlJWNONuGOC1umVWxuHONjf9nqhQtpcSKqNaMvS4C8iUaQ2Yl9dMIwFAfm5NTbTVj9A3b6LO_WUwGAE&id=lidar2&mcvt=1000&p=358,640,458,960&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2995874615&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690204619507&rpt=428&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jul 2023 13:17:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.facebook.com
URL: https://www.facebook.com/platform/plugin/tab/renderer/?key=timeline&config_json=%7B%22app_id%22%3A%22776730922422337%22%2C%22href%22%3A%22https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F%22%2C%22width%22%3A340%2C%22height%22%3A500%2C%22has_cta%22%3Atrue%2C%22has_small_header%22%3Afalse%2C%22has_adapt_container_width%22%3Atrue%2C%22has_cover%22%3Atrue%2C%22has_posts%22%3Afalse%2C%22tabs%22%3A%22timeline%22%2C%22can_personalize%22%3Afalse%2C%22is_xfbml%22%3Afalse%2C%22referer_uri%22%3A%22https%3A%2F%2Freurl.cc%2F%22%7D&fb_dtsg_ag&__user=0&__a=1&__req=1&__hs=19562.BP%3Aplugin_default_pkg.2.0..0.0&dpr=1&__ccg=EXCELLENT&__rev=1007888611&__s=%3A%3A8931x1&__hsi=7259373545145042621&__dyn=7xeUmxa13xu1syUbAihwRwqo98nwgU5Gex-ewSwMwNw8OdwJwvE3vx61cw9y0Ko2_CwjE3awbG78b87C1xwEwlU-0nS4o5-0ha2l2Utw6awZwaOfwbK0RE5a1qw8W1uwa-7U1bo6i6811E2ZwrU6C0L836w&__csr=&__sp=1

Domain: www.facebook.com
URL: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FCreditCards.com.tw%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

41 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reurl.cc/	1970-01-20 13:31:31	Name: _gid Value: GA1.2.156654488.1690204615
.reurl.cc/	1970-01-20 13:30:04	Name: _gat Value: 1
.reurl.cc/	1970-01-20 23:06:04	Name: _ga Value: GA1.1.1747776942.1690204615
.reurl.cc/	1970-01-20 23:06:04	Name: _ga_N394QBRGC0 Value: GS1.1.1690204615.1.0.1690204615.0.0.0
.reurl.cc/	1970-01-20 15:39:40	Name: _fbp Value: fb.1.1690204615230.1913001953
.prnasia.com/	1970-01-20 13:30:06	Name: __cf_bm Value: AlLPubchpQGJiFh3n0WdbDdi7unY.PKi6Fwt2_Rq7E0-1690204615-0-AWabcmAW5m0OT2QANRXToF8TrtB8lrJluPlM59EOo4GlRY3CstMswrRsCFAe+yT3gP1DM2YgH3012mIAWdivYps=
.criteo.com/	1970-01-20 22:51:40	Name: uid Value: 59732b00-c797-4283-8625-eecc9f1d5c9e
.openx.net/	1970-01-20 22:15:40	Name: i Value: 6d99452a-3a0d-419d-9da7-d7d883a2083b\|1690204615
.reurl.cc/	1970-01-20 22:51:40	Name: cto_bundle Value: sel7n19BNmowNG52NnZYTkJJeGVpeFRSanZ0STJaU0RnMUdyNUJwVDFNJTJGTiUyRnNuZVJoaUd2VkFiQkJVZ3BKVGExbUI3SGVNOFU3MVlhWm5JMjBwNWtXbVRmaE9Fb0VyVEl0QTF3VWM5aHdsSlpVN29sNWZCampVY0c3dXY2aFo0cEFDaE02S1M1SGk0TW9xN0xlemwlMkZpNzNKSGclM0QlM0Q
.reurl.cc/	1970-01-20 22:51:40	Name: __gads Value: ID=35b39120d8d29ac8:T=1690204615:RT=1690204615:S=ALNI_MasEJ1I_6nAJjPBbqWikvN_OiWB4w
.reurl.cc/	1970-01-20 22:51:40	Name: __gpi Value: UID=00000c70704870d7:T=1690204615:RT=1690204615:S=ALNI_MbuSk8AigbOyG_MWdVIzwMmLVKOEA
.doubleclick.net/	1970-01-20 22:51:40	Name: IDE Value: AHWqTUkXVL73NSApAThZAX7AaEbTz8NfNkuRz5Grw4UTS55lszN1_TrXdCQ8ri6Y
.hinet.net/	1970-01-20 23:06:04	Name: uuid Value: f9cd014e-968c-4461-9128-3aa1aac0333c
.reurl.cc/	1970-01-20 22:15:40	Name: __htid Value: f9cd014e-968c-4461-9128-3aa1aac0333c
.reurl.cc/	1970-01-20 13:30:08	Name: _ht_em Value: 1
.casalemedia.com/	1970-01-20 15:39:40	Name: CMPS Value: 5267
.casalemedia.com/	1970-01-20 15:39:40	Name: CMPRO Value: 5267
.casalemedia.com/	1970-01-20 22:15:40	Name: CMID Value: ZL55yMKkADhwJdA9yVDR5AAA
.adnxs.com/	1970-01-20 15:39:40	Name: uuid2 Value: 509134309012582747
.reurl.cc/	1970-01-20 13:31:31	Name: _ht_a546ca Value: 1
.doubleclick.net/	1970-01-20 17:49:16	Name: APC Value: Aa3gxNrXnMi7e87KKAaUuRryzGKKUnSG-vXNQJy7Ze5_o6YkPMwcmA
.adnxs.com/	1970-01-20 15:39:40	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C%sv@06m!]tbPl1M>e)ZlrFUfJ+tGXxoPDEsGQ:@-7QUYS3V?0(oL^y=x`c?/XS8J<_M3If)y3KL9D3I?+eimfmD
.holmesmind.com/	1970-01-20 23:06:04	Name: P Value: 264118-LVEEDTU0HRJLBStvAIXiEJhdXtyJIgye
.holmesmind.com/	1970-01-20 13:51:11	Name: Vision Value: 20230724-23:59,20230725-00,20230725-00,20230724-23:59
.holmesmind.com/	1970-01-20 13:51:11	Name: C Value: null
.holmesmind.com/	1970-01-20 15:55:02	Name: RK Value: null
.holmesmind.com/	1970-01-20 13:31:31	Name: fcm Value: 1
reurl.cc/	1970-01-20 14:13:16	Name: CFFPCKUUID Value: 2506-2mNqUJQfwoVUqLUAgoffKv9H60z3F69x
.reurl.cc/	1970-01-20 14:13:16	Name: CFFPCKUUIDMAIN Value: 3310-X7pqoIpXy4shFsA0x8Q2CnkmlFb0x8Ip
.reurl.cc/	1970-01-20 14:13:16	Name: FPUUID Value: 3310-4909f65d78db72a209db767eae21e49972fb3db1ae0a75dca9a51ca0f1d50711
.reurl.cc/	1970-01-20 13:31:31	Name: _ht_hi Value: 1
.reurl.cc/	1970-01-20 13:31:31	Name: _ht_50ef57 Value: 1
.c.appier.net/	1970-01-20 22:15:40	Name: _auid Value: jqJbha0GCDa-qFcyy3m-ZA
.adform.net/	1970-01-20 14:14:43	Name: C Value: 1
.quantserve.com/	1970-01-20 15:39:40	Name: d Value: EHQBCQHFKYEA
.quantserve.com/	1970-01-20 23:00:19	Name: mc Value: 64be79cc-0a6c8-10074-e600e
.w55c.net/	1970-01-20 23:01:45	Name: wfivefivec Value: IhY2DM9H1QnVqQ5
.pubmatic.com/	1970-01-20 13:31:31	Name: KTPCACOOKIE Value: YES
.adform.net/	1970-01-20 14:56:28	Name: uid Value: 7253820974607107751
.w55c.net/	1970-01-20 14:13:16	Name: matchgoogle Value: 5
.pubmatic.com/	1970-01-20 22:15:40	Name: KADUSERCOOKIE Value: 0855D9E8-1A39-4C16-9E00-8AB4BE3D0AC3

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
network	error	URL: https://img.scupio.com/js/ad.js Message: Failed to load resource: the server responded with a status of 404 ()
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
network	error	URL: https://s0.2mdn.net/sadbundle/13125690698918494302/images/legal.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3da7294d66f6159567926c0b2411bea9.safeframe.googlesyndication.com
a98da199d37185d70b2b5f68e35a69fb.safeframe.googlesyndication.com
ad.holmesmind.com
ad.sitemaji.com
ad2.apx.appier.net
adcdn.holmesmind.com
anymind360.com
bidder.criteo.com
blog.alphaloan.co
c.holmesmind.com
c1.adform.net
cdn.holmesmind.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdnjs.cloudflare.com
cm-dev-poc.holmesmind.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
creditcards.com.tw
dsum-sec.casalemedia.com
dt.adsafeprotected.com
f9cd014e-968c-4461-9128-3aa1aac0333c.t.ssp.hinet.net
fcm.holmesmind.com
fcm2.holmesmind.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gocm.c.appier.net
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
i0.wp.com
ib.adnxs.com
image6.pubmatic.com
img.gbyhn.com.tw
img.scupio.com
match.adsrvr.org
mma.prnasia.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
pm.w55c.net
re-news.tw
region1.google-analytics.com
reurl.cc
s0.2mdn.net
scontent.xx.fbcdn.net
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
static.wixstatic.com
static.xx.fbcdn.net
stats.g.doubleclick.net
storage.re-news.tw
t.ssp.hinet.net
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.rayskyinvest.com
x.bidswitch.net
www.facebook.com
13.32.99.59
139.162.23.100
142.250.186.34
142.250.186.98
151.101.129.55
175.41.216.229
178.250.7.13
18.178.181.226
185.64.190.78
185.80.39.216
185.89.210.90
192.0.77.2
192.0.78.187
192.0.78.24
2001:4860:4802:32::36
203.75.214.136
2600:1f18:1aca:4281:bb1e:3d47:aa9b:e120
2600:9000:223f:1c00:8:48e:53c0:93a1
2600:9000:2250:3000:a:e047:753:be1
2600:9000:2250:8200:0:e06c:e940:93a1
2600:9000:225e:fe00:1e:5c56:d400:93a1
2606:4700::6810:fd04
2606:4700::6811:180e
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:801::200a
2a00:1450:4001:806::2003
2a00:1450:4001:80e::2001
2a00:1450:4001:812::2002
2a00:1450:4001:812::2004
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2002
2a00:1450:4001:827::2006
2a00:1450:4001:828::2003
2a00:1450:4001:830::2002
2a00:1450:4001:830::2008
2a00:1450:4001:830::200e
2a00:1450:400c:c0a::9d
2a02:2638:3::3
2a02:2638:d::a
2a02:2638:d::d
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:400::485
2a06:98c1:3120::3
3.124.112.76
3.64.241.131
34.102.146.192
34.120.135.53
34.95.67.231
34.98.64.218
35.185.130.121
35.185.136.122
35.186.215.140
35.190.36.98
35.201.76.93
35.244.153.44
35.244.196.223
37.157.5.133
52.197.92.130
52.223.40.198
52.30.88.149
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
05a278937ccfa46dd25fe7410b68ce5c475cd052118b0e3dd7106311a5b82938
06618129f9e3a537dc09fb2692beea2a9a9b9533cc513078d3db6582be6073ae
06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d
0912eb76845cca43ec976e9bc886ca3f240697afb98c9ec95ec6c34fa32a8a71
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cd3b2b37028c0767d449a322a5d687fdff2ad45738efed6dd742e527d543c89
0dbdba4e3ae519ca99e112e64fc41409518bc3356804b0a52116c4d88def2774
10eee3e0630c3ec9d83927e39db9b412ea08f8c94fdf134b0894cba97c293849
119427c92f7fe2af80ef80f580ad8d36fad733ab01ac57da234fb9f5121cae48
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
163861ba1f99a5f399021588724bc0930e9de7f7dea9c4a5d8d06e03f169f30c
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
17b74954021249d3b59e7ab8c8248edc265666ee65127c8f01825f0ada0adcc2
1edd09b2535636bf015c3acab43e041cf25f5efa0cb0a48a8d4992cfae43dd90
2105761edb1b5e948992a32d1902e94f6c976deb6616bd612790719fe5323fc2
22fdae073d8eebc3f9cf47c255b4071a763618a2289a3f6218dffa83aca8fbcc
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
2a2c004a5e7ed49db8f7321634194e2520b9c52a1933a9880f0bb63f8b0bb795
2c884a5d1652fba65b3ce99b98377f24752519730bbc48a5dbe2e8904c36bc44
3045e1032d7280fb4aa09324b80abf73e6bb28251746675eea5c20b9aefb23f8
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
30e50247a89d127aa3e9d36b7ed08708b6bab8fa998806c7e666ce93770c41d2
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31f2f76d99d19fe98a0917f2b785a37c683b85fae29d66dd476ffa84c9a999fb
338acabd8cb06dd602979dce6b11534388bba9e2b8b30fc1473ffe11d96b2876
3543ec2e8dc70f600eb11ee43aa7f493fa9c639c319e9d571d038c84b52d5014
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3d14af6714f8e174042d16f9ee9938f7986b826935f217c43cd3570945f8a8a5
3d9a612f852ba9f3564e53516bcd21b0283341c3b3655c3f439f2e84bdc4faa2
3f98d2733f3cacaf5152fd4d55f778410f391312016cadb5162545357302cdee
40025e3b0c40ba1c7a0ff3d5842978e163b0fd0019fb68ef00ac0007024eac84
45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb
4636fb9df5ae103fbad3764c9f98400be1c9384cbe77fdb6951b96adcac788b1
463947d0709c9f435ed523b82dd8bbccf1ea8c25dc8f08900c90c51948210665
467927ec440c2f85c2641a5d07114a33d31cbb8ddb79ccce57ebdb98741c86cf
4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831
4952d97c9013418be3e4b014391c113cfe60624487dcbd14e13c1d8fa10fb66b
4afcc52fb5e910a9cf7ccc4ec0052554cb02c36ba928f327543aaa3f4875c8e3
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b5c05892bdce212e19d0503253b600faaeedca47fa2db97964d412c8c11934e
4ba1b9960f6bcc2d49080931ddd405a8fda579f905c7094d567d2b5823ae7970
4cf6b0041792515d9036fad75e278ddc885672587d77908729cc9b5d66ca3dcf
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52bb2d07b65ec544edeb2a33f4103397a28f036f0d100090f3e17e4364aea1fb
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55cf07a0c9e1fe961ad1fb7d9b58554812a9df0e3fec9cc5bcccd41051e5b2a7
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5facf3ca997fd8a7658579d40b8bc44a659e12df5b45b2f1f1713f987b86366c
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
61575c5364dc3bc941a4b8e88534e2e4708ef90374e778f1550e41946775a1f9
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
645709dcb09b2700fd5a5938dbdf783ac90a88334e5104041db53302441f33e4
67988687e1abdb7513a40ec60f8ed45c834949e86c1c9fa76983d00590ce0da4
67edbe1fe2a38ebf16fc36b42cc267e37f18629ec79feae7a177178bf6e24d89
68074915bfa5cc29787af554c881b2a0b0519d930ca399ec19def00c0976548c
6f63de21e26f445c7c0f186381154203aedc6f21075f5f8cd557767d523df556
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d
787eb0b8a47f314a9e63e5b07b9f0042521c69bd4bc1126ca798e55428e476ae
7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e
7bf535b6357d664dbe0b41ad2cf74e2f00a18f7501cf939c39d0560303e7aab2
80aa70e4006cd0ed120f285abf27a418ee66b1d2726f3cbfc17a81944b42ed8f
81a83ad8c65b893ec909609444e653b7e0be9395ccf59016e03284e0d1a13844
821b28af7c976d5005b2a7728e75380fc92afbd60e6b0446a1b134992751bafd
8290d97b04510b940ddca9f2aea802eaafb36fc7a8f52e4466ed2b77db35c632
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85794aeb8915266043a02fdd057b6a6e5833d26f0107f37c7af88fde9d2db447
86d11015f834f8a655919449f3166fcf02639ab7b9bd7b6c5f2f49b25ac04e42
89a8f37db9c91c775eaf22b7805e188906ac4f519d685e45105434ec3adf7cc5
8a132bc5849b9036742f0a8ef191d221138fe9882475f1b6ed5cde8642693edd
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
90102b36c17b8182fcb580b55b917d4807fb037df4dd104a6815ad305e2bea20
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
92f538af4e3f4de8f3a27a6552570e530a70edc9beacda2a1d7e5578831ca6da
93f76625521adcf15a9966d3a2e245a09d9bc2f72e8bc62c251db371345dfb51
95ad21ece3e78be200d21b17a9b278c4e4447f258f6318434ecefb2ef7a5e561
96709a5a10bdb0093ac9d15ba2669f29cfed584e385fb83520288c635074df9b
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
9980eb038293b89a72684eb5231b85e6acb60eea46fffed78f78d594e258a214
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c885128f0f90211d04e254799bb67f1e0686cec66d9bbe0b10e6a9e1dba7db4
9c988e280a9af2e0bfc476f7ada40e1984db51651029927933b16de44400c28b
9d1b579cd26cbaf65cf28d73a74fba56aa313aad44593dd94f713a7aadefbd2e
9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b
9fce68ef13e859aa2088afb2b07ab31cb5a5e5eeb143c9ed53b3f3b3b2c36092
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2cc059918f651f888970a38f954978d75bda97cfe0e4c7a475e1df09eab1365
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032
a7218be20c194153fd159b3e2494a53c5280e16e314798d85a173cd2fb8cbdcb
a77307b2dfa0e7694ebfb97a463efbb12226cc5129564980c6a7567a067aadad
ab43203ab1381240c7e3ed3d2df11ab5231a141265a1cff1d1ad600be194e1dd
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
ace934a05cd159e6680e2b6825e8c62620a71959426e65e0845b0ef30ada6a64
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b118568858df50612fa3591132d6d6bb41ddf00f8c74ad8cccd16e5510691aad
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b987ac6ffe9914b94f024848ec78cd02ecc01fd0b037cb00620cffd500d39dbb
bc15a40476f5b36c35bd644c43442bb4cda3a7ea333536e43985403c25dd4f21
bc8c4b072fd0f0c5fb8f38493834f4b1957faa8bfad139d255babccce79671ab
bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115
bde57df8b0262c098eef0a46abb024d139f0ff5be5a010d7f258bb0dc3f649c6
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821
c4575ca3c3884db71f180dafedec17edb6d4f303af9323718e45844aef490654
c5641fbb8d4464c9470fed28cd5a001ec10a03ee0b7080a948935c2a92ff0596
c588956eaa29edeaf91c75cfb160009bdfae2176df3d0cfe3c1fb388ed39783a
c7d5594f3a599ccd0b1a336bb68a24d59882f394bb0b9c9a29c5200cd2b48468
ce53728625ab396b659bff5841790017f22c857e475fe3f8d1af4bbe83e655bc
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d2b32e3ccaa605a631618f2407fe64e5d958d9f1b0cc6a9a3550dea7043ba2e7
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
d705c583adbdd3f894f85889ec1ee8ad58c6dec025201c81ab0e73a0cce23806
d75fe25d4bc0658608f27fab50d03a4cdd948cbfa97cf4e6c093410309874c9b
d8c52fe5bb662564ab7edf0abe01a2202dcc36eaa71ce6a465cd64210c4eb2c0
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e13547eec8879c9b576c2e06837303ad06ea15905d4eb075291ff21686a5b3da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5f731129769d3d12c938326014661a58073963517b40e42b2fa6dc85b32886c
e6478184fe5d7ab4f3bad23a1d02c3331f979cf4fa2a38eaf2ea6e53f54f391b
e702dad0ef7627203e9205122b46f86444d55d242b9c21d45f3fcc9a3b1c5cbc
e8afa10ead3b224b6b37146947e8b9d00ea7da22045c6b06d645fafa09c0c135
e91d9ad84ff4922e19cff4e5c4c44d537d4045abfe37a73431eaf8a68bcfe634
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
eb90e7e62356f01c39599caf410f7a3da61beabc98f984fe1c73cd54b64566f4
ece1e1ac21839e3b4b1b239f5442d90eba86b430211681a375f6e9e212ec88b7
ed3feedd3817486bdb2d8db80af4d1c788038564e3e544f80d49845fd917bfc9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efcf21ec442a44a02bccf28f46d0af24a9ff9a71487e515448ca29dc7017bf41
f3c87b6edeb05f36e4b924c7b9d4168d99e2f6e70394ac06984aee6325c590c6
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f920c7edaf3b1f00d7b5fdbbd4823adfb3c7823954867a0b119d04270394238d
fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb

reurl.cc Open in urlscan Pro 35.185.130.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

242 Requests

92 %HTTPS

48 %IPv6

44 Domains

69 Subdomains

58 IPs

11 Countries

5353 kBTransfer

10642 kBSize

41 Cookies

21 Outgoing links

Redirected requests

242 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Screenshot
Live screenshot

Full Image

242
Requests

92 %
HTTPS

48 %
IPv6

44
Domains

69
Subdomains

58
IPs

11
Countries

5353 kB
Transfer

10642 kB
Size

41
Cookies

242 HTTP transactions
9 data transactions