reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://reurl.cc/
Effective URL:
https://reurl.cc/main/tw
Submission: On August 15 via manual (August 15th 2022, 11:50:43 pm UTC) from LU — Scanned from DE

Summary HTTP 276 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 56 IPs in 9 countries across 47 domains to perform 276 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 240805.
TLS certificate: Issued by R3 on July 24th 2022. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 9	35.185.130.121 35.185.130.121	15169 (GOOGLE) (GOOGLE)
6	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.149.98.30 34.149.98.30	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1 1	2400:52e0:1e0... 2400:52e0:1e01::879:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
33	2600:9000:230... 2600:9000:2304:8400:0:e06c:e940:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	35.244.196.223 35.244.196.223	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
2	92.123.21.79 92.123.21.79	16625 (AKAMAI-AS) (AKAMAI-AS)
3 8	35.201.76.93 35.201.76.93	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f10... 2a03:2880:f107:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	2600:9000:21f... 2600:9000:21f3:fe00:3:1794:2540:93a1	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
4	34.95.67.231 34.95.67.231	15169 (GOOGLE) (GOOGLE)
33	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
1	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.227.202.26 35.227.202.26	15169 (GOOGLE) (GOOGLE)
4	13.115.155.88 13.115.155.88	16509 (AMAZON-02) (AMAZON-02)
4	103.132.192.30 103.132.192.30	138552 (RTBHOUSE-...) (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD.)
5 10	34.96.119.68 34.96.119.68	15169 (GOOGLE) (GOOGLE)
5 5	103.3.63.48 103.3.63.48	63949 (LINODE-AP...) (LINODE-AP Linode)
9	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
4	34.117.219.39 34.117.219.39	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3121::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.78.135 192.0.78.135	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:fc04	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.78.236 192.0.78.236	2635 (AUTOMATTIC) (AUTOMATTIC)
1	34.102.176.152 34.102.176.152	15169 (GOOGLE) (GOOGLE)
3 14	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	35.227.249.156 35.227.249.156	15169 (GOOGLE) (GOOGLE)
6	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	210.59.219.181 210.59.219.181	3462 (HINET Dat...) (HINET Data Communication Business Group)
4	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 4	162.210.196.208 162.210.196.208	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
6	2606:4700:20:... 2606:4700:20::ac43:47fe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	199.115.117.82 199.115.117.82	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
2 4	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
23	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:800::200a	() ()
2	2a00:1450:400... 2a00:1450:4001:809::2003	() ()
2	2a00:1450:400... 2a00:1450:4001:82b::2001	() ()
6	2a00:1450:400... 2a00:1450:4001:80f::2003	() ()
1 1	35.186.193.173 35.186.193.173	() ()
1 1	2a05:d018:d29... 2a05:d018:d29:3605:9ff9:d907:aaf7:c9c8	() ()
2 2	213.155.156.168 213.155.156.168	() ()
1	198.47.127.19 198.47.127.19	() ()
3 4	51.89.9.253 51.89.9.253	() ()
2 2	3.126.34.76 3.126.34.76	() ()
1	104.111.242.245 104.111.242.245	() ()
1	52.223.40.198 52.223.40.198	() ()
1	34.96.105.8 34.96.105.8	() ()
1 1	35.190.0.66 35.190.0.66	() ()
2 2	37.157.3.28 37.157.3.28	() ()
2 2	104.18.19.126 104.18.19.126	() ()
276	56

9 35.185.130.121 (Taipei, Taiwan) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 121.130.185.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.98.30 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 30.98.149.34.bc.googleusercontent.com

storage.reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e01::879:1 (Slovenia) 1 redirects

ASN200325 (BUNNYCDN, DE)

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2600:9000:2304:8400:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.196.223 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 223.196.244.35.bc.googleusercontent.com

storage.re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.123.21.79 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-21-79.deploy.static.akamaitechnologies.com

static-tagr.gd1.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.201.76.93 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 93.76.201.35.bc.googleusercontent.com

c.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f107:83:face:b00c:0:25de (Vienna, Austria)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:21f3:fe00:3:1794:2540:93a1 (United States)

ASN16509 (AMAZON-02, US)

adcdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.95.67.231 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 231.67.95.34.bc.googleusercontent.com

fcm.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.37 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.202.26 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 26.202.227.35.bc.googleusercontent.com

tw-gmtdmp.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.115.155.88 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-115-155-88.ap-northeast-1.compute.amazonaws.com

ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net

prebid-asia.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.96.119.68 (Kansas City, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 68.119.96.34.bc.googleusercontent.com

ad2.apx.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 103.3.63.48 (Singapore, Singapore) 5 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li819-48.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.117.219.39 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 39.219.117.34.bc.googleusercontent.com

fp.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::c (United States)

ASN13335 (CLOUDFLARENET, US)

img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.135 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

img.racingcharger.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:fc04 (United States)

ASN13335 (CLOUDFLARENET, US)

mma.prnasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.236 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

blog.alphaloan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.176.152 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 152.176.102.34.bc.googleusercontent.com

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.186.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.249.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.249.227.35.bc.googleusercontent.com

m.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 210.59.219.181 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)

prebid.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 162.210.196.208 (Laurel, United States) 2 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

ads.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::ac43:47fe (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.aralego.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.115.117.82 (Manassas, United States)

ASN30633 (LEASEWEB-USA-WDC, US)

sync.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::13 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2001 (None, )

ASN- ()

f5b36b99c98495222ecfb61007ab96d0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
61b3393bfb213cb5d670f3d0d95d5e71.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (None, ) 1 redirects

ASN- ()

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:9ff9:d907:aaf7:c9c8 (None, ) 1 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.168 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (None, )

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.89.9.253 (None, ) 3 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.34.76 (None, ) 2 redirects

ASN- ()

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.242.245 (None, )

ASN- ()

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (None, )

ASN- ()

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (None, ) 1 redirects

ASN- ()

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.28 (None, ) 2 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.19.126 (None, ) 2 redirects

ASN- ()

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	holmesmind.com 3 redirects cdn.holmesmind.com — Cisco Umbrella Rank: 117231 c.holmesmind.com — Cisco Umbrella Rank: 83671 adcdn.holmesmind.com — Cisco Umbrella Rank: 116066 fcm.holmesmind.com — Cisco Umbrella Rank: 126342 ad.holmesmind.com — Cisco Umbrella Rank: 76023 fp.holmesmind.com — Cisco Umbrella Rank: 114470 m.holmesmind.com — Cisco Umbrella Rank: 192849	204 KB
52	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 124 tpc.googlesyndication.com — Cisco Umbrella Rank: 160 f5b36b99c98495222ecfb61007ab96d0.safeframe.googlesyndication.com 61b3393bfb213cb5d670f3d0d95d5e71.safeframe.googlesyndication.com	833 KB
33	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 74025 01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net 09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net	26 KB
25	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 stats.g.doubleclick.net — Cisco Umbrella Rank: 118 cm.g.doubleclick.net — Cisco Umbrella Rank: 208 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 222	385 KB
15	appier.net 10 redirects ad2.apx.appier.net — Cisco Umbrella Rank: 32441 gocm.c.appier.net — Cisco Umbrella Rank: 2309	2 KB
12	google.com adservice.google.com — Cisco Umbrella Rank: 98 www.google.com — Cisco Umbrella Rank: 10	4 KB
10	criteo.com 2 redirects bidder.criteo.com — Cisco Umbrella Rank: 732 gum.criteo.com — Cisco Umbrella Rank: 401 mug.criteo.com — Cisco Umbrella Rank: 2755	16 KB
10	reurl.cc 2 redirects reurl.cc — Cisco Umbrella Rank: 240805 storage.reurl.cc	20 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com	120 KB
8	aralego.com 2 redirects ads.aralego.com — Cisco Umbrella Rank: 27894 sync.aralego.com — Cisco Umbrella Rank: 1897	4 KB
6	aralego.net cdn.aralego.net — Cisco Umbrella Rank: 4457	89 KB
6	criteo.net static.criteo.net — Cisco Umbrella Rank: 627	79 KB
6	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 423	127 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 8117 www.google.de — Cisco Umbrella Rank: 5596	2 KB
4	onetag-sys.com 3 redirects onetag-sys.com	1 KB
4	creativecdn.com prebid-asia.creativecdn.com — Cisco Umbrella Rank: 18093	680 B
3	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 862	749 B
3	mookie1.com static-tagr.gd1.mookie1.com — Cisco Umbrella Rank: 32606 tw-gmtdmp.mookie1.com — Cisco Umbrella Rank: 354863	3 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com	2 KB
2	adform.net 2 redirects c1.adform.net	1 KB
2	360yield.com 2 redirects match.360yield.com	794 B
2	de17a.com 2 redirects d5p.de17a.com	650 B
2	googletagservices.com www.googletagservices.com	86 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	scupio.com prebid.scupio.com — Cisco Umbrella Rank: 56370	186 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	9 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	34 KB
1	travelaudience.com 1 redirects ads.travelaudience.com	553 B
1	blismedia.com tr.blismedia.com	173 B
1	adsrvr.org match.adsrvr.org	265 B
1	teads.tv sync.teads.tv	172 B
1	pubmatic.com image6.pubmatic.com	166 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com	1 KB
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	613 B
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 4880	1 MB
1	alphaloan.co blog.alphaloan.co	149 KB
1	prnasia.com mma.prnasia.com — Cisco Umbrella Rank: 505673	98 KB
1	racingcharger.tw img.racingcharger.tw	257 KB
1	wp.com i0.wp.com — Cisco Umbrella Rank: 2878	386 KB
1	creditcards.com.tw creditcards.com.tw	29 KB
1	gbyhn.com.tw img.gbyhn.com.tw	124 KB
1	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 557	5 KB
1	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 238	664 B
1	re-news.tw storage.re-news.tw	6 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 231	5 KB
1	rawgit.com 1 redirects cdn.rawgit.com — Cisco Umbrella Rank: 9848	723 B
276	47

	Domain	Requested by
33	cdn.holmesmind.com	reurl.cc cdn.holmesmind.com ad.holmesmind.com
27	t.ssp.hinet.net	cdn.holmesmind.com t.ssp.hinet.net
27	pagead2.googlesyndication.com	reurl.cc pagead2.googlesyndication.com ads.aralego.com tpc.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net
23	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net
14	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
10	ad2.apx.appier.net	5 redirects reurl.cc
9	reurl.cc	2 redirects reurl.cc
8	www.google.com	reurl.cc tpc.googlesyndication.com googleads.g.doubleclick.net
8	c.holmesmind.com	3 redirects reurl.cc cdn.holmesmind.com
6	fonts.gstatic.com	fonts.googleapis.com
6	securepubads.g.doubleclick.net	cdn.aralego.net securepubads.g.doubleclick.net
6	cdn.aralego.net	reurl.cc ads.aralego.com
6	static.criteo.net	cdn.holmesmind.com reurl.cc static.criteo.net
6	cdn.jsdelivr.net	reurl.cc
5	gocm.c.appier.net	5 redirects
5	adcdn.holmesmind.com	cdn.holmesmind.com
4	onetag-sys.com	3 redirects
4	gum.criteo.com	2 redirects static.criteo.net
4	sync.aralego.com	ads.aralego.com
4	ads.aralego.com	2 redirects ads.aralego.com
4	bidder.criteo.com	static.criteo.net
4	fp.holmesmind.com	cdn.holmesmind.com
4	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	prebid-asia.creativecdn.com	cdn.holmesmind.com
4	ad.holmesmind.com	cdn.holmesmind.com
4	fcm.holmesmind.com	cdn.holmesmind.com
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com
3	09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net	reurl.cc t.ssp.hinet.net
3	01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net	reurl.cc t.ssp.hinet.net
3	partner.googleadservices.com	pagead2.googlesyndication.com
3	www.google-analytics.com	reurl.cc www.google-analytics.com
2	ssum-sec.casalemedia.com	2 redirects
2	c1.adform.net	2 redirects
2	match.360yield.com	2 redirects
2	d5p.de17a.com	2 redirects
2	www.gstatic.com	googleads.g.doubleclick.net
2	www.googletagservices.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	mug.criteo.com
2	prebid.scupio.com	cdn.holmesmind.com
2	m.holmesmind.com	cdn.holmesmind.com
2	www.facebook.com	reurl.cc
2	static-tagr.gd1.mookie1.com	cdn.holmesmind.com
2	connect.facebook.net	reurl.cc connect.facebook.net
1	ads.travelaudience.com	1 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	match.adsrvr.org	googleads.g.doubleclick.net
1	sync.teads.tv	googleads.g.doubleclick.net
1	image6.pubmatic.com	googleads.g.doubleclick.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	61b3393bfb213cb5d670f3d0d95d5e71.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	f5b36b99c98495222ecfb61007ab96d0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	static.wixstatic.com	reurl.cc
1	blog.alphaloan.co	reurl.cc
1	mma.prnasia.com	reurl.cc
1	img.racingcharger.tw	reurl.cc
1	i0.wp.com	reurl.cc
1	creditcards.com.tw	reurl.cc
1	img.gbyhn.com.tw	reurl.cc
1	www.google.de	reurl.cc
1	static.xx.fbcdn.net	www.facebook.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	tw-gmtdmp.mookie1.com	reurl.cc
1	ib.adnxs.com	static-tagr.gd1.mookie1.com
1	storage.re-news.tw	reurl.cc
1	cdnjs.cloudflare.com	reurl.cc
1	cdn.rawgit.com	1 redirects
1	storage.reurl.cc	reurl.cc
276	70

This site contains links to these domains. Also see Links.

Domain
imgus.cc
youtils.cc
re-news.tw
stockinfo.tw

Subject Issuer	Validity	Valid
reurl.cc R3	`2022-07-24` - `2022-10-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
storage.reurl.cc GTS CA 1D4	`2022-07-05` - `2022-10-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2022-05-19` - `2023-06-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-05-25` - `2022-08-23`	3 months	crt.sh
storage.re-news.tw GTS CA 1D4	`2022-06-30` - `2022-09-28`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
static-tagr.gd1.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-03` - `2022-12-01`	a year	crt.sh
*.ssp.hinet.net	`2021-10-12` - `2022-10-12`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.gbyhn.com.tw E1	`2022-08-04` - `2022-11-02`	3 months	crt.sh
tls.automattic.com R3	`2022-07-19` - `2022-10-17`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-11` - `2023-07-12`	a year	crt.sh
*.prnasia.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-08` - `2022-12-08`	a year	crt.sh
*.wixstatic.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-30` - `2022-10-27`	6 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.scupio.com Sectigo RSA Organization Validation Secure Server CA	`2021-10-13` - `2022-11-13`	a year	crt.sh
*.t.ssp.hinet.net	`2022-04-14` - `2023-04-14`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh
*.aralego.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-21` - `2022-11-20`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
teads.tv R3	`2022-06-01` - `2022-08-30`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2022-06-19` - `2022-09-17`	3 months	crt.sh

This page contains 49 frames:

Primary Page: https://reurl.cc/main/tw
Frame ID: CDB516AE3A0A19090DFD45F0722DD9A1
Requests: 50 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 911E3FD00D2EE86CF48206C05D1004DE
Requests: 5 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: F5E73DBA670D320157D203508733245D
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: F922490B2B2F393FB9566F99122B174C
Requests: 2 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 64AA068F9C8339B30AFB09375C2F252A
Requests: 5 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: B14292CD8D7D4755685E2D0EAC0FC226
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 61FBC9CEFA8C8E2DB9E4CBB4182E0CC5
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/zrt_lookup.html
Frame ID: 4A4E17BE964592880E982FFE14D654A9
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 1052523E1484F46AC481B81727B6EC3C
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 0CE4524D41AD446DB67F3EB6D6703C61
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3478333733575450&output=html&adk=1812271804&adf=3025194257&lmt=1660607438&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607438054&bpp=4&bdt=519&idt=254&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3050152607137&frm=20&pv=2&ga_vid=243599451.1660607438&ga_sid=1660607438&ga_hid=926668067&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068879%2C31068937&oid=2&pvsid=334760426695168&tmod=2081365238&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=272
Frame ID: 826B352D249AE1C18D66B3A2985BC3B6
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&CFFPCKUUID=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: 27E39A6FFCBE8050A422B854D52228D6
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&CFFPCKUUID=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: 4EEBB70DBD26BD7C12E3D546A52FA8B5
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/init.js
Frame ID: E2D893E4840F5E5BA14F4C67A2BFB8D6
Requests: 2 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/init.js
Frame ID: AF6538EA66B77CB7E53D4A9938DAE673
Requests: 2 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 6C48A1999389879A8685D47AB4492EDE
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: B9B8E0545999C802BC21685E0A5C8025
Requests: 22 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: A9A42FCAEFE94861B1ABDB4264ACA829
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 56AB72FED3779117A330EE8EADE172A2
Requests: 21 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: CB5C8110B7F51358459348289D8AC75F
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: DAEF0D7928E2CE3AA03D4B1DA59136F6
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&CFFPCKUUID=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: D3454337970DDE22865233EEC256EBF7
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&CFFPCKUUID=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: B677748CF616A62D48DF246B1BE62677
Requests: 1 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Frame ID: 3DEDFFE70ACC64ACF082944099395B22
Requests: 5 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Frame ID: 1AC039B92B4910306810FF2D6CF3EF02
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: FE7DF94B965C1C194F7675B6008DD934
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: AEF4A2D766C854FD5B171F3CE4D9738A
Requests: 7 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: B9C203417503E54A16DB323BF44F2D26
Requests: 2 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: F1920560AE09BC33E658D1DFD8A2F4C6
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441621&bpp=33&bdt=251&idt=216&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=2&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=197323875&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3075504910&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068486&oid=2&pvsid=1320284677444827&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xx2km3lwgo0a&fsb=1&dtd=239
Frame ID: A653DAE5B803B52CB36E0DD40283C01B
Requests: 15 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: 80DA2BA0B3D74F04474AA2FE1C62CD91
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123
Frame ID: C040FF5C944BAF12007769A3D290953F
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8082CEEC490F2FAFD0AE04A99E06D700
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 304590062E9A0562F64CC3D7DA713016
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: D373DF8AD34F7FEADD18D4F18908E839
Requests: 2 HTTP requests in this frame

Frame: https://f5b36b99c98495222ecfb61007ab96d0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Frame ID: B3922614EF1A1D22FA2E0BC4E5404FAC
Requests: 1 HTTP requests in this frame

Frame: https://61b3393bfb213cb5d670f3d0d95d5e71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Frame ID: 2290C8A73E1BEC6F680AB32EC588B6A8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 85981EBF0A9764CDDF920098BC425C5F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8D20C4CACA98F6AD7AE8D16761CDF132
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js
Frame ID: 21AE7A7951CCC26BC96E6C60B0126316
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js
Frame ID: 8B2CFCF329701D6D2D35B67567DA9A34
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C57AACD7B3A5D97807C1630B8CADA5A3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5918A98F96A19610A249B07D03D7C6E5
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A04660A844BE140846915113991625CC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7894348269A1AF5989A413AB2E3BABD3
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6471EBFCA69FEEC6349BD43A1A0BD425
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 89A2B3985E75C21005D9E132F41D96D0
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3D18CC6E6E76F5CCA32A667BCF6BDC81
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 502969DC334293E054D34C6CD035B8AA
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

縮短網址產生器 - reurl

Page URL History Show full URLs

http://reurl.cc/ HTTP 301
https://reurl.cc/ HTTP 302
https://reurl.cc/main/tw Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Axios (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

sweetalert2(?:\.all)?(?:\.min)?\.js
/npm/sweetalert2@([\d.]+)
sweetalert2@([\d.]+)/dist/sweetalert2(?:\.all)(?:\.min)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

276
Requests

90 %
HTTPS

42 %
IPv6

47
Domains

70
Subdomains

56
IPs

9
Countries

4328 kB
Transfer

7343 kB
Size

34
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://imgus.cc/
Title: 縮圖片

Search URL Search Domain Scan URL

URL: https://youtils.cc/yt-dlp/main/zh-hants
Title: 下載youtube

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: 什麼是utm?

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/41597

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/242267

Search URL Search Domain Scan URL

URL: https://re-news.tw/golike/5922

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/30598

Search URL Search Domain Scan URL

URL: https://re-news.tw/prnasia/3842454_XG42454_2

Search URL Search Domain Scan URL

URL: https://re-news.tw/alphaloan/24754

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/62ac3baf046fbcdeb316da93

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: 表情符號(emoji)

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: IP查詢

Search URL Search Domain Scan URL

URL: https://youtils.cc/big5gb
Title: 繁簡轉換

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QRCode

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: 身高/長度換算

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: 台股資訊網

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: 字數統計

Search URL Search Domain Scan URL

URL: https://youtils.cc/password/zh-Hants
Title: 密碼序號產生器

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: 日期計算機

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: 農曆轉國曆

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://reurl.cc/ HTTP 301
https://reurl.cc/ HTTP 302
https://reurl.cc/main/tw Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://cdn.rawgit.com/zenorocha/clipboard.js/v1.7.1/dist/clipboard.min.js HTTP 301
https://cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/clipboard.min.js

Request Chain 26

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 35

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 42

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 54

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

Request Chain 96

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined&google_gid=CAESEKZGMlVZnRAcylTydI_4HKw&google_cver=1

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined&google_gid=CAESEPTs7ys3eVUYW-DGOefSq1E&google_cver=1

Request Chain 118

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

Request Chain 120

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

Request Chain 123

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

Request Chain 124

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

Request Chain 153

https://ads.aralego.com/sdk HTTP 301
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

Request Chain 156

https://ads.aralego.com/sdk HTTP 301
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

Request Chain 182

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=gypDGHxLK2Jwa2ZoQmNGRWtha0ZUMUkxUXJRSTdnQy8zOHJKNnB3NFNVd0daalF3ODNaQVQ3bWxuenhwRjJOSGlQd2xTMWNMck1nZWlRYnoyR2lUbk8wbmhYWHlXQzBTOFJFY1FDSEluR0JtcUI4SVlHUUEvOUxwZm5jYnJzNHpqUzFYaGowLzFCWi91WnVyVXBKdCtCWGRJc1N5VUM2VGlrWFhLMVdCMzVFWGpGWEZSUlJrWGo2Mm9iZkhwZTJTekRKZ3lBRFJZQW1tSmRSdGJseVBUcGIvcHFteW9NWGNlTys4U2FUK2RJMGQ1bCtZdTkzOEdRTHVBdW5sYlJwY0thL2F2NHZpM3BIZmVzRk82MnRIdFNmUVlndz09fA&cppv=2

Request Chain 192

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=a5uMz190S1ZyRUd1V092TDdrblk4RnZMcWd3NzR1TXNGayUyRndsTmNrYVBqMEoydjQ3UnVnbVY5V2FiQkVteGNZZFRMMEVpRTA4VXdyeGl4b2RNMEpISzJoaXFRYkdDNURSbWNBS3BDalNleGp0cXR3ZHBpUGJabFRUbEg4Wkoxc2lrR1NYVHR1OCUyRlRVd3VsTmwySWZkbXl1eURnJTNEJTNE&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=-IZr9XxKc3JmRTNjbk5iUHkrYlBYMDRZT1pSdTNLMkRZN3hXM0FiM2QzTzhQSW44S2tOb0NEei9HNXNvQ2NSN1pXY0dmbmFrZEZ6QlRqMGNQR20zTkZqeElZSGxYTjhzMVY3ZXFYUThFZVBDRmFTUjg5S0VVM0xEbXVKQVR0VFBTaGVNRFRhRTFjYjNEcVdrVkR3UTV0dFVMaWE1Y2dQajNIZXlGNU5DYWpkQWNEZzVIc2FwNGIvaEozUmhZWDArOGM3eDQzWTJwU2dMTHVQeWp0cGd1eWx3MFAwVlpxMGV6U1FmODFhWUxZMzJQQ3NWQllJRm9HdDQvT2c5UjdGMUVjaW1jdHpCV1RFRVgrTWJpSUluRHRDd09KZz09fA&cppv=2

Request Chain 228

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEPbZPHhS6gEMh_2rzyxqpNU&google_cver=1&google_push=AehlK4DiKIzQ84aSSweFeFRGP3PzAXSmQsW-E9xkY_nZWOoxCIEcVJ_9Z5KPspeARGxmC5V7T4UcVQvwFPuaV_iKN7cIOHP5fvxhRA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4DiKIzQ84aSSweFeFRGP3PzAXSmQsW-E9xkY_nZWOoxCIEcVJ_9Z5KPspeARGxmC5V7T4UcVQvwFPuaV_iKN7cIOHP5fvxhRA&google_hm=IsvVbRCWSDiKjLAhrQkPKKk

Request Chain 229

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEILwA-h4_Nv7CTGyWzkLXZk&google_cver=1&google_push=AehlK4BVx1p0aVAQtBHRD2XZW7C6vzuvnXRq5y9Dclil8YQVYS3L2tVNc0umHWuyNBzLQzaPTEPMfmggEhEpCXYriFBur5r648th HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4BVx1p0aVAQtBHRD2XZW7C6vzuvnXRq5y9Dclil8YQVYS3L2tVNc0umHWuyNBzLQzaPTEPMfmggEhEpCXYriFBur5r648th&google_hm=MTA4NzYxNTE3NzA0MTEzMzI0MQ%3D%3D

Request Chain 230

https://d5p.de17a.com/cookies/google?google_gid=CAESENsXqvAnY5k34XDw5o374Hc&google_cver=1&google_push=AehlK4CCOJi5jpFzIaL0P2S2J6VDrM_1EmH1aNu8VQf49ScmuqGBX4zEn-OJqXBAFET0wnqDUqtVnHdndL4PMxPBbmz6jZw174wQ0w HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESENsXqvAnY5k34XDw5o374Hc&google_cver=1&google_push=AehlK4CCOJi5jpFzIaL0P2S2J6VDrM_1EmH1aNu8VQf49ScmuqGBX4zEn-OJqXBAFET0wnqDUqtVnHdndL4PMxPBbmz6jZw174wQ0w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AehlK4CCOJi5jpFzIaL0P2S2J6VDrM_1EmH1aNu8VQf49ScmuqGBX4zEn-OJqXBAFET0wnqDUqtVnHdndL4PMxPBbmz6jZw174wQ0w

Request Chain 232

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESENIIh6QMIsT1RSK3DJ9kdP4&google_cver=1&google_push=AehlK4BCYIsRcOGHDTygW650uCtLLp-3DvSLQyjEcrpPrOst0jS1JOOgmDo4Px4l7YVcypxZzFI7s59kwt_K5fq3GCeeue31yKPDlg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BCYIsRcOGHDTygW650uCtLLp-3DvSLQyjEcrpPrOst0jS1JOOgmDo4Px4l7YVcypxZzFI7s59kwt_K5fq3GCeeue31yKPDlg

Request Chain 233

https://match.360yield.com/match/ebda?google_gid=CAESEHRm4YSfulUYjJmBE0OD0P4&google_cver=1&google_push=AehlK4C0dX4pyRQoUWbnGVbi7HjNyxQb1Og1wxYJnEQ--zKEiAv5TIk7lDHCFsciFZoGVp-qHw2A0VfKDQFv9EZ_b_6895iYPpCJNw HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEHRm4YSfulUYjJmBE0OD0P4&google_cver=1&google_push=AehlK4C0dX4pyRQoUWbnGVbi7HjNyxQb1Og1wxYJnEQ--zKEiAv5TIk7lDHCFsciFZoGVp-qHw2A0VfKDQFv9EZ_b_6895iYPpCJNw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=d_pF4VqsSFGR0SurRlpYVA&google_push=AehlK4C0dX4pyRQoUWbnGVbi7HjNyxQb1Og1wxYJnEQ--zKEiAv5TIk7lDHCFsciFZoGVp-qHw2A0VfKDQFv9EZ_b_6895iYPpCJNw

Request Chain 242

https://ads.travelaudience.com/google_pixel?google_gid=CAESEAWYgWfNSO1sbXMx-w9ZR8c&google_cver=1&google_push=AehlK4DCgbKvqB6HcsFkkM6kdPJeiTvFoyoYLWwMhtf-Oor16VLSik13O3qJsBqkWtBxVf5ksmDlU2ynPZzUqO0bYxBxJRyZJNoi HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-Yrv-I9USEePhkKoVHgu8Q2&google_push=AehlK4DCgbKvqB6HcsFkkM6kdPJeiTvFoyoYLWwMhtf-Oor16VLSik13O3qJsBqkWtBxVf5ksmDlU2ynPZzUqO0bYxBxJRyZJNoi

Request Chain 243

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDoN_EKBx1g5T4FPlvxCu0Y&google_cver=1&google_push=AehlK4D_cpfrtFVKCBDIXLdbbIZDLRTVSnFQpiZJg_P4cWr0X_WggpP4QMwXFWi3WSnB9YFUsgXF4TqzXP1RcfyPBppClMtSU4U HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDoN_EKBx1g5T4FPlvxCu0Y&google_cver=1&google_push=AehlK4D_cpfrtFVKCBDIXLdbbIZDLRTVSnFQpiZJg_P4cWr0X_WggpP4QMwXFWi3WSnB9YFUsgXF4TqzXP1RcfyPBppClMtSU4U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzk4MzQ5NTgyNTUwMDMwMzEwNw&google_push=AehlK4D_cpfrtFVKCBDIXLdbbIZDLRTVSnFQpiZJg_P4cWr0X_WggpP4QMwXFWi3WSnB9YFUsgXF4TqzXP1RcfyPBppClMtSU4U

Request Chain 244

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELx9kyCKOOoSPGXNoZ2f0js&google_cver=1&google_push=AehlK4B9G2DCD3VFaFxP7F6yza8OIg-sO4iOzE63Wf_cuCl-Nw9OZ7KMtkDxSiCDQqA6QoDTH8rcQZL84nEgOvCW8XltPv7WJ3Vq HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELx9kyCKOOoSPGXNoZ2f0js&google_push=AehlK4B9G2DCD3VFaFxP7F6yza8OIg-sO4iOzE63Wf_cuCl-Nw9OZ7KMtkDxSiCDQqA6QoDTH8rcQZL84nEgOvCW8XltPv7WJ3Vq&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELx9kyCKOOoSPGXNoZ2f0js&google_hm=Yvrb1XDcFNIllsAeIA_fjAAAFA4AAAAB&google_nid=index&google_push=AehlK4B9G2DCD3VFaFxP7F6yza8OIg-sO4iOzE63Wf_cuCl-Nw9OZ7KMtkDxSiCDQqA6QoDTH8rcQZL84nEgOvCW8XltPv7WJ3Vq

Request Chain 245

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESENIIh6QMIsT1RSK3DJ9kdP4&google_cver=1&google_push=AehlK4Bj3Czr4BNY9zLsKeikIHfWd7JlmxUFdqbEp6re821w7SSgahlRpZyo45PDKKVJBG2DTp87S4mk8PPdpyVngwvDw9izZBye HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4Bj3Czr4BNY9zLsKeikIHfWd7JlmxUFdqbEp6re821w7SSgahlRpZyo45PDKKVJBG2DTp87S4mk8PPdpyVngwvDw9izZBye

Request Chain 246

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESENIIh6QMIsT1RSK3DJ9kdP4&google_cver=1&google_push=AehlK4CXGfL2evDmb1LD4eX3BWzAKanHZpDp6dasa1ohrKMrIbFekvrfYVP8WTM1twY3I5T5y43h5PtDj0b1KyGlBpAs2CuBOx_FJg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4CXGfL2evDmb1LD4eX3BWzAKanHZpDp6dasa1ohrKMrIbFekvrfYVP8WTM1twY3I5T5y43h5PtDj0b1KyGlBpAs2CuBOx_FJg HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

276 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request tw Show response
reurl.cc/main/
Redirect Chain

http://reurl.cc/
https://reurl.cc/
https://reurl.cc/main/tw

13 KB
5 KB

268ms
267ms

Document
text/html

35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 4c402c8d3474dbe1b2f8b99deab2fb2683c57bc0052b09723452e48baa4f00c1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 15 Aug 2022 23:50:40 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

Redirect headers

content-length: 31
content-type: text/html; charset=utf-8
date: Mon, 15 Aug 2022 23:50:39 GMT
location: /main/tw
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
24 KB 79ms
25ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4638951
x-jsd-version: 4.3.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19163-FRA, cache-iad-kiad7000030-IAD
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7GMsRFIHPKZ5V4L9UM04j2mmgwnfGxZrFZojf58XXpQPDdv4v1E20LC38C9DjTOxZlMTgGu1rfGXJfxeP%2FbHbs8EW8XRu%2FNZfjWUnLsyYeL5QvTPalNmdjh1wLBJAYeu%2F03JMagyPbovpexnq24%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 73b5d576a86cbbc2-FRA

GET
H2 200 style.css
storage.reurl.cc/stylesheets/rwd/ 3 KB
1 KB 110ms
15ms Stylesheet
text/css 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/stylesheets/rwd/style.css
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e54e601faee15c866fc80659f34bf9b78048d72901b77795bb0109d4fdabccf7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 18:06:21 GMT
via: 1.1 google
last-modified: Wed, 27 Jul 2022 09:47:30 GMT
age: 20659
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public,max-age=28800
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1091

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 170 KB
57 KB 163ms
60ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3478333733575450

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c96ec8b8d8550c40c2f859c4e87b59b1cc4f9409ac4b8025fa830df2035891d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Origin: https://reurl.cc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57425
x-xss-protection: 0
server: cafe
etag: 17693817077689528432
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 15 Aug 2022 23:50:40 GMT

GET
H2 200 pixel.js Show response
reurl.cc/javascripts/ 470 B
559 B 270ms
264ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: gzip
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"61100f5a-1d6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 15 Aug 2023 23:50:40 GMT

GET
H3

200

clipboard.min.js Show response
cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/
Redirect Chain

https://cdn.rawgit.com/zenorocha/clipboard.js/v1.7.1/dist/clipboard.min.js
https://cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/clipboard.min.js

11 KB
4 KB

23ms
23ms

Script
application/javascript

2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/clipboard.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12752800
x-jsd-version: 1.7.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19154-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2aa5-qeaI8MJlRinRJjDbMhGpT3WiLLY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EW%2F3QA2Jo3aghgybI29vu%2Ba8oZkCBUM4eV99inbAvVsNgFFIGXpcQhNkhki3A06%2BOiQm%2FLN%2BFFBtov2uvrWFQGzGyqb3Q%2BhCPnDhrlKSBaMFEuVz43esHes8kuPO5qbU21Uwe5Dc%2F6YV1pFXnYY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 73b5d579ace89259-FRA

Redirect headers

date: Mon, 15 Aug 2022 23:50:40 GMT
x-content-type-options: nosniff
cdn-edgestorageid: 879
age: 51863
access-control-expose-headers: *
x-cache: MISS, HIT
cdn-cachedat: 08/15/2022 23:50:40
cdn-pullzone: 201235
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443", h3-29=":443", h3-27=":443"
content-length: 113
server: BunnyCDN-AMS-879
x-served-by: cache-fra19121-FRA, cache-chi-kigq8000141-CHI
access-control-allow-origin: *
cdn-proxyver: 1.02
cdn-requestpullcode: 301
location: https://cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/clipboard.min.js
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
cdn-cache: EXPIRED
vary: Accept-Encoding
cache-control: public, max-age=2592000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 6fa471410328fba0886ea2f476549438
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 301
cdn-requestpullsuccess: True

GET
H2 200 axios.min.js Show response
cdnjs.cloudflare.com/ajax/libs/axios/0.19.0/ 13 KB
5 KB 60ms
21ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/axios/0.19.0/axios.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b52781951c70cc8a2ae2afdaac5d673c656c3be0f1c769fa6c1e9e4f5ed8d3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 9373897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4224
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:06:02 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d6a-3580"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=12bfsAsP%2FTiWz7Ym1X73nRSIPmNLrS82GmwNfKTAt4HBpbhcOM3we3RZHKEOGYdgXaW1rWR%2BtvGJaH0SzmVf9T9PT0Ea55R%2FBtryhg2CWT9tMbDWosaJQmY3W7HcTPTEQfsUjZrqifDPknJbOfWUntxa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 73b5d57848066939-FRA
expires: Sat, 05 Aug 2023 23:50:40 GMT

GET
H2 200 sweetalert2.all.min.js Show response
cdn.jsdelivr.net/npm/sweetalert2@9/dist/ 65 KB
18 KB 27ms
22ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/sweetalert2@9/dist/sweetalert2.all.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2950bc3fd628cb8a8c6b1367f664e31353a6ff9edd99c3f2831ce548610a05b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 13389
x-jsd-version: 9.17.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19134-FRA, cache-cdg20765-CDG
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"105f5-IoZ47xa2VqsB8s6EqlY9hdo2pRY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2FVe%2FQkxB31cUyeu5%2Ba%2Fa4OUki%2FrgTzhfDIMytRtpyNaFpW1IyGd1vPUM8XIJzP18h6MeDDYClu78t13Tw1wUSrQd7u9dqcFLZsKnut7kZZcCK9YFVkOuexzxWr58l%2BBKbBs0wQL7mJSxzZLHlU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 73b5d57819f9bbc2-FRA

GET
H2 200 FileSaver.js Show response
reurl.cc/javascripts/ 12 KB
4 KB 269ms
265ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/FileSaver.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f3481bf12191837d5e19d9526f18fd20fc88395a403c1a0b098eeef10a7f56ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: gzip
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"61100f5a-2fce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 15 Aug 2023 23:50:40 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 169 KB
56 KB 158ms
57ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f1dbdb976feb10513869e6e85d1a5a3f3cb29acc22f01c5d333da14c968ca9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57250
x-xss-protection: 0
server: cafe
etag: 2987452468480033405
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 15 Aug 2022 23:50:40 GMT

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/npm/jquery@3.4.1/dist/ 86 KB
32 KB 73ms
22ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery@3.4.1/dist/jquery.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12752894
x-jsd-version: 3.4.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19133-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"15851-iFI5JDUbrAtdVg/gxXgeJVbnaT0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BYFh2u5j6xQFCmsMBz49G%2FnGPmUsafniwKbSSQc%2FZ1DwLZmq0RPpUlDPOI3eNIYk7oKB7tmACEg%2BeM82dejDzush9H7dVP6snKE7Ss86dO58qqii02q0HnNSfSk4XnyNlxtj5L7T9yopI%2B%2BEms0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 73b5d576a86fbbc2-FRA

GET
H2 200 bootstrap.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/ 59 KB
16 KB 74ms
23ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12752478
x-jsd-version: 4.4.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19154-FRA, cache-hhn4068-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"ea6a-s8EWxl5vBTqqtF5WGaeOwAJxpQ8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=414NSHzmduPXDh48Dr08hAiSqEP2lXYYgd78NyWEa92WeCEXjCGhnHEeqkzzABQvAXYyQ5OFeQWf5wXx2UN2m7Pp78JcCxslEIEqmthp9kagMV3JGi7dpoFJdX3ARfA85l5jh%2BtUc6XiH5EIFLw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 73b5d576a871bbc2-FRA

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 84 KB
32 KB 86ms
37ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4636259
x-jsd-version: 2.5.16
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19132-FRA, cache-cdg20762-CDG
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yi4axoc8PFXVXAbPYJak3z3AO4SXKeZ1SNV7PpAtDQ50qKjR5J0NMvBZZAxVtT9RV%2FHqSIGEODGVB5asfe9SkcZDbOrhiMc2EVkhUikQplvwQ6jtiFjtD8N9eZCM7jL3rY1Z%2B4IpX3wmP9AewSo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 73b5d576a873bbc2-FRA

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ 6 KB
7 KB 33ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 28
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: Ci_Zx1xprthjBwqclNpQ5CEXOheoTjlEZG3tkLKs0YKxA-MRseZBZA==

GET
H2 200 vue-qrcode.min.js Show response
reurl.cc/javascripts/ 18 KB
7 KB 272ms
267ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/vue-qrcode.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 62a62225a4e6e5ea098b9ed6aa19c2149880cbd6d3e0314f2b875a32b1f8ce25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: gzip
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"61100f5a-470c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 15 Aug 2023 23:50:40 GMT

GET
H2 200 main.js Show response
reurl.cc/javascripts/ 5 KB
1 KB 272ms
268ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/main.js?v=7
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 00fc5eede87ce2644e673193b3ffce854cad06f548d8a6057acce9c0dbef3b2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: gzip
last-modified: Mon, 29 Nov 2021 04:36:28 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"61a458cc-12bf"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 15 Aug 2023 23:50:40 GMT

GET
H2 200 renews.js Show response
reurl.cc/javascripts/ 698 B
561 B 272ms
268ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 12e46b645dde5408be7fc6f4ce9647addac5d09c5f27dc8e3ffe9e07e6c9a935

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: gzip
last-modified: Thu, 05 May 2022 00:38:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62731c89-2ba"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 15 Aug 2023 23:50:40 GMT

GET
H2 200 ga2.js Show response
reurl.cc/javascripts/ 618 B
588 B 272ms
269ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/ga2.js?v=2
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 9c8c0ac19964706e18280f35973180a896d74c52c760c2d7047d6a94c1329a6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: gzip
last-modified: Thu, 24 Mar 2022 12:16:16 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"623c6110-26a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 15 Aug 2023 23:50:40 GMT

GET
H2 200 rwd_cap.js Show response
cdn.holmesmind.com/js/ 41 KB
41 KB 142ms
35ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rwd_cap.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 003c6c7476d2158d18f48473e7071c87f48e8e1cf957343020a148c97ba30482

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: BN9WwPCNLHdSgIvzd1_opxGo9OZ3hU5f
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Wed, 23 Mar 2022 02:02:46 GMT
server: AmazonS3
age: 40
etag: "8fdf120a4b0155367b0b2347946ccc01"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:29 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 41735
x-amz-cf-id: YUM9r3MeQ2ZxPPGJCDt11A577g_HX6t7WTyPHKqcKwBzIT54HaEVEA==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
27 KB 48ms
13ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/pixel.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4ff1b9b91db584b19d20b4d02af9ff7673add161ce3f9ceae9391b3a84fddab1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26515
x-xss-protection: 0
pragma: public
x-fb-debug: e8UYOfwYtnPLyIjiapE2UlRMJXj8UUseeFwcQCrJNvGh5mE9Vr7GogGKtofgSJH6uSnE+Dz2y3yB8adSx8tVTw==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Mon, 15 Aug 2022 23:50:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 feeds Show response
storage.re-news.tw/ 6 KB
6 KB 572ms
313ms XHR
text/html 35.244.196.223
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.re-news.tw/feeds
Requested by: Host: reurl.cc
URL: https://reurl.cc/javascripts/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.196.223 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 223.196.244.35.bc.googleusercontent.com
Software: / Express
Resource Hash: 16d937f75d10859023a9eb1aeecc46191718618c910add8f58dc522759aa8d21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
via: 1.1 google
etag: W/"1724-W2XWqrmu6OWIsjyYqJzgippNZmk"
x-powered-by: Express
vary: Origin
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5924

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 248ms
38ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/ga2.js?v=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 2920
date: Mon, 15 Aug 2022 23:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 16 Aug 2022 01:02:00 GMT

GET
H/1.1 200
OK tagr_lib_learn_tw_v3.js Show response
static-tagr.gd1.mookie1.com/s1/ 4 KB
1 KB 226ms
18ms Script
application/javascript 92.123.21.79
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tagr.gd1.mookie1.com/s1/tagr_lib_learn_tw_v3.js?tagid=V2_98222&id=ClickForce_Learn
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.21.79 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-21-79.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 10407b8212733e00354b330f4e4790764e6bc187a9d2b6b62b27aeb387bc268b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 23:50:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Jul 2016 05:38:37 GMT
Server: nginx
ETag: "57999a5d-1153"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1217

GET
H/1.1 200
OK checkSegmentsNFI.min.js Show response
static-tagr.gd1.mookie1.com/s1/sas/lh1/ 1 KB
843 B 225ms
17ms Script
application/javascript 92.123.21.79
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tagr.gd1.mookie1.com/s1/sas/lh1/checkSegmentsNFI.min.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.21.79 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-21-79.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: afc3261eac9e8f5606c513fa7c62f5add4200b8d171d1972f11abe2ec1a0ac41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 23:50:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2016 14:26:27 GMT
Server: nginx
ETag: "581b4913-428"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 552

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 911E 3 KB
3 KB 30ms
29ms Document
text/html 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cdb7b46cae42cd81431bbd6892f43d4f84508bf5fb2bde0ae32bc577ce26d275

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 27
content-length: 3040
content-type: text/html
date: Mon, 15 Aug 2022 23:50:30 GMT
etag: "1127744b801151c03a119650091819d4"
last-modified: Thu, 30 Jun 2022 11:31:53 GMT
server: AmazonS3
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
x-amz-cf-id: R_vwrM9mHY4G8rihnUkF4_v7qWKbk-oU6BZKVtboUhETC-tLVuE27A==
x-amz-cf-pop: VIE50-P1
x-amz-version-id: g5VVGnMBETOJxS05mTLHyDLw3VP4V67X
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ 662 B
1014 B 30ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 27
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 662
x-amz-cf-id: VaveLLbbuSV-CrPIqy6fetqDw4p_ldhDYsLPYVSpL5k-jHCZrAC8PQ==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame F5E7 6 KB
6 KB 30ms
29ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 43
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: 1GbLbUsqNaQmKgBlo1VdNeOm2cJoFtJ8J3Ntf2nszfmFiPjSQduHmA==

GET
H3

200

cm
c.holmesmind.com/
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
16 B

182ms
147ms

Image
text/html

35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Mon, 15 Aug 2022 23:50:41 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 200 page.php Show response
www.facebook.com/plugins/ Frame F922 15 KB
9 KB 201ms
137ms Document
text/html 2a03:2880:f107:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6dd2ae49f47c786f9bd5aef7e06797ada8024036efbfd3c83d5461ab6b5897ee

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Mon, 15 Aug 2022 23:50:41 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: lanRKU83NUx04edfEPli0MIrnZJ3tp9QSfUIXFkw/gigfUz56BvnjumHl63FRr+WZCsE80U1wGZwTigcXjuXxw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 64AA 3 KB
3 KB 28ms
28ms Document
text/html 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cdb7b46cae42cd81431bbd6892f43d4f84508bf5fb2bde0ae32bc577ce26d275

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 27
content-length: 3040
content-type: text/html
date: Mon, 15 Aug 2022 23:50:30 GMT
etag: "1127744b801151c03a119650091819d4"
last-modified: Thu, 30 Jun 2022 11:31:53 GMT
server: AmazonS3
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
x-amz-cf-id: k58V2KTjpjhtK4_O7I2HeiSALS6B4b-M3waiISFq-FZMwlWIHhSKRg==
x-amz-cf-pop: VIE50-P1
x-amz-version-id: g5VVGnMBETOJxS05mTLHyDLw3VP4V67X
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame B142 6 KB
6 KB 29ms
28ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 43
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: F7mglCDoOmarP7SWORoS4domvSQ03_QDxwNaxOSgBP4lHBycL9_EJA==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 61FB 6 KB
6 KB 29ms
28ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 43
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: JO8Nkk8GLGyTOS4Sy2o8lg_aEM0QdY72wJCTlZ8ygY4GlEjq_HlU7Q==

GET
H3 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 25 KB
7 KB 558ms
548ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.75&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0831b4a7fb0493e3a5b6b3c52e7776b3dd0bc4441f7b157e7c83029efa9a4611

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 91KjSMRQi7s2ToTDIvfCUJTMKLfj102lvqCUZ7xL5XYUI8Oyff6b8dVpe1O+BNthCur4WZvjsTdlYIMqQ3lnhA==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 15 Aug 2022 23:50:41 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1660607441379
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame F5E7 731 B
678 B 460ms
250ms Script
text/html 2600:9000:21f3:fe00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=12684
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:fe00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: c459ca0a26510a1a84a8fae1a943563c00834327312f399d5c47f7cddc1d7ebe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
x-amz-cf-pop: FRA2-C2
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-id: k_PdVDcJQ13l6Y9dmEoZfY8qi6ZxQSqLbhTBzqacpypa2k7TRF78Kg==
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/ 340 KB
120 KB 151ms
70ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3478333733575450&plah=reurl.cc&ama_t=adsense&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=300&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&easpi=true&asro=false&easai=true&bust=31068937

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

629ef7993a85e00d3b4d0c2ebfd68c6493d636cac0320ec4140eb6efaa238eb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122703
x-xss-protection: 0
server: cafe
etag: 12908825346060366156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 15 Aug 2022 23:50:40 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/ Frame 4A4E 10 KB
5 KB 131ms
48ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 06:27:55 GMT
etag: 8616628553774171045
expires: Mon, 29 Aug 2022 06:27:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

cm
c.holmesmind.com/ Frame 911E
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
16 B

180ms
148ms

Image
text/html

35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Mon, 15 Aug 2022 23:50:41 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 200 cm.php Show response
fcm.holmesmind.com/ Frame 1052 39 B
97 B 3215ms
3123ms Document
text/html 34.95.67.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 15 Aug 2022 23:50:44 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 911E 5 KB
2 KB 1268ms
199ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Tue, 16 Aug 2022 00:00:42 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame B142 536 B
630 B 102ms
12ms Script
text/html 2600:9000:21f3:fe00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13858
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:fe00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 051141599f128f399f2cd53514ee1c28ba9d269ce1b065ba81dcc4b11a5d3b02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:44:30 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 371
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: I8hLU9wplJ6tV_N6nF7cCWt9XirhY3ggoA4DdH0sLLVPuSJEnUo0CA==
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 61FB 606 B
647 B 111ms
21ms Script
text/html 2600:9000:21f3:fe00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13860
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:fe00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e830fb2cd84ed7cc6eb54b4f7b682ddc8bf7dfe2bc02c3662631f0ee9abda2b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:44:30 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 371
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: gZf5aCuMJbbkx8ywQfHTWeuUNtvMGeJke9n_jVnyVj1fNKQHn9Djjg==
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)

GET
H/1.1 200
OK jpt Show response
ib.adnxs.com/ 0
664 B 33ms
8ms Script
text/html 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/jpt?id=10761225&callback=window.xaxS.auctionResult&cb=9018732673

Requested by

Host: static-tagr.gd1.mookie1.com
URL: https://static-tagr.gd1.mookie1.com/s1/sas/lh1/checkSegmentsNFI.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 Aug 2022 23:50:41 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 49e50a5d-21b9-4a3b-a57e-0ff43a7d7dc1
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 learn
tw-gmtdmp.mookie1.com/t/v2/ 43 B
641 B 384ms
296ms Image
image/gif 35.227.202.26
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tw-gmtdmp.mookie1.com/t/v2/learn?tagid=V2_98222&src.domain=reurl.cc&src.url=%252Fmain%252Ftw&src.id=ClickForce_Learn&src.rand=1685363030
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.202.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.202.227.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:41 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

cm
c.holmesmind.com/ Frame 64AA
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
16 B

188ms
153ms

Image
text/html

35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Mon, 15 Aug 2022 23:50:41 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 200 cm.php Show response
fcm.holmesmind.com/ Frame 0CE4 39 B
191 B 186ms
131ms Document
text/html 34.95.67.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 15 Aug 2022 23:50:41 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 64AA 5 KB
2 KB 1231ms
201ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Tue, 16 Aug 2022 00:00:42 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 117ms
43ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=926668067&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ul=en-us&de=UTF-8&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=2012428751&gjid=446656948&cid=243599451.1660607438&tid=UA-102456694-1&_gid=676958447.1660607438&_r=1&_slc=1&z=1146535224

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 107ms
36ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=926668067&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ul=en-us&de=UTF-8&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=0&el=MTg1LjIxMy4xNTUuMTY5&ev=1&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=243599451.1660607438&tid=UA-102456694-1&_gid=676958447.1660607438&z=1143549451

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 12:01:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 42524
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame B142 2 KB
989 B 775ms
270ms Script
text/html 13.115.155.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13858&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=477&o=1&d=1&b=2&ts=1&ii=3&FPCK=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.115.155.88 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-115-155-88.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2724099f7ca2b2b251fd83b43b296e86f7c8a30559881377f682e05640a336fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 15 Aug 2022 23:50:41 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame B142 3 KB
3 KB 29ms
29ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 36
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: RoFe5ibRoJJNWQ7nodL7ouzYidz8fPxsfywF5I9fajIneWphzCkN_Q==

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 61FB 2 KB
1004 B 764ms
282ms Script
text/html 13.115.155.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13860&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=789&o=1&d=1&b=2&ts=1&ii=3&FPCK=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.115.155.88 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-115-155-88.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 60a19641a83ba847b9d020c73ca404cfc44d7c4d77f8b99125a14d35297fe9d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 15 Aug 2022 23:50:41 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 61FB 3 KB
3 KB 30ms
28ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 36
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: qsRu27Pmn-7Iu9N4LjBorNZTVQocRno94rprOIRrHLxbNjrqhQ5ZQg==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 61FB 3 KB
3 KB 31ms
29ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 36
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: 1TdAH4EKwcIr7mF85fzvVhrDIGdMEn6Q7p0WPqE-wSyzAl4bzGDFDA==

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame B142 0
170 B 562ms
175ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 15 Aug 2022 23:50:41 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 61FB 0
170 B 560ms
174ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 15 Aug 2022 23:50:41 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 61FB
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

2 B
19 B

342ms
313ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 212 B
643 B 146ms
38ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-3478333733575450

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3478333733575450&plah=reurl.cc&ama_t=adsense&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=300&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&easpi=true&asro=false&easai=true&bust=31068937

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

f17d8fa35bb5968b603fb66223c5e641ef33dc3f529cd709a7e2baa84715366f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 198
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 155ms
47ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 145ms
46ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&tn=NAV&cls=navbar%20navbar-expand-lg%20navbar-dark%20bg-reurl%20fixed-top%20nav-no-padding&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 826B 603 B
68 B 137ms
57ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3478333733575450&output=html&adk=1812271804&adf=3025194257&lmt=1660607438&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607438054&bpp=4&bdt=519&idt=254&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3050152607137&frm=20&pv=2&ga_vid=243599451.1660607438&ga_sid=1660607438&ga_hid=926668067&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068879%2C31068937&oid=2&pvsid=334760426695168&tmod=2081365238&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=272

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:41 GMT
expires: Mon, 15 Aug 2022 23:50:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
437 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102456694-1&cid=243599451.1660607438&jid=2012428751&gjid=446656948&_gid=676958447.1660607438&_u=IEBAAEAAAAAAAC~&z=891739824

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 15 Aug 2022 23:50:41 GMT
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 12EAx3ebdhA.css
static.xx.fbcdn.net/rsrc.php/v3/yQ/l/0,cross/ Frame F922 19 KB
5 KB 40ms
8ms Stylesheet
text/css 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yQ/l/0,cross/12EAx3ebdhA.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48424819328d17139058fd4e7da1e4b82ea497755ccbc6b15271aa8aaf209ff1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MwGfyg9Ts+p5cuPQesHljA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 4925
x-fb-rlafr: 0
x-fb-debug: ggDgUlLSJ1/R8JKvQPbWrDdTI0f9SaRJwSWKjoL7JQKoBO5C33kZt+ZrgmpxlC/81N1PjIvYld6tHep/uvEP1g==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Tue, 15 Aug 2023 15:42:42 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 134ms
51ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102456694-1&cid=243599451.1660607438&jid=2012428751&_u=IEBAAEAAAAAAAC~&z=917965618

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 135ms
50ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102456694-1&cid=243599451.1660607438&jid=2012428751&_u=IEBAAEAAAAAAAC~&z=917965618

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 landing.php Show response
fp.holmesmind.com/ Frame 27E3 0
82 B 410ms
309ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&CFFPCKUUID=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 15 Aug 2022 23:50:41 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame B142 5 KB
2 KB 1156ms
397ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Tue, 16 Aug 2022 00:00:42 GMT

GET
H2 200 landing.php Show response
fp.holmesmind.com/ Frame 4EEB 0
249 B 383ms
303ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&CFFPCKUUID=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 15 Aug 2022 23:50:41 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 61FB 5 KB
2 KB 940ms
202ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Tue, 16 Aug 2022 00:00:42 GMT

GET
H2 200 1660587062-a7985e576680ec0c42c119e1a24762e0-840x525.jpg
img.gbyhn.com.tw/2022/08/ 123 KB
124 KB 81ms
23ms Image
image/jpeg 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.gbyhn.com.tw/2022/08/1660587062-a7985e576680ec0c42c119e1a24762e0-840x525.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4785b3e19dd72ed32a05d872a4e3074ecdb34b83318029d8f102717bb1138fcc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13387
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 125702
last-modified: Mon, 15 Aug 2022 18:11:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6z128KotV75b2GCMaGh1S05x7IGWm%2B1x6%2B00i6RYelCitaAqGPKp22rU%2BTyBaQx4RtO0ayB%2BenbbQfeHYvO3NI8ovJj8Zu%2FaMIbVPBt5cKaxFVNvuWuVHYC0SteMinVMR0EEOWTbEMi38k7cCs%2FD"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 73b5d57cbb98bb9d-FRA
expires: Mon, 22 Aug 2022 18:13:51 GMT

GET
H2 200 %E6%A9%98%E5%AD%90%E6%94%AF%E4%BB%98%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4%E8%88%87%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2022/08/ 29 KB
29 KB 447ms
227ms Image
image/webp 192.0.78.135
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2022/08/%E6%A9%98%E5%AD%90%E6%94%AF%E4%BB%98%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4%E8%88%87%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg?crop=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.135 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

09babf07928b2e99779d5acbc1662ea6da63929691a32f05cd6ac65c0a36edcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
x-ac: 2.hhn _atomic_ams
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-length: 29256
x-nc: HIT bur 8
last-modified: Mon, 15 Aug 2022 08:48:46 GMT
server: nginx
etag: "9b4a11191d99cf69"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
expires: Wed, 14 Aug 2024 20:48:46 GMT

GET
H2 200 S__233168914.jpg
i0.wp.com/golike.tw/wp-content/uploads/2022/08/ 385 KB
386 KB 35ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/golike.tw/wp-content/uploads/2022/08/S__233168914.jpg?fit=2050%2C2046&ssl=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

3c0ef2cb368ce9c0214a1014aa148e97bf5b5f46b26a0a9a7670e0d443013fca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 15 Aug 2022 23:50:41 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Aug 2022 08:54:28 GMT
server: nginx
etag: "993b58c7062d3925"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://golike.tw/wp-content/uploads/2022/08/S__233168914.jpg>; rel="canonical"
content-length: 394008
expires: Wed, 14 Aug 2024 20:54:28 GMT

GET
H2 200 202208150736244.jpg
img.racingcharger.tw/wp-content/uploads/ 256 KB
257 KB 207ms
22ms Image
image/jpeg 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.racingcharger.tw/wp-content/uploads/202208150736244.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4994c3033d23ff48bd2d8bcfd8ca91595aaef14b7f5eb50937cdefef79a28190

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
cf-cache-status: HIT
last-modified: Mon, 15 Aug 2022 07:36:32 GMT
server: cloudflare
age: 18387
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rUmcJdmXwTROxeJiR1E%2BJCejoLPN94f8Vzb9qzqBUy25AB2lfI%2FlZighWTh7byViknpnZJrooCaXOPsbDn53gDbRAbc07sEacuM6OaRW5hrNvLiMyrrfRkx8cqELnzHOfYYnDdxZ67p5VzjjUV2ljqGDug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=28800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73b5d57d8a779a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 261971

GET
H2 200 KID_7974.jpg
mma.prnasia.com/media2/1876512/ 97 KB
98 KB 78ms
28ms Image
image/jpeg 2606:4700::6810:fc04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mma.prnasia.com/media2/1876512/KID_7974.jpg?p=medium600
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:fc04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f3e5252353efd1bbf142f82a581d1a08f838137a79db7937ae078fb315995b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
cf-cache-status: HIT
age: 74854
x-powered-by: ASP.NET
server-timing: intid;desc=5690a516803e1bb9
content-length: 99362
last-modified: Mon, 15 Aug 2022 03:03:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: *, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 15 Aug 2022 03:03:07 GMT
cache-control: public, max-age=1
accept-ranges: bytes
cf-ray: 73b5d57cbab99b4c-FRA
access-control-allow-headers: Content-Type
cf-bgj: h2pri

GET
H2 200 %E4%BA%8C%E6%89%8B%E4%B8%AD%E5%8F%A4%E8%BB%8A%E8%B2%B8%E5%88%A9%E7%8E%87%E5%A4%9A%E5%B0%91%E5%90%88%E7%90%86%EF%BC%9F-%E4%BF%A1%E8%B2%B8%E8%B2%B7%E8%BB%8A%E6%AF%94%E8%BB%8A%E8%B2%B8%E5%88%92%E7%AE%...
blog.alphaloan.co/wp-content/uploads/2022/08/ 148 KB
149 KB 224ms
160ms Image
image/jpeg 192.0.78.236
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alphaloan.co/wp-content/uploads/2022/08/%E4%BA%8C%E6%89%8B%E4%B8%AD%E5%8F%A4%E8%BB%8A%E8%B2%B8%E5%88%A9%E7%8E%87%E5%A4%9A%E5%B0%91%E5%90%88%E7%90%86%EF%BC%9F-%E4%BF%A1%E8%B2%B8%E8%B2%B7%E8%BB%8A%E6%AF%94%E8%BB%8A%E8%B2%B8%E5%88%92%E7%AE%97%EF%BC%81.jpg

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.236 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d8eda587c3186a20460581010a936a18f2c635a20eedb2860b51808f59a292b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Mon, 01 Aug 2022 09:07:46 GMT
server: nginx
etag: "62e797e2-25175"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 151925
expires: Mon, 22 Aug 2022 23:50:41 GMT

GET
H2 200 file.png
static.wixstatic.com/media/8d2acb_fdb46ac5354548829f23a46cc4d4a954~mv2.jpeg/v1/fit/w_1000,h_720,al_c,q_80/ 1 MB
1 MB 119ms
34ms Image
image/png 34.102.176.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wixstatic.com/media/8d2acb_fdb46ac5354548829f23a46cc4d4a954~mv2.jpeg/v1/fit/w_1000,h_720,al_c,q_80/file.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.176.152 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 152.176.102.34.bc.googleusercontent.com
Software: openresty/1.21.4.1 /
Resource Hash: 42176dd8bba6d2b3043429bc0f0401f069e2c8e3e2642fa3f2cfef58cad0071b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-spanid: 6633f5ec6cd397ca
via: 1.1 google
server: openresty/1.21.4.1
age: 264272
etag: ""
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
date: Fri, 12 Aug 2022 22:26:09 GMT
content-length: 1235774
x-traceid: 01ce89273cc7385b5327b9fb463f52cf
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
wix-tracer: 2DH5SVexEf0iAf4VecFZS1sSFWc
x-seen-by: image-manipulator-556498cf55-s7px4

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 40ms
17ms Image
image/gif 2a03:2880:f107:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&rl=&if=false&ts=1660607438575&sw=1600&sh=1200&v=2.9.75&r=stable&ec=0&o=28&fbp=fb.1.1660607438573.2003479998&it=1660607437996&coo=false&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Mon, 15 Aug 2022 23:50:41 GMT

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame B142 10 KB
10 KB 31ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13858&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=477&o=1&d=1&b=2&ts=1&ii=3&FPCK=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 2
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:40 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: c7Gks4q0fe5eUduY1fXOkuIlMDSfySV3eEJaf_OFv00OrQjuzVhGuQ==

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 61FB 10 KB
10 KB 30ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13860&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=789&o=1&d=1&b=2&ts=1&ii=3&FPCK=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 2
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:40 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: tclm2NREMJQJKfc6lfMJTtNEoAEO1VL5wHma5VTiaoCFlELgNbPz6Q==

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 911E 37 B
408 B 202ms
202ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

48b59c1d9eb5d213d2163e5fd45bcbabcfdfd1d76c3edf81758243e57367403b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 61FB 37 B
401 B 202ms
202ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

c884ba3ff93d69be7326b4052c8451657623a588d56f21f2651d18311826a867

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 64AA 37 B
408 B 203ms
203ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

6cbc0879ebbda19669ced4f6c9c786b854d02a99af710ab2fa8c25fde3f72ab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame B142 37 B
402 B 202ms
201ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

9b4c701932d0a7e05c00f9c57ec69d8ba37cbb0da6ecea799991c28910ad6321

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 911E 30 B
278 B 205ms
203ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=30aac12f-9616-4973-aa71-866bb0bee9f1

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 61FB 30 B
271 B 204ms
203ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=01d95dbc-63e0-4141-bc21-2ae570ca48dc

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 64AA 30 B
278 B 202ms
202ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=21d92b24-1fbd-44a9-9f03-080614a6112e

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame E2D8 6 KB
7 KB 29ms
28ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 30
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: G4c-qQvPAief-_ecQ2Z0FqnoPmCeUW9raOLr5a2n5x7uApZyii46SQ==

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame AF65 6 KB
7 KB 30ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 30
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: zcFHYtK7cLDFuLsTajgbP1c8duDtnZOGi543g9sQcwIS0dM1fDkPpw==

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 6C48 3 KB
3 KB 29ms
28ms Document
text/html 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cdb7b46cae42cd81431bbd6892f43d4f84508bf5fb2bde0ae32bc577ce26d275

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 29
content-length: 3040
content-type: text/html
date: Mon, 15 Aug 2022 23:50:30 GMT
etag: "1127744b801151c03a119650091819d4"
last-modified: Thu, 30 Jun 2022 11:31:53 GMT
server: AmazonS3
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
x-amz-cf-id: zOTczgu4zEQykixa2Da1WLf-PLX8au77CO00C6faAg9gK6BH0A-fBA==
x-amz-cf-pop: VIE50-P1
x-amz-version-id: g5VVGnMBETOJxS05mTLHyDLw3VP4V67X
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ Frame E2D8 662 B
1005 B 29ms
28ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 29
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 662
x-amz-cf-id: UIqtSaICZ6h1hrt_wbXPlzG2ePNC7BtfEWvgHTUa4UJRuozNjjFpXw==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame B9B8 6 KB
6 KB 30ms
29ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 45
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: iYWz_H0HMirL4PkrvUrmlODlGy6IiUZu2kXTMcz7r52UIppDY4J5KA==

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame A9A4 3 KB
3 KB 29ms
29ms Document
text/html 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cdb7b46cae42cd81431bbd6892f43d4f84508bf5fb2bde0ae32bc577ce26d275

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 29
content-length: 3040
content-type: text/html
date: Mon, 15 Aug 2022 23:50:30 GMT
etag: "1127744b801151c03a119650091819d4"
last-modified: Thu, 30 Jun 2022 11:31:53 GMT
server: AmazonS3
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
x-amz-cf-id: 72g6dhidIYjWix1nvOsNKncYU9tcRcuEd9_xp79iPmyCyXWhdyhmfQ==
x-amz-cf-pop: VIE50-P1
x-amz-version-id: g5VVGnMBETOJxS05mTLHyDLw3VP4V67X
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ Frame AF65 662 B
1004 B 29ms
28ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 29
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 662
x-amz-cf-id: 5y0GWVvkqu5T-Jv_TnahwZXiqus1RxoFFQPzQpYPYiUYmgLFctOi8g==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 56AB 6 KB
6 KB 29ms
28ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 45
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:30 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: Wsj9dA8VJiV0LfkgCiNlCfp8H51qDgwuaEmMFujKGwdtZ6viXFdAxg==

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame CB5C 95 B
103 B 200ms
132ms Document
text/html 34.95.67.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: b73e6cb22f3ae22bcbe36217e226c082f813a2a8a7961644093d849bcbd30294

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 86
content-type: text/html; charset=UTF-8
date: Mon, 15 Aug 2022 23:50:42 GMT
server: Apache/2.4.29 (Ubuntu)
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 6C48 5 KB
2 KB 203ms
200ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Tue, 16 Aug 2022 00:00:42 GMT

GET
H3 200 cm
c.holmesmind.com/ Frame 6C48 0
15 B 653ms
650ms Image
text/html 35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2

200

google
m.holmesmind.com/ml/ Frame 6C48
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined
https://m.holmesmind.com/ml/google?cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined&google_gid=CAESEKZGMlVZnRAcylTydI_4HKw&google_cver=1

0
465 B

385ms
289ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined&google_gid=CAESEKZGMlVZnRAcylTydI_4HKw&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
x-guploader-uploadid: ADPycdu_zEJyVHNQpuoHOe29z_Xt7p6MEaGhCzuIBjQ5f5QS1lFAsgRsxGiTdqPJeGc__7nQn17QuDaijxrYfF6iRRRUXg
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-generation: 1519198601160228
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
content-type: image/png
expires: Tue, 16 Aug 2022 00:50:42 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://m.holmesmind.com/ml/google?cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined&google_gid=CAESEKZGMlVZnRAcylTydI_4HKw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame B9B8 1 KB
747 B 22ms
22ms Script
text/html 2600:9000:21f3:fe00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13859
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:fe00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 02a11d118de5f3d9a7fda77638a07a33218aa18e1888cc0376889be1fdd8595e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:44:21 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 381
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: Psk-XR7-0MdnZW--unR4YTmO6qSY0AmovCusI8xjjm3CdjNcIh8Kpw==
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)

GET
H3 200 cm
c.holmesmind.com/ Frame A9A4 0
15 B 1076ms
1075ms Image
text/html 35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame DAEF 95 B
103 B 190ms
137ms Document
text/html 34.95.67.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: b73e6cb22f3ae22bcbe36217e226c082f813a2a8a7961644093d849bcbd30294

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 86
content-type: text/html; charset=UTF-8
date: Mon, 15 Aug 2022 23:50:42 GMT
server: Apache/2.4.29 (Ubuntu)
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame A9A4 5 KB
2 KB 201ms
199ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Tue, 16 Aug 2022 00:00:42 GMT

GET
H2

200

google
m.holmesmind.com/ml/ Frame A9A4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined
https://m.holmesmind.com/ml/google?cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined&google_gid=CAESEPTs7ys3eVUYW-DGOefSq1E&google_cver=1

0
138 B

354ms
299ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined&google_gid=CAESEPTs7ys3eVUYW-DGOefSq1E&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
x-guploader-uploadid: ADPycdv5di3YZDO9mntOaKA8p-NGuIjebv1DNcmQLLIBrpDhcIRT9rZ0wu70kU33Ghx49x0KJcaqm9PFYresFaZUPqULkg
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-generation: 1519198601160228
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
content-type: image/png
expires: Tue, 16 Aug 2022 00:50:42 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://m.holmesmind.com/ml/google?cf_uid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&uu_m=undefined&google_gid=CAESEPTs7ys3eVUYW-DGOefSq1E&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 56AB 1 KB
753 B 12ms
12ms Script
text/html 2600:9000:21f3:fe00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13861
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:fe00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 260a38fd6cc5ef58002f66b9a6efcd915c7a2035a626948e5003e5ddf727d9c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:44:21 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 381
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: F5py6GVrtFwFneuXtgFms6F5oMGjXapmOt3rI-hH8Sz_wQsWWVzYog==
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame B9B8 2 KB
1 KB 261ms
259ms Script
text/html 13.115.155.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13859&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=886&o=1&d=1&b=2&ts=1&ii=2&FPCK=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.115.155.88 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-115-155-88.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8c83655db4e28522876277d150a82f1bed8d015fbcc863f95a2f34980badab4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame B9B8 3 KB
3 KB 31ms
28ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 37
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: UOEKnobTmRwnZPzjOebok-J4WnapcHIzM22d6Vb1nizHZ5yCQXBr5A==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame B9B8 119 KB
39 KB 257ms
18ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

18da79f767f5a603e9b235ec78993380e8c00aaf1ec855049e8a79107e3013c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 12:51:26 GMT
server: nginx
etag: W/"62e91dce-1dc2b"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Aug 2022 23:50:42 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame B9B8 2 KB
3 KB 32ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 37
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: wt03baSDADZJOWLC6gdfInNijj0KT8d2BaHVs3Huz_u4lzGr1x5DMQ==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame B9B8 4 KB
5 KB 32ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
server: AmazonS3
age: 35
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 4530
x-amz-cf-id: 3wLJ1WTkIzpS7SuNqHPS10UcCuoV8ZOB4A6rnHX7bynquzibnmKxdQ==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame B9B8 3 KB
3 KB 31ms
29ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 37
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: S8_by2KFfpYPJfRgyOZo_wn2NR-lyUhKzBR-TWwATyPGWNCovjjUOA==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame B9B8 3 KB
3 KB 32ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d541f77dd45df41c827a1c2b2899696c336c7bb3a1a06422d66ca4f37454258e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 15 Oct 2021 07:41:44 GMT
server: AmazonS3
age: 37
etag: "adc35fd9401ac04bdb2a47c466e46174"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 2568
x-amz-cf-id: 3GER1A7zKznJdCJcxm1MGEkHFX4wehJT-yovIYGoaFDCaMf5zWzwmw==

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 56AB 2 KB
1 KB 283ms
281ms Script
text/html 13.115.155.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13861&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=772&o=1&d=1&b=2&ts=1&ii=2&FPCK=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.115.155.88 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-115-155-88.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1497525c2f78fefc5f4b3613ee563df0f16a866b65b89283b56e6a8f29bbb8fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 56AB 3 KB
3 KB 31ms
29ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 37
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: wufWnCbdR90LZZCbiXxVUrwuOjAASVKob7R8pObyam6KZPauuA52MQ==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 56AB 119 KB
39 KB 274ms
40ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

18da79f767f5a603e9b235ec78993380e8c00aaf1ec855049e8a79107e3013c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 12:51:26 GMT
server: nginx
etag: W/"62e91dce-1dc2b"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Aug 2022 23:50:42 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 56AB 2 KB
3 KB 31ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 37
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: 5dlhpNsc7gogaq_C8IuboTe3Edj8aU3ewm0eN8GYjDpY4W-ETwighQ==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame 56AB 4 KB
5 KB 33ms
32ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
server: AmazonS3
age: 35
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 4530
x-amz-cf-id: Uikvjb2W-8t98TDKhuAEEoloszmDAw6asHSTJcOXWHfoXRup9CY0xQ==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 56AB 3 KB
3 KB 34ms
33ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 37
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: 5zg9x3HiEUQ6ZjED6T0fipkQVpaXvEhquGOFX_0hz9sVLFLgZpJRiw==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame 56AB 3 KB
3 KB 34ms
33ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d541f77dd45df41c827a1c2b2899696c336c7bb3a1a06422d66ca4f37454258e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 15 Oct 2021 07:41:44 GMT
server: AmazonS3
age: 37
etag: "adc35fd9401ac04bdb2a47c466e46174"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:34 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 2568
x-amz-cf-id: F-undmYDwuK_QESDMWACVv52u_PhwW76EnyIA5Me-ULsiQeHdN7xWA==

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame B9B8 0
170 B 177ms
174ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 15 Aug 2022 23:50:42 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame B9B8
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

2 B
19 B

269ms
268ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame B9B8 0
159 B 622ms
210ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.35016934128655164
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://reurl.cc
cache-control: private
access-control-allow-credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame B9B8
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

2 B
19 B

290ms
273ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 56AB 0
170 B 177ms
174ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 15 Aug 2022 23:50:42 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 56AB 0
27 B 619ms
211ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.278702637288061
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://reurl.cc
cache-control: private
access-control-allow-credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 56AB
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

2 B
19 B

292ms
275ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 56AB
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg

2 B
19 B

277ms
276ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=VMgFT_fmCpiZLI4x0tv6Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame B142 30 B
271 B 204ms
203ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=01d95dbc-63e0-4141-bc21-2ae570ca48dc

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 61FB 0
187 B 207ms
205ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&mp=01d95dbc-63e0-4141-bc21-2ae570ca48dc

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net/ Frame 61FB 0
80 B 1222ms
197ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net/pixel?bd=01d95dbc-63e0-4141-bc21-2ae570ca48dc&t=50ef57

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H3 200 landing.php Show response
fp.holmesmind.com/ Frame D345 0
37 B 363ms
329ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&CFFPCKUUID=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 15 Aug 2022 23:50:42 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame B9B8 5 KB
2 KB 202ms
199ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Tue, 16 Aug 2022 00:00:42 GMT

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 6C48 36 B
408 B 203ms
201ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

eac9ebfa63429a33a1aaa9c8f7a6f07175b7b30318b271fc543c8c4c39809314

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H3 200 landing.php Show response
fp.holmesmind.com/ Frame B677 0
37 B 360ms
330ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&CFFPCKUUID=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 15 Aug 2022 23:50:42 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 56AB 5 KB
2 KB 200ms
199ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Tue, 16 Aug 2022 00:00:42 GMT

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame A9A4 36 B
408 B 202ms
201ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

eac9ebfa63429a33a1aaa9c8f7a6f07175b7b30318b271fc543c8c4c39809314

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame B9B8 10 KB
10 KB 30ms
30ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13859&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=886&o=1&d=1&b=2&ts=1&ii=2&FPCK=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 3
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:40 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: ws67dZLq1b82yyj8scKJWj3tJeVBQT4bB_HNfIpa9Nrc_RVsiyFX0w==

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame B9B8 0
210 B 55ms
15ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=126&profileId=184&cb=42589482051

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 56AB 10 KB
10 KB 30ms
29ms Script
application/javascript 2600:9000:2304:8400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13861&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=772&o=1&d=1&b=2&ts=1&ii=2&FPCK=8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:8400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 6e4fd2f7f4c55027ff6ee922bdafd3ae.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 3
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 15 Aug 2022 23:50:40 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: zDuk8_mlwKOsTgag3G3Olc5TGlwnBfs1U8f-M5Bgkw2IzzApKw7okg==

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 56AB 0
209 B 47ms
15ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=126&profileId=184&cb=61938804905

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 pixel
01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net/ Frame B142 0
79 B 1033ms
198ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net/pixel?bd=01d95dbc-63e0-4141-bc21-2ae570ca48dc&t=50ef57

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame B142 0
187 B 207ms
207ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&mp=01d95dbc-63e0-4141-bc21-2ae570ca48dc

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

POST
H2 204 events
bidder.criteo.com/csm/ Frame B9B8 0
209 B 15ms
15ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame B9B8 43 B
365 B 16ms
15ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Thu, 10 Aug 2023 23:50:42 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame B9B8 43 B
365 B 18ms
17ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Thu, 10 Aug 2023 23:50:42 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 56AB 43 B
365 B 20ms
19ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Thu, 10 Aug 2023 23:50:42 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 56AB 43 B
365 B 16ms
15ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Thu, 10 Aug 2023 23:50:42 GMT

POST
H2 204 events
bidder.criteo.com/csm/ Frame 56AB 0
209 B 15ms
15ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 15 Aug 2022 23:50:42 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame B9B8 36 B
401 B 203ms
202ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

eac9ebfa63429a33a1aaa9c8f7a6f07175b7b30318b271fc543c8c4c39809314

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 6C48 30 B
278 B 202ms
202ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=09ca7a62-cc7b-4c93-9b82-651979ed8d0c

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame A9A4 30 B
278 B 202ms
201ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=09ca7a62-cc7b-4c93-9b82-651979ed8d0c

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 6C48 0
194 B 206ms
205ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&mp=09ca7a62-cc7b-4c93-9b82-651979ed8d0c

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net/ Frame 6C48 0
79 B 1274ms
204ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net/pixel?bd=09ca7a62-cc7b-4c93-9b82-651979ed8d0c&t=cf

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 pixel
09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net/ Frame A9A4 0
79 B 1266ms
202ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net/pixel?bd=09ca7a62-cc7b-4c93-9b82-651979ed8d0c&t=cf

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame A9A4 0
194 B 204ms
204ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe&mp=09ca7a62-cc7b-4c93-9b82-651979ed8d0c

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2

200

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame 3DED
Redirect Chain

https://ads.aralego.com/sdk
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

42 KB
43 KB

62ms
22ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ae78cfe6ee6192120b022cb3c00d586542309c4b88076fe6f12c0f7ef65f015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 449
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43300
last-modified: Mon, 25 Jul 2022 08:33:49 GMT
server: cloudflare
etag: "62de556d-a924"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VqGep%2Fox24uxIJ5aizMCRwc6qAnoa%2FBKflTi5gQigd6aborngJ%2Fm4gYCjavpHLHLnbNz%2BWLar3pJ0ma5GPWsM2mMWIQkZbK82gmMqqgmu6HceEcEkYxFFGlW630rkzYq0JICTRnuVxvfbqsneg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 73b5d58e09b99226-FRA

Redirect headers

location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
connection: close
content-length: 0

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame B9B8 0
187 B 204ms
202ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&mp=09ca7a62-cc7b-4c93-9b82-651979ed8d0c

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net/ Frame B9B8 0
79 B 1067ms
200ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net/pixel?bd=09ca7a62-cc7b-4c93-9b82-651979ed8d0c&t=50ef57

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2

200

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame 1AC0
Redirect Chain

https://ads.aralego.com/sdk
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

42 KB
43 KB

55ms
20ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ae78cfe6ee6192120b022cb3c00d586542309c4b88076fe6f12c0f7ef65f015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 449
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43300
last-modified: Mon, 25 Jul 2022 08:33:49 GMT
server: cloudflare
etag: "62de556d-a924"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xHho75044ogtxee97X3eNRUGpb2dq15PnC6u0iSIfMIACL0S7idyXIzOL9kUP03TFP17G0XGyiagVPOBN6Ec5NFHLckc8njPbGQwRV4kvv17KT%2BD2o8tbKS1bzklc4r7%2BKR5Qm63Wtv41E%2B50w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 73b5d58e09ba9226-FRA

Redirect headers

location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
connection: close
content-length: 0

GET
H2 200 pixel
01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net/ Frame 56AB 0
79 B 438ms
198ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net/pixel?bd=01d95dbc-63e0-4141-bc21-2ae570ca48dc&t=50ef57

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 56AB 0
187 B 202ms
202ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw&mp=01d95dbc-63e0-4141-bc21-2ae570ca48dc

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:43 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H3 200 ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 1AC0 975 B
885 B 38ms
19ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3811
cf-polished: origSize=1191
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Mar 2018 07:19:46 GMT
server: cloudflare
etag: W/"5aab7012-4a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2muPd%2F%2BmvHZ0X8dMCXcX0Y%2F2dfd88bo%2FtOpH5zISa%2BUh3AGK48gAIwlO1m0UC9hK2wmdAF63H7RD7yJ5OLxHBEG7FVsjdnY0O8y3XT3m32bflx6PpgtEmezRaC%2F6E4Hl91MmJYdZBOvuVyh6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 73b5d58e5ba49b92-FRA
cf-bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame 1AC0 46 B
486 B 416ms
95ms XHR
text/html 199.115.117.82
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.115.117.82 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 5a37b6c5314987ecb3e0f8a85a4ae061c82017dcc3e4c922c5d62c54e8bf025e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 23:50:44 GMT
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
Connection: close
Content-Length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ Frame 1AC0 554 B
1 KB 154ms
153ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&adid=ad-BE7A8D43EB8B26491AD93B7AD2AB466&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.4478830853407614&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&ao=https%3A%2F%2Freurl.cc&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Laurel, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: cd42c2aaf9bb3ea7ad6ea15458266d65693e6b7d01e280f12bcdd1a7e0ce6133

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
x-width: 300
x-height: 250
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-expose-headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
x-adsource: PSA
x-adtype: html
connection: close
access-control-allow-credentials: true
content-length: 554
x-adstyle: banner

GET
H3 200 ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 3DED 975 B
843 B 28ms
21ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3811
cf-polished: origSize=1191
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Mar 2018 07:19:46 GMT
server: cloudflare
etag: W/"5aab7012-4a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1mD34fmxB37MSOukHymtI5rOGFKLAInqvhFJr6bdDCKl4IndjTzWP1fiCxnmZvfgoUnZPCpdoe%2BI3H9swXj6Xz38UqTa3G8K83cNTn0TBbjwx2tJAA7zebFzn5b%2F6wQtXtEuagnbvkYV6n49pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 73b5d58e5ba59b92-FRA
cf-bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame 3DED 46 B
486 B 416ms
103ms XHR
text/html 199.115.117.82
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.115.117.82 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 5a37b6c5314987ecb3e0f8a85a4ae061c82017dcc3e4c922c5d62c54e8bf025e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 23:50:44 GMT
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
Connection: close
Content-Length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ Frame 3DED 554 B
1 KB 334ms
147ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&adid=ad-E2B64EDA2E2EEE771779EE992A288D72&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.7900345830381732&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&ao=https%3A%2F%2Freurl.cc&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Laurel, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: a93f716cf27b006ca9b1cf4379be09a005335f365b3295659a07733c6c2127e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
x-width: 300
x-height: 250
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-expose-headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
x-adsource: PSA
x-adtype: html
connection: close
access-control-allow-credentials: true
content-length: 554
x-adstyle: banner

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame FE7D 123 KB
40 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: ads.aralego.com
URL: https://ads.aralego.com/sdk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

550bc832d3c69d0b539e5e64cd9e7de2eadb6cb83945f1c24ce631c87bfbe292

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40723
x-xss-protection: 0
server: cafe
etag: 15771810097053722779
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 15 Aug 2022 23:50:44 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208090101/ Frame FE7D 340 KB
120 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a227b9d209dd7d69749f18a3d2387e59391d8401b2c05e375541f9bf7ce8d928

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122753
x-xss-protection: 0
server: cafe
etag: 18121646324950683337
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 15 Aug 2022 23:50:44 GMT

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame AEF4 123 KB
40 KB 62ms
60ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: ads.aralego.com
URL: https://ads.aralego.com/sdk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cba02a7ea67c579f5a185c78bec1bdcd04602c0947342600707fe7474da647b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40724
x-xss-protection: 0
server: cafe
etag: 8026729659104570523
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 15 Aug 2022 23:50:44 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 139ms
53ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220811&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b7aad23f9376ccfc80a816d7c7f8fd29546bc6657501bcff9f509988febd752

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11119
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame B9C2 15 KB
6 KB 162ms
16ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:44 GMT
server-processing-duration-in-ticks: 2168
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame F192 714 B
845 B 25ms
19ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
age: 4897
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 73b5d5910e029b92-FRA
content-encoding: br
content-type: text/html
date: Mon, 15 Aug 2022 23:50:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 09 Feb 2022 05:59:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5rOZKRFC2d5Gpq8Fc0L96G05wfvL3%2BXJeMEUgJu0BR%2FZziHak1LrxNgzyOszMDylMp0d47IWR9GaIaL3AWOLwHnKlPdjtgznI%2Bif%2FQwhsl55yr%2BB8euDcJ4Bq4xk%2BF8rAI4fOdQKuf%2FzUxXVg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK idsync
sync.aralego.com/ Frame 1AC0 35 B
384 B 298ms
98ms Image
image/gif 199.115.117.82
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.115.117.82 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 23:50:44 GMT
Connection: close
Content-Length: 35
Content-Type: image/gif

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame FE7D 12 B
53 B 98ms
38ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame FE7D 107 B
122 B 125ms
47ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FE7D 107 B
122 B 117ms
44ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A653 76 KB
28 KB 313ms
313ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441621&bpp=33&bdt=251&idt=216&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=2&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=197323875&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3075504910&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068486&oid=2&pvsid=1320284677444827&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xx2km3lwgo0a&fsb=1&dtd=239

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b86e503d9b38292b80b0c0460e9a6dd9350a7727d0d9852dcebc9f9b2bb83357

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 28327
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame 80DA 714 B
844 B 19ms
19ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
age: 4897
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 73b5d5915e439b92-FRA
content-encoding: br
content-type: text/html
date: Mon, 15 Aug 2022 23:50:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 09 Feb 2022 05:59:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WktH%2FZDtPqZXZZ2MQpG%2B6VUv89wiBKnWUCMApIWJ%2B9F1IV%2B2AHraTc%2BzkczjfOCxQAR1NcPlIwD4EjN91DAPTbth9KYdIvSTEIXo0WMElUsDyqiTw7CsiUkmf2tBsNon19ecgUg%2BP5hVUcV6qw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK idsync
sync.aralego.com/ Frame 3DED 35 B
384 B 292ms
98ms Image
image/gif 199.115.117.82
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.115.117.82 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 23:50:44 GMT
Connection: close
Content-Length: 35
Content-Type: image/gif

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208090101/ Frame AEF4 340 KB
120 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08d8b725d50bbcea8a605583672ebf4ac94a4e4da017d1adb82f9eee12e45694

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122753
x-xss-protection: 0
server: cafe
etag: 2709702859982605642
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 15 Aug 2022 23:50:44 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame F192 83 KB
29 KB 105ms
38ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

a65e12985d44f14398aa11d74fac822e2dd0318b5a02aaf3bf914756d653e98d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28619
x-xss-protection: 0
server: sffe
etag: "1305 / 689 of 1000 / last-modified: 1660601245"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 15 Aug 2022 23:50:44 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 80DA 83 KB
28 KB 127ms
66ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

a65e12985d44f14398aa11d74fac822e2dd0318b5a02aaf3bf914756d653e98d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28619
x-xss-protection: 0
server: sffe
etag: "1305 / 398 of 1000 / last-modified: 1660601245"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 15 Aug 2022 23:50:44 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 146ms
53ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 23:50:44 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame B9C2
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=gypDGHxLK2Jwa2ZoQmNGRWtha0ZUMUkxUXJRSTdnQy8zOHJKNnB3NFNVd0daalF3ODNaQVQ3bWxuenhwRjJOSGlQd2xTMWNMck1nZWlRYnoyR2lUbk8wbmhYWHlXQzBTOFJFY1FDSEluR0JtcUI4SVlHUUEvOUxwZm5jYn...

419 B
624 B

79ms
17ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=gypDGHxLK2Jwa2ZoQmNGRWtha0ZUMUkxUXJRSTdnQy8zOHJKNnB3NFNVd0daalF3ODNaQVQ3bWxuenhwRjJOSGlQd2xTMWNMck1nZWlRYnoyR2lUbk8wbmhYWHlXQzBTOFJFY1FDSEluR0JtcUI4SVlHUUEvOUxwZm5jYnJzNHpqUzFYaGowLzFCWi91WnVyVXBKdCtCWGRJc1N5VUM2VGlrWFhLMVdCMzVFWGpGWEZSUlJrWGo2Mm9iZkhwZTJTekRKZ3lBRFJZQW1tSmRSdGJseVBUcGIvcHFteW9NWGNlTys4U2FUK2RJMGQ1bCtZdTkzOEdRTHVBdW5sYlJwY0thL2F2NHZpM3BIZmVzRk82MnRIdFNmUVlndz09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

119c991def30cefc8407a1f08f92efda9e9fa3f98185ccb612ca75f682537273

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4687
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:44 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://mug.criteo.com/sid?cpp=gypDGHxLK2Jwa2ZoQmNGRWtha0ZUMUkxUXJRSTdnQy8zOHJKNnB3NFNVd0daalF3ODNaQVQ3bWxuenhwRjJOSGlQd2xTMWNMck1nZWlRYnoyR2lUbk8wbmhYWHlXQzBTOFJFY1FDSEluR0JtcUI4SVlHUUEvOUxwZm5jYnJzNHpqUzFYaGowLzFCWi91WnVyVXBKdCtCWGRJc1N5VUM2VGlrWFhLMVdCMzVFWGpGWEZSUlJrWGo2Mm9iZkhwZTJTekRKZ3lBRFJZQW1tSmRSdGJseVBUcGIvcHFteW9NWGNlTys4U2FUK2RJMGQ1bCtZdTkzOEdRTHVBdW5sYlJwY0thL2F2NHZpM3BIZmVzRk82MnRIdFNmUVlndz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 327224
content-length: 0
expires: 0

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame AEF4 12 B
53 B 37ms
37ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame AEF4 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AEF4 107 B
122 B 47ms
47ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C040 76 KB
27 KB 285ms
285ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50f98794153a6544b5bd9faa7f39bcdf20af127284ca37d5e1ee49b6334fdc4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 27876
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_2022081101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame F192 388 KB
132 KB 94ms
30ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 20:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12326
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135472
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 08:35:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 15 Aug 2023 20:25:18 GMT

GET
H3 200 pubads_impl_2022081101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 80DA 388 KB
132 KB 87ms
33ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 20:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12326
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135472
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 08:35:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 15 Aug 2023 20:25:18 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8082 13 KB
5 KB 121ms
39ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 11073
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 20:46:11 GMT
expires: Tue, 15 Aug 2023 20:46:11 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3045 783 B
534 B 131ms
48ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7bbd8fdc5625a8467b90ee3cc36a46f5093bbf73cd8547bc8831c30ec6619afa

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6MsKbChtz0qT1bCgVTOrlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-6MsKbChtz0qT1bCgVTOrlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:44 GMT
expires: Mon, 15 Aug 2022 23:50:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame D373 15 KB
6 KB 23ms
23ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:44 GMT
server-processing-duration-in-ticks: 4231
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame D373
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=a5uMz190S1ZyRUd1V092TDdrblk4RnZMcWd3NzR1TXNGayUyRndsTmNrYVBqMEoydjQ3UnVnbVY5V2FiQk...
https://mug.criteo.com/sid?cpp=-IZr9XxKc3JmRTNjbk5iUHkrYlBYMDRZT1pSdTNLMkRZN3hXM0FiM2QzTzhQSW44S2tOb0NEei9HNXNvQ2NSN1pXY0dmbmFrZEZ6QlRqMGNQR20zTkZqeElZSGxYTjhzMVY3ZXFYUThFZVBDRmFTUjg5S0VVM0xEbXVKQV...

422 B
626 B

17ms
17ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=-IZr9XxKc3JmRTNjbk5iUHkrYlBYMDRZT1pSdTNLMkRZN3hXM0FiM2QzTzhQSW44S2tOb0NEei9HNXNvQ2NSN1pXY0dmbmFrZEZ6QlRqMGNQR20zTkZqeElZSGxYTjhzMVY3ZXFYUThFZVBDRmFTUjg5S0VVM0xEbXVKQVR0VFBTaGVNRFRhRTFjYjNEcVdrVkR3UTV0dFVMaWE1Y2dQajNIZXlGNU5DYWpkQWNEZzVIc2FwNGIvaEozUmhZWDArOGM3eDQzWTJwU2dMTHVQeWp0cGd1eWx3MFAwVlpxMGV6U1FmODFhWUxZMzJQQ3NWQllJRm9HdDQvT2c5UjdGMUVjaW1jdHpCV1RFRVgrTWJpSUluRHRDd09KZz09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

a5e098b17b5c8c98518108f839142155ba668a1b67f70ada021e909dfa147fcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:44 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3500
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:44 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=-IZr9XxKc3JmRTNjbk5iUHkrYlBYMDRZT1pSdTNLMkRZN3hXM0FiM2QzTzhQSW44S2tOb0NEei9HNXNvQ2NSN1pXY0dmbmFrZEZ6QlRqMGNQR20zTkZqeElZSGxYTjhzMVY3ZXFYUThFZVBDRmFTUjg5S0VVM0xEbXVKQVR0VFBTaGVNRFRhRTFjYjNEcVdrVkR3UTV0dFVMaWE1Y2dQajNIZXlGNU5DYWpkQWNEZzVIc2FwNGIvaEozUmhZWDArOGM3eDQzWTJwU2dMTHVQeWp0cGd1eWx3MFAwVlpxMGV6U1FmODFhWUxZMzJQQ3NWQllJRm9HdDQvT2c5UjdGMUVjaW1jdHpCV1RFRVgrTWJpSUluRHRDd09KZz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1657
content-length: 541
expires: 0

GET
H2 200 css
fonts.googleapis.com/ Frame A653 6 KB
1 KB 126ms
46ms Stylesheet
text/css 2a00:1450:4001:800::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441621&bpp=33&bdt=251&idt=216&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=2&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=197323875&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3075504910&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068486&oid=2&pvsid=1320284677444827&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xx2km3lwgo0a&fsb=1&dtd=239

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 23:12:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 15 Aug 2022 23:50:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 Aug 2022 23:50:45 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame A653 2 KB
902 B 39ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:43:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 23:43:51 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/ Frame A653 23 KB
9 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 22:47:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3774
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 22:47:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame A653 3 KB
1 KB 55ms
52ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:19:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1889
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 23:19:16 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A653 140 KB
43 KB 60ms
47ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 23:50:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame A653 17 KB
7 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:13:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 23:13:45 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A653 0
0 51ms
49ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT0ARRYg-IuyZy9we730j94Dwzl9DNiFWhapG_RPyLtI1J5cLR_gMf5WDBo4I697q_eDsgHjcPoZvHw3TaQ60pGI-pdVg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441621&bpp=33&bdt=251&idt=216&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=2&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=197323875&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3075504910&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068486&oid=2&pvsid=1320284677444827&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xx2km3lwgo0a&fsb=1&dtd=239
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 8b4497fa63e027c9bb788e6248932fc0.js Show response
www.gstatic.com/mysidia/ Frame A653 32 KB
14 KB 128ms
38ms Script
text/javascript 2a00:1450:4001:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8b4497fa63e027c9bb788e6248932fc0.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d151abaa7946d205cc769fd84d0acaeec4b759872dc714b237435f10ece11d35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 13 Aug 2022 11:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13370
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 05:50:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 11 Nov 2022 11:35:36 GMT

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/11646388840173144917/ Frame A653 14 KB
14 KB 46ms
46ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11646388840173144917/2076313506083323656

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71a5e32f50db9d5bb475d3baec615cc4d3ffdc053419ce7e6908b38eb7483651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 22:16:29 GMT
x-content-type-options: nosniff
age: 524056
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14000
x-xss-protection: 0
last-modified: Tue, 26 Jul 2022 08:32:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 09 Aug 2023 22:16:29 GMT

GET
DATA 200
OK truncated
/ Frame A653 219 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa8094938bd2817f2ec8f327fa09fe7d6ea5fe5f4b49973482ec3fdb9a01af69

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3045 0
0 74ms
73ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220811&jk=334760426695168&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 8082 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 09:25:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 09:25:06 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 80DA 492 B
263 B 64ms
64ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3955519017605310&correlator=1298861077361750&eid=31060438%2C31068927%2C31064019&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=64515409&sfv=1-0-38&fsapi=false&sc=1&cdm=cdn.aralego.net&abxe=1&dt=1660607442282&lmt=1644386353&dlt=1660607441891&idt=366&adxs=-12245933&adys=-12245933&biw=-12245933&bih=-12245933&scr_x=-12245933&scr_y=-12245933&ucis=9uw9bljpymu1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=5&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Freurl.cc%2F&top=https%3A%2F%2Freurl.cc%2F&frm=8&vis=1&psz=0x0&msz=0x-1&fws=256&ohw=0&ea=0&ga_vid=669436547.1660607442&ga_sid=1660607442&ga_hid=1806402484&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

37847ab906bcc6d7a50b7846796f850214db92ed849b114f7fc62947c51172c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f5b36b99c98495222ecfb61007ab96d0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B392 6 KB
4 KB 194ms
47ms Document
text/html 2a00:1450:4001:82b::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://f5b36b99c98495222ecfb61007ab96d0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:45 GMT
expires: Tue, 15 Aug 2023 23:50:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame F192 107 B
122 B 48ms
48ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame F192 107 B
122 B 45ms
44ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame F192 492 B
263 B 70ms
69ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1983524247231530&correlator=3782388497540295&eid=31064225%2C31061690&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=64515409&sfv=1-0-38&fsapi=false&sc=1&cdm=cdn.aralego.net&abxe=1&dt=1660607442312&lmt=1644386353&dlt=1660607441884&idt=411&adxs=-12245933&adys=-12245933&biw=-12245933&bih=-12245933&scr_x=-12245933&scr_y=-12245933&ucis=9p74crlagywz&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=5&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Freurl.cc%2F&top=https%3A%2F%2Freurl.cc%2F&frm=8&vis=1&psz=0x0&msz=0x-1&fws=256&ohw=0&ea=0&ga_vid=56194527.1660607442&ga_sid=1660607442&ga_hid=1887515612&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

0d389ecd4d9afbd7da7c513735767af9649a74f033574752a5707bfd2ac20ad0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
61b3393bfb213cb5d670f3d0d95d5e71.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2290 6 KB
4 KB 194ms
44ms Document
text/html 2a00:1450:4001:82b::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://61b3393bfb213cb5d670f3d0d95d5e71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:45 GMT
expires: Tue, 15 Aug 2023 23:50:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8598 1 KB
749 B 39ms
38ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23391
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 17:20:54 GMT
etag: 48472445140208031
expires: Tue, 16 Aug 2022 17:20:54 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame C040 6 KB
672 B 126ms
49ms Stylesheet
text/css 2a00:1450:4001:800::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 23:12:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 15 Aug 2022 23:50:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 Aug 2022 23:50:45 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame C040 2 KB
902 B 42ms
42ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:43:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 23:43:51 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/ Frame C040 23 KB
9 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 22:47:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3774
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 22:47:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame C040 3 KB
1 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:19:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1889
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 23:19:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C040 140 KB
43 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 23:50:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame C040 17 KB
7 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:13:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 23:13:45 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C040 0
0 49ms
48ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQupnyVQ65xct9S9px9ppKlbU9q1yWX-xHOctr0yYOpMRS53KakSWVdV9jl1t009VnBks9agZfh2GA6Z_Q5yEr8742A9Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 8b4497fa63e027c9bb788e6248932fc0.js Show response
www.gstatic.com/mysidia/ Frame C040 32 KB
13 KB 118ms
40ms Script
text/javascript 2a00:1450:4001:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8b4497fa63e027c9bb788e6248932fc0.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d151abaa7946d205cc769fd84d0acaeec4b759872dc714b237435f10ece11d35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 13 Aug 2022 11:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13370
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 05:50:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 11 Nov 2022 11:35:36 GMT

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/11646388840173144917/ Frame C040 14 KB
14 KB 39ms
39ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11646388840173144917/2076313506083323656

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71a5e32f50db9d5bb475d3baec615cc4d3ffdc053419ce7e6908b38eb7483651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 22:16:29 GMT
x-content-type-options: nosniff
age: 524056
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14000
x-xss-protection: 0
last-modified: Tue, 26 Jul 2022 08:32:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 09 Aug 2023 22:16:29 GMT

GET
DATA 200
OK truncated
/ Frame C040 219 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa8094938bd2817f2ec8f327fa09fe7d6ea5fe5f4b49973482ec3fdb9a01af69

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A653 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a907e4129c3d18636ac052d3554dbdbb6388d65e9a6dda8684c137ef0c9b53cd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A653 15 KB
16 KB 122ms
35ms Font
font/woff2 2a00:1450:4001:80f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 402534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Aug 2023 08:01:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A653 15 KB
16 KB 130ms
47ms Font
font/woff2 2a00:1450:4001:80f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 152464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 14 Aug 2023 05:29:41 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A653 15 KB
15 KB 192ms
115ms Font
font/woff2 2a00:1450:4001:80f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 11:47:17 GMT
x-content-type-options: nosniff
age: 43408
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 11:47:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8D20 1 KB
749 B 42ms
40ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23391
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 17:20:54 GMT
etag: 48472445140208031
expires: Tue, 16 Aug 2022 17:20:54 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C040 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1db34fa0f832b9318d061eead486619536dba1c49a2419da00b6a8d8666611de

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8598
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEPbZPHhS6gEMh_2rzyxqpNU&google_cver=1&google_push=AehlK4DiKIzQ84aSSweFeFRGP3PzAXSmQsW-E9xkY_nZWOoxCIEcVJ_9Z5KPspeARGxmC5V7T4UcVQvwFPu...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4DiKIzQ84aSSweFeFRGP3PzAXSmQsW-E9xkY_nZWOoxCIEcVJ_9Z5KPspeARGxmC5V7T4UcVQvwFPuaV_iKN7cIOHP5fvxhRA&google_hm=IsvVbRCWSDiKjLAhrQ...

170 B
188 B

82ms
82ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4DiKIzQ84aSSweFeFRGP3PzAXSmQsW-E9xkY_nZWOoxCIEcVJ_9Z5KPspeARGxmC5V7T4UcVQvwFPuaV_iKN7cIOHP5fvxhRA&google_hm=IsvVbRCWSDiKjLAhrQkPKKk

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4DiKIzQ84aSSweFeFRGP3PzAXSmQsW-E9xkY_nZWOoxCIEcVJ_9Z5KPspeARGxmC5V7T4UcVQvwFPuaV_iKN7cIOHP5fvxhRA&google_hm=IsvVbRCWSDiKjLAhrQkPKKk
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8598
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEILwA-h4_Nv7CTGyWzkLXZk&google_cver=1&google_push=AehlK4BVx1p0aVAQtBHRD2XZW7C6vzuvnXRq5y9Dclil8YQVYS3L2tVNc0umHWuyNBzLQzaPTEPMfmggEhEpCXYriFBur5r...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4BVx1p0aVAQtBHRD2XZW7C6vzuvnXRq5y9Dclil8YQVYS3L2tVNc0umHWuyNBzLQzaPTEPMfmggEhEpCXYriFBur5r648th&google_hm=MTA4NzYxNTE3NzA0MTEzMz...

170 B
188 B

48ms
47ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4BVx1p0aVAQtBHRD2XZW7C6vzuvnXRq5y9Dclil8YQVYS3L2tVNc0umHWuyNBzLQzaPTEPMfmggEhEpCXYriFBur5r648th&google_hm=MTA4NzYxNTE3NzA0MTEzMzI0MQ%3D%3D

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 Aug 2022 23:50:45 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4BVx1p0aVAQtBHRD2XZW7C6vzuvnXRq5y9Dclil8YQVYS3L2tVNc0umHWuyNBzLQzaPTEPMfmggEhEpCXYriFBur5r648th&google_hm=MTA4NzYxNTE3NzA0MTEzMzI0MQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8598
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESENsXqvAnY5k34XDw5o374Hc&google_cver=1&google_push=AehlK4CCOJi5jpFzIaL0P2S2J6VDrM_1EmH1aNu8VQf49ScmuqGBX4zEn-OJqXBAFET0wnqDUqtVnHdndL4PMxPBbmz6jZw...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESENsXqvAnY5k34XDw5o374Hc&google_cver=1&google_push=AehlK4CCOJi5jpFzIaL0P2S2J6VDrM_1EmH1aNu8VQf49ScmuqGBX4zEn-OJqXBAFET0wnqDUqtVnHdndL4PMxPBbmz6j...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AehlK4CCOJi5jpFzIaL0P2S2J6VDrM_1EmH1aNu8VQf49ScmuqGBX4zEn-OJqXBAFET0wnqDUqtVnHdndL4PMxPBbmz6jZw174wQ0w

170 B
188 B

41ms
40ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AehlK4CCOJi5jpFzIaL0P2S2J6VDrM_1EmH1aNu8VQf49ScmuqGBX4zEn-OJqXBAFET0wnqDUqtVnHdndL4PMxPBbmz6jZw174wQ0w

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AehlK4CCOJi5jpFzIaL0P2S2J6VDrM_1EmH1aNu8VQf49ScmuqGBX4zEn-OJqXBAFET0wnqDUqtVnHdndL4PMxPBbmz6jZw174wQ0w
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 8598 0
166 B 324ms
14ms Image
text/html 198.47.127.19

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEU0N2QKxPq5uGf7c3eXnPU&google_cver=1&google_push=AehlK4DBGmgy_G_JQB8ZH5Kbil-0PnvVdXXS6xc8Gp-0vaM15N85XqKn25ZPGrAFKIaCDaA-ORJgDcpJxg_vZDuAg7Zi1o8DeX4uYA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441621&bpp=33&bdt=251&idt=216&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=2&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=197323875&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3075504910&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068486&oid=2&pvsid=1320284677444827&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xx2km3lwgo0a&fsb=1&dtd=239
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8598
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESENIIh6QMIsT1RSK3DJ9kdP4&google_cver=1&google_push=AehlK4BCYIsRcOGHDTygW650uCtLLp-3DvSLQyjEcrpPrOst0jS1JOOgmDo4Px4l7YVcypxZzFI7s59kwt_K...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BCYIsRcOGHDTygW650uCtLLp-3DvSLQyjEcrpPrOst0jS1JOOgmDo4Px4l7YVcypxZzFI7s59kwt_K5fq3GCeeue31yKPDlg

170 B
188 B

80ms
80ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BCYIsRcOGHDTygW650uCtLLp-3DvSLQyjEcrpPrOst0jS1JOOgmDo4Px4l7YVcypxZzFI7s59kwt_K5fq3GCeeue31yKPDlg

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BCYIsRcOGHDTygW650uCtLLp-3DvSLQyjEcrpPrOst0jS1JOOgmDo4Px4l7YVcypxZzFI7s59kwt_K5fq3GCeeue31yKPDlg
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8598
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEHRm4YSfulUYjJmBE0OD0P4&google_cver=1&google_push=AehlK4C0dX4pyRQoUWbnGVbi7HjNyxQb1Og1wxYJnEQ--zKEiAv5TIk7lDHCFsciFZoGVp-qHw2A0VfKDQFv9EZ_b_6895...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEHRm4YSfulUYjJmBE0OD0P4&google_cver=1&google_push=AehlK4C0dX4pyRQoUWbnGVbi7HjNyxQb1Og1wxYJnEQ--zKEiAv5TIk7lDHCFsciFZoGVp-qHw2A0VfKDQFv9EZ_...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=d_pF4VqsSFGR0SurRlpYVA&google_push=AehlK4C0dX4pyRQoUWbnGVbi7HjNyxQb1Og1wxYJnEQ--zKEiAv5TIk7lDHCFsciFZoGVp-qHw2A0VfKDQFv9EZ...

170 B
188 B

58ms
58ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=d_pF4VqsSFGR0SurRlpYVA&google_push=AehlK4C0dX4pyRQoUWbnGVbi7HjNyxQb1Og1wxYJnEQ--zKEiAv5TIk7lDHCFsciFZoGVp-qHw2A0VfKDQFv9EZ_b_6895iYPpCJNw

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=d_pF4VqsSFGR0SurRlpYVA&google_push=AehlK4C0dX4pyRQoUWbnGVbi7HjNyxQb1Og1wxYJnEQ--zKEiAv5TIk7lDHCFsciFZoGVp-qHw2A0VfKDQFv9EZ_b_6895iYPpCJNw
date: Mon, 15 Aug 2022 23:50:45 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 um
sync.teads.tv/ Frame 8598 23 B
172 B 332ms
33ms Image
image/gif 104.111.242.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESECo4LS3PprKnteg-aRsZDe0&google_cver=1&google_push=AehlK4AzPy1SJDVhDeDQb1gHNsjGz8MAOuWxPCyEKZ2ObaoxwGrbE-szVlPleTY3UJMEBlJKj2ga6rByh9B8apBhkDwnwfv5NFEkEA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441621&bpp=33&bdt=251&idt=216&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=2&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=197323875&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3075504910&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068486&oid=2&pvsid=1320284677444827&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xx2km3lwgo0a&fsb=1&dtd=239
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.8 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 15 Aug 2022 23:50:45 GMT
server: akka-http/10.2.8
content-length: 23
content-type: image/gif

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8598 0
12 B 102ms
37ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J7oee85511Wps6bu1ISQbNz8St3CmgFM_Er4aEsnPQGyIIwNKcMtn59KicxFcsITYPyuAQpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C040 15 KB
15 KB 93ms
76ms Font
font/woff2 2a00:1450:4001:80f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 402534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Aug 2023 08:01:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C040 15 KB
16 KB 106ms
89ms Font
font/woff2 2a00:1450:4001:80f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 152464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 14 Aug 2023 05:29:41 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C040 15 KB
15 KB 121ms
104ms Font
font/woff2 2a00:1450:4001:80f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 11:47:17 GMT
x-content-type-options: nosniff
age: 43408
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 11:47:17 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 80DA 14 KB
11 KB 56ms
56ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022081101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bffd3ff554c2d5bd75225188b9c2a1e932d962559dacdbb014a5fe513c8c1295

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11139
x-xss-protection: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 8D20 70 B
265 B 254ms
33ms Image
image/gif 52.223.40.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESELnqhxh0Txy04CBVs7hJuYw&google_cver=1&google_push=AehlK4BGOVyMwjQcK-poqlggruYf_q6kAzWAi8MSZF5zjl8to0Pym7gHk7yhxxEOnjDspp7AjXEsTYZa1QnOVm2rh-j73FzIsbE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 8D20 0
173 B 239ms
19ms Image
text/plain 34.96.105.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESED2PoHvRSccD5O4qj-8J8e4&google_cver=1&google_push=AehlK4CZmL8_4OeCT4-dbApt6GnSit1bAaYng8CgXU3ubqdO0pg5W6v0kOpgbvnHRXBVwi6R4mJTDYS1IIhjUKUmyRwZGdP2wn9W
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8D20
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEAWYgWfNSO1sbXMx-w9ZR8c&google_cver=1&google_push=AehlK4DCgbKvqB6HcsFkkM6kdPJeiTvFoyoYLWwMhtf-Oor16VLSik13O3qJsBqkWtBxVf5ksmDlU2ynPZzUqO0b...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-Yrv-I9USEePhkKoVHgu8Q2&google_push=AehlK4DCgbKvqB6HcsFkkM6kdPJeiTvFoyoYLWwMhtf-Oor16VLSik13O3qJsBqkWtBxVf5ksmDlU2ynPZzUqO0bYxBxJRyZJNoi

170 B
188 B

41ms
41ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-Yrv-I9USEePhkKoVHgu8Q2&google_push=AehlK4DCgbKvqB6HcsFkkM6kdPJeiTvFoyoYLWwMhtf-Oor16VLSik13O3qJsBqkWtBxVf5ksmDlU2ynPZzUqO0bYxBxJRyZJNoi

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 Aug 2022 23:50:45 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-Yrv-I9USEePhkKoVHgu8Q2&google_push=AehlK4DCgbKvqB6HcsFkkM6kdPJeiTvFoyoYLWwMhtf-Oor16VLSik13O3qJsBqkWtBxVf5ksmDlU2ynPZzUqO0bYxBxJRyZJNoi
x-host: tde-deliveryengine-production-7b45b4797c-nbl84
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8D20
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDoN_EKBx1g5T4FPlvxCu0Y&google_cver=1&google_push=AehlK4D_cpfrtFVKCBDIXLdbbIZDLRTVSnFQpiZJg_P4cWr0X_WggpP4QMwXFWi3WSnB9YFUsgXF4Tqz...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDoN_EKBx1g5T4FPlvxCu0Y&google_cver=1&google_push=AehlK4D_cpfrtFVKCBDIXLdbbIZDLRTVSnFQpiZJg_P4cWr0X_WggpP4QMwXFWi3WSnB9YFUsgX...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzk4MzQ5NTgyNTUwMDMwMzEwNw&google_push=AehlK4D_cpfrtFVKCBDIXLdbbIZDLRTVSnFQpiZJg_P4cWr0X_WggpP4QMwXFWi3WSnB9YFUsgXF4T...

170 B
188 B

64ms
64ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzk4MzQ5NTgyNTUwMDMwMzEwNw&google_push=AehlK4D_cpfrtFVKCBDIXLdbbIZDLRTVSnFQpiZJg_P4cWr0X_WggpP4QMwXFWi3WSnB9YFUsgXF4TqzXP1RcfyPBppClMtSU4U

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzk4MzQ5NTgyNTUwMDMwMzEwNw&google_push=AehlK4D_cpfrtFVKCBDIXLdbbIZDLRTVSnFQpiZJg_P4cWr0X_WggpP4QMwXFWi3WSnB9YFUsgXF4TqzXP1RcfyPBppClMtSU4U
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8D20
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELx9kyCKOOoSPGXNoZ2f0js&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELx9kyCKOOoSPGXNoZ2f0js&google_push=Ae...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELx9kyCKOOoSPGXNoZ2f0js&google_hm=Yvrb1XDcFNIllsAeIA_fjAAAFA4AAAAB&google_nid=index&google_push=AehlK4B9G2DCD3VFaFxP7F6yza8OIg-sO4iOz...

170 B
188 B

40ms
40ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELx9kyCKOOoSPGXNoZ2f0js&google_hm=Yvrb1XDcFNIllsAeIA_fjAAAFA4AAAAB&google_nid=index&google_push=AehlK4B9G2DCD3VFaFxP7F6yza8OIg-sO4iOzE63Wf_cuCl-Nw9OZ7KMtkDxSiCDQqA6QoDTH8rcQZL84nEgOvCW8XltPv7WJ3Vq

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Enf00WjOfBnhOZ5wxt9v34xs4O7Ym7d5iJZibyJ5ZbEXeSHM3chN7fmCm14nfyawWNPlXYA5lBTheYDu1G7%2Bju1qWf9NnVhBlJLN607oKQdZCtSQmMG19ZZuZLRgqIqCP6mQTpTtQisHOw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELx9kyCKOOoSPGXNoZ2f0js&google_hm=Yvrb1XDcFNIllsAeIA_fjAAAFA4AAAAB&google_nid=index&google_push=AehlK4B9G2DCD3VFaFxP7F6yza8OIg-sO4iOzE63Wf_cuCl-Nw9OZ7KMtkDxSiCDQqA6QoDTH8rcQZL84nEgOvCW8XltPv7WJ3Vq
cache-control: no-cache
cf-ray: 73b5d597b894bb44-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8D20
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESENIIh6QMIsT1RSK3DJ9kdP4&google_cver=1&google_push=AehlK4Bj3Czr4BNY9zLsKeikIHfWd7JlmxUFdqbEp6re821w7SSgahlRpZyo45PDKKVJBG2DTp87S4mk8PPd...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4Bj3Czr4BNY9zLsKeikIHfWd7JlmxUFdqbEp6re821w7SSgahlRpZyo45PDKKVJBG2DTp87S4mk8PPdpyVngwvDw9izZBye

170 B
188 B

50ms
49ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4Bj3Czr4BNY9zLsKeikIHfWd7JlmxUFdqbEp6re821w7SSgahlRpZyo45PDKKVJBG2DTp87S4mk8PPdpyVngwvDw9izZBye

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4Bj3Czr4BNY9zLsKeikIHfWd7JlmxUFdqbEp6re821w7SSgahlRpZyo45PDKKVJBG2DTp87S4mk8PPdpyVngwvDw9izZBye
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

/
onetag-sys.com/match/ Frame 8D20
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESENIIh6QMIsT1RSK3DJ9kdP4&google_cver=1&google_push=AehlK4CXGfL2evDmb1LD4eX3BWzAKanHZpDp6dasa1ohrKMrIbFekvrfYVP8WTM1twY3I5T5y43h5PtDj0b...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4CXGfL2evDmb1LD4eX3BWzAKanHZpDp6dasa1ohrKMrIbFekvrfYVP8WTM1twY3I5T5y43h5PtDj0b1KyGlBpAs2CuBOx_FJg
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

9ms
8ms

Image
text/plain

51.89.9.253

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Protocol

Server

51.89.9.253 -, , ASN (),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8D20 0
12 B 58ms
56ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K66SxLw2KFEV6duMuJ3wCsRah-HR5KixHX4s4ZEX3GmAIMsIM1Bs6TopYqXlk0TTWY2K6DCA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F192 14 KB
11 KB 58ms
58ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022081101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e78e69c115d8d4135868457a583b1e8f1c1037b7bd68010fcdcff0e49126a29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11049
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8082 0
10 B 50ms
50ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?y_XqhQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 80DA 17 KB
6 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 23:50:45 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AEF4 14 KB
11 KB 53ms
53ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220811&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

33d85c6fcaa3c08d41b8128019a9ab7cae99988a90ed76b7755c85396b5b5d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11099
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame FE7D 15 KB
11 KB 54ms
53ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220811&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2d2c3a2b08e3a629e06fe77c7f842a2fb5682ffe5a907f3606a225a309143eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11276
x-xss-protection: 0

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 21AE 36 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660607441870&bpp=13&bdt=490&idt=108&shv=r20220811&mjsv=m202208090101&ptt=5&saldr=sa&cookie=ID%3D4ffbb0f206c2b401-22d6a8a6f4cd008a%3AT%3D1660607441%3ART%3D1660607441%3AS%3DALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA&correlator=3050152607137&frm=23&ife=1&pv=1&ga_vid=243599451.1660607438&ga_sid=1660607442&ga_hid=1911707112&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=3567240439&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=2675141927299383&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.apbdu4cmtvcx&fsb=1&dtd=123

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 09:25:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 09:25:06 GMT

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 8B2C 36 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 09:25:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 09:25:06 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F192 17 KB
6 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 23:50:45 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AEF4 17 KB
6 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 23:50:45 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C57A 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 11074
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 20:46:11 GMT
expires: Tue, 15 Aug 2023 20:46:11 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5918 783 B
533 B 49ms
49ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

45cc6727917b2d94305095f706aa6e579b8bbdb1e4cd18b78f40794df06ea15c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PcSBD_qgnALgLIovl1IsBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-PcSBD_qgnALgLIovl1IsBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:45 GMT
expires: Mon, 15 Aug 2022 23:50:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame FE7D 17 KB
6 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 23:50:45 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A046 13 KB
5 KB 42ms
42ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 11074
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 20:46:11 GMT
expires: Tue, 15 Aug 2023 20:46:11 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7894 783 B
536 B 48ms
48ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

650b45f4573778104fa40b1b22003a7b313b3b4ee27d2bae0c3f120d4fb814cc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-82tkI2mJWi7iqZv4HNZ3uQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-82tkI2mJWi7iqZv4HNZ3uQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:45 GMT
expires: Mon, 15 Aug 2022 23:50:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6471 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 11074
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 20:46:11 GMT
expires: Tue, 15 Aug 2023 20:46:11 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 89A2 783 B
534 B 50ms
49ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c98f7f93bdad3a30a617c3014234b5b70d649505ad9ba80e9cd8aa96e5d6fc3d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iw8tDRWYapmwcUBE-N5DbQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-iw8tDRWYapmwcUBE-N5DbQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:45 GMT
expires: Mon, 15 Aug 2022 23:50:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3D18 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 11074
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 20:46:11 GMT
expires: Tue, 15 Aug 2023 20:46:11 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5029 783 B
536 B 48ms
48ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2aca5048639921e2dce8ed634bb3e0288926ca3e365d09d46fa0bb6cb4da3c96

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EZbk6R8vC0NAOTW06nlHog' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-EZbk6R8vC0NAOTW06nlHog' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 23:50:45 GMT
expires: Mon, 15 Aug 2022 23:50:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5918 0
0 72ms
72ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022081101&jk=3955519017605310&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame C57A 36 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 09:25:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 09:25:06 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7894 0
0 73ms
73ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022081101&jk=1983524247231530&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 89A2 0
0 86ms
86ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220811&jk=2675141927299383&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame A046 36 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 09:25:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 09:25:06 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5029 0
0 125ms
125ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220811&jk=1320284677444827&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 6471 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 09:25:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 09:25:06 GMT

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 3D18 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 09:25:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 09:25:06 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C57A 0
10 B 42ms
41ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?edPLGQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A046 0
10 B 39ms
38ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Qni_nQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:50:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET generate_204
tpc.googlesyndication.com/ Frame 3D18 0
0

GET generate_204
tpc.googlesyndication.com/ Frame 6471 0
0

GET sodar
pagead2.googlesyndication.com/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/generate_204?FU1BmA

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/generate_204?KlGtGQ

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220811&jk=334760426695168&bg=!W1ilWBzNAAa4hXTbmIU7ACkAdvg8WrqMnuKnyi0v5jDCKGLvrscdvfRrCO9C7QTkm6CXbbxhIihA3wIAAAHvUgAAAAJoAQcKAFl5eMk6vwfcf99xzfeWl_JU6TI90YvvN9_QT3wtaJFydhMkW2FBhozPJ_bSJNvHAFm_UYPIEoelJk0J0XqiTx-DZhnFNWevNo7ToLdaSPCDNs4X4kKg0hX3C5kCvJmY4YssQOycOumzPDLphRKYbVqGs0lci_2fXL4Ei4HF-3MVP1yUgOY0D6hXP_gNd9Dl56UsflkXfK8n3RNtVQ-zAAmSAxt21E7ALMDBxtdL5vdkrBbNYWuIpkWVZKQ4zSqTWOeRLXTA3Rojs3bJOveqIbF4ujo1s1wU0VcuF3CJN2zRvDG8zb9pv1Sttcs7L93T7qhyqwOfekht1Nr0LU6wXof98SRzHhg_LPJMTGExp9A-yaPo5CLCW146fjURzEgq3DmGS7pJcBEvXq0qL5YDEICzlTKydumAUm2Nq-0HQ7yBskqwTH84O7wGlFMh6vGkskF0_oRacWqvpD3ABVgN6ZcUkqoMVtOMwGj4lRrJx0DmlWuLwl4f6-JcZua8r3cb4YUi7Q9UodGBb6kvPlf_0ua7pemv0R2H9RiNRIV94bxsUFLDc3JGXDyPyUQUD9kJHp5MUQN4Q5Frr4GB33WHykpWzhs9doUo5nx8np5L-OXYHME8I8D8dZSf4C6zRN0I4m-Q0wcmqyCNFxDbXZA8gXknQkDtbX4hIqLXMoemuEQjVrlw-arAqMhqenMVVI56JnFz9d5tuYZiFWgFfL7Iv0w_uFu1hBST60mkJE7cmuiQjpVJ6YNTw4TwqN9L4Nx39XDM3AiMItadeperbF48JQn6ZvKYxN93zvhtzA6ofbEQIfln5xmjtmDn3W3RXlRcTPsgNc2q2AKtWQ9O5005IcPnoFzI-yb2xyqW8CgLugdn_nqXjCaKEstIgDgbJvDUPf8uBdR-9VEshcuu2jJ_AFPy884gExRaWszfHHG1qRZY0oCimFAumP8wzwPbMeJRCpow-ilJ36yRsSrinOzbbFuv2N71CQCGlLnlYfagdBplg5GgcnVy6plyMpgzULtI86lTLbwRxqhiTZAhXDlSKDoIgRDLke-l0uA

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
reurl.cc/	1970-01-20 14:02:23	Name: clientIdV2 Value: cffba54ebbd5e8cf93ab7eac0b74c565fe3da4916af82e719954212d0c3e0c8d984c7237822b1ae347857d35237f53e19d53ffef00d0dd2f64fb826ac1c15c26d74dc1cc3965725c81744b71
reurl.cc/	1970-01-20 14:02:23	Name: clientId Value: cffba54ebbd5e8cf93ab7eac0b74c565fe3da4916af82e719954212d0c3e0c8d984c7237822b1ae347857d35237f53e19d53ffef00d0dd2f64fb826ac1c15c26d74dc1cc3965725c81744b71
reurl.cc/	1970-01-20 14:02:23	Name: lang Value: tw
.reurl.cc/	1970-01-20 14:52:47	Name: _ga Value: GA1.2.243599451.1660607438
.reurl.cc/	1970-01-20 05:18:13	Name: _gid Value: GA1.2.676958447.1660607438
.reurl.cc/	1970-01-20 05:16:47	Name: _gat Value: 1
reurl.cc/	1970-01-20 05:59:59	Name: CFFPCKUUID Value: 8969-2M8rMZg6egAFjpmuEAVJmb7pzKlI15Uz
.reurl.cc/	1970-01-20 05:59:59	Name: CFFPCKUUIDMAIN Value: 2231-pONopbLrhhelU2qGXLhp5uUCI51IxYXw
.reurl.cc/	1970-01-20 14:38:23	Name: __gads Value: ID=4ffbb0f206c2b401-22d6a8a6f4cd008a:T=1660607441:RT=1660607441:S=ALNI_MZUY7Cra4AAB5RT_MD5VGNA7kKIhA
.holmesmind.com/	1970-01-20 05:37:54	Name: Vision Value: 20220816-23:59,20220816-10,20220816-10,20220816-23:59
.holmesmind.com/	1970-01-20 05:37:54	Name: C Value: null
.holmesmind.com/	1970-01-20 07:41:45	Name: RK Value: null
.holmesmind.com/	1970-01-20 14:52:47	Name: P Value: 170521-UH9cTfRjKPGxIds8KY2fb9UORIpe9mUe
.mookie1.com/	1970-01-20 14:45:35	Name: id Value: 10524279012903764487
.mookie1.com/	1970-01-20 14:45:35	Name: mdata Value: 1\|10524279012903764487\|1660607441207
.mookie1.com/	1970-01-20 14:45:35	Name: ov Value: 502bd00f7cfa73531dd990fbbc89df52
.reurl.cc/	1970-01-20 07:26:23	Name: _fbp Value: fb.1.1660607438573.2003479998
.prnasia.com/	1970-01-20 05:16:49	Name: __cf_bm Value: Mb3QgvQXjZkuzYoUFQ5XDd1CURhAWcfZLf5xBdFbH4s-1660607441-0-ASIDZNXXDVL+Na+NwQjQJBPo7wpxV90Y3F01cP5etMW08kEAfvNx5lqRUnQW51Lk6u9GzRNZRwDPOrUFREp3cnc=
.c.appier.net/	1970-01-20 14:02:23	Name: _auid Value: VMgFT_fmCpiZLI4x0tv6Yg
.hinet.net/	1970-01-20 14:52:47	Name: uuid Value: 09ca7a62-cc7b-4c93-9b82-651979ed8d0c
.reurl.cc/	1970-01-20 05:16:51	Name: _ht_em Value: 1
.doubleclick.net/	1970-01-20 14:38:23	Name: IDE Value: AHWqTUndAFeQodtwohPzhKppqhSXt4TnHvSfTZR-tCHj-4rbZ0l35qOusV23k8e6LE0
.reurl.cc/	1970-01-20 05:18:13	Name: _ht_50ef57 Value: 1
.holmesmind.com/	1970-01-20 05:18:13	Name: fcm Value: 1
.reurl.cc/	1970-01-20 05:18:13	Name: _ht_hi Value: 1
.holmesmind.com/	1970-01-20 05:37:54	Name: R Value: null
.holmesmind.com/	1970-01-20 07:41:45	Name: G Value: we3u7ZGJymKY5J47cKd8kQ==
.holmesmind.com/	1970-01-20 14:52:47	Name: d Value: /jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
.reurl.cc/	1970-01-20 14:02:23	Name: __htid Value: 09ca7a62-cc7b-4c93-9b82-651979ed8d0c
.aralego.com/	1970-01-20 14:02:23	Name: sspid Value: 200a44ca-a700-3bef-9221-5f777c0b0ebf
.criteo.com/	1970-01-20 14:38:23	Name: uid Value: a3770944-f831-4b3c-bc44-79415a872f9a
.aralego.com/	1970-01-20 14:02:23	Name: euconsent-v2 Value:
.aralego.com/	1970-01-20 14:02:23	Name: gdpr Value: 1
.reurl.cc/	1970-01-20 14:38:23	Name: cto_bundle Value: kuBtRV90S1ZyRUd1V092TDdrblk4RnZMcWczb0VKM2hWeUpaRlpWMzZJeHZpV0g5OEElMkJsYk5oZW9DRHpSUW1UOHM2RERVV1JFaWNWVDQ0RnptTHFGZGVxQ21YRW92JTJCVTJtMk1ZZHNSbGlFcG84azJkSzVlVWt4RmJscm1UaWNGcWJOQUx0YXBac1dFZldiS1JzViUyQkpiQmo3ZkElM0QlM0Q

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

01d95dbc-63e0-4141-bc21-2ae570ca48dc.t.ssp.hinet.net
09ca7a62-cc7b-4c93-9b82-651979ed8d0c.t.ssp.hinet.net
61b3393bfb213cb5d670f3d0d95d5e71.safeframe.googlesyndication.com
ad.holmesmind.com
ad2.apx.appier.net
adcdn.holmesmind.com
ads.aralego.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
bidder.criteo.com
blog.alphaloan.co
c.holmesmind.com
c1.adform.net
cdn.aralego.net
cdn.holmesmind.com
cdn.jsdelivr.net
cdn.rawgit.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
creditcards.com.tw
d5p.de17a.com
f5b36b99c98495222ecfb61007ab96d0.safeframe.googlesyndication.com
fcm.holmesmind.com
fonts.googleapis.com
fonts.gstatic.com
fp.holmesmind.com
gcm.ctnsnet.com
gocm.c.appier.net
googleads.g.doubleclick.net
gum.criteo.com
i0.wp.com
ib.adnxs.com
image6.pubmatic.com
img.gbyhn.com.tw
img.racingcharger.tw
m.holmesmind.com
match.360yield.com
match.adsrvr.org
mma.prnasia.com
mug.criteo.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pr-bh.ybp.yahoo.com
prebid-asia.creativecdn.com
prebid.scupio.com
reurl.cc
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static-tagr.gd1.mookie1.com
static.criteo.net
static.wixstatic.com
static.xx.fbcdn.net
stats.g.doubleclick.net
storage.re-news.tw
storage.reurl.cc
sync.aralego.com
sync.teads.tv
t.ssp.hinet.net
tpc.googlesyndication.com
tr.blismedia.com
tw-gmtdmp.mookie1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
103.132.192.30
103.3.63.48
104.111.242.245
104.18.19.126
13.115.155.88
142.250.185.162
142.250.186.130
162.210.196.208
178.250.2.131
178.250.2.146
192.0.77.2
192.0.78.135
192.0.78.236
198.47.127.19
199.115.117.82
203.75.214.136
210.59.219.181
213.155.156.168
2400:52e0:1e01::879:1
2600:9000:21f3:fe00:3:1794:2540:93a1
2600:9000:2304:8400:0:e06c:e940:93a1
2606:4700:20::ac43:47fe
2606:4700::6810:5814
2606:4700::6810:fc04
2606:4700::6811:190e
2a00:1450:4001:800::200a
2a00:1450:4001:806::2002
2a00:1450:4001:806::200e
2a00:1450:4001:808::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2002
2a00:1450:4001:812::2002
2a00:1450:4001:827::2003
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2001
2a00:1450:400c:c07::9c
2a02:2638:1::13
2a02:2638:1::3
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f107:83:face:b00c:0:25de
2a05:d018:d29:3605:9ff9:d907:aaf7:c9c8
2a06:98c1:3121::3
2a06:98c1:3121::c
3.126.34.76
34.102.176.152
34.117.219.39
34.149.98.30
34.95.67.231
34.96.105.8
34.96.119.68
35.185.130.121
35.186.193.173
35.190.0.66
35.201.76.93
35.227.202.26
35.227.249.156
35.244.196.223
37.157.3.28
37.252.172.37
51.89.9.253
52.223.40.198
92.123.21.79
003c6c7476d2158d18f48473e7071c87f48e8e1cf957343020a148c97ba30482
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00fc5eede87ce2644e673193b3ffce854cad06f548d8a6057acce9c0dbef3b2d
02a11d118de5f3d9a7fda77638a07a33218aa18e1888cc0376889be1fdd8595e
051141599f128f399f2cd53514ee1c28ba9d269ce1b065ba81dcc4b11a5d3b02
0831b4a7fb0493e3a5b6b3c52e7776b3dd0bc4441f7b157e7c83029efa9a4611
08d8b725d50bbcea8a605583672ebf4ac94a4e4da017d1adb82f9eee12e45694
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09babf07928b2e99779d5acbc1662ea6da63929691a32f05cd6ac65c0a36edcb
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d389ecd4d9afbd7da7c513735767af9649a74f033574752a5707bfd2ac20ad0
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
10407b8212733e00354b330f4e4790764e6bc187a9d2b6b62b27aeb387bc268b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
119c991def30cefc8407a1f08f92efda9e9fa3f98185ccb612ca75f682537273
1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f
12e46b645dde5408be7fc6f4ce9647addac5d09c5f27dc8e3ffe9e07e6c9a935
1497525c2f78fefc5f4b3613ee563df0f16a866b65b89283b56e6a8f29bbb8fb
16d937f75d10859023a9eb1aeecc46191718618c910add8f58dc522759aa8d21
18da79f767f5a603e9b235ec78993380e8c00aaf1ec855049e8a79107e3013c6
1b7aad23f9376ccfc80a816d7c7f8fd29546bc6657501bcff9f509988febd752
1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced
1db34fa0f832b9318d061eead486619536dba1c49a2419da00b6a8d8666611de
260a38fd6cc5ef58002f66b9a6efcd915c7a2035a626948e5003e5ddf727d9c8
2724099f7ca2b2b251fd83b43b296e86f7c8a30559881377f682e05640a336fb
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
2950bc3fd628cb8a8c6b1367f664e31353a6ff9edd99c3f2831ce548610a05b0
2aca5048639921e2dce8ed634bb3e0288926ca3e365d09d46fa0bb6cb4da3c96
2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33d85c6fcaa3c08d41b8128019a9ab7cae99988a90ed76b7755c85396b5b5d0a
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6
37847ab906bcc6d7a50b7846796f850214db92ed849b114f7fc62947c51172c2
3c0ef2cb368ce9c0214a1014aa148e97bf5b5f46b26a0a9a7670e0d443013fca
42176dd8bba6d2b3043429bc0f0401f069e2c8e3e2642fa3f2cfef58cad0071b
45cc6727917b2d94305095f706aa6e579b8bbdb1e4cd18b78f40794df06ea15c
4785b3e19dd72ed32a05d872a4e3074ecdb34b83318029d8f102717bb1138fcc
48424819328d17139058fd4e7da1e4b82ea497755ccbc6b15271aa8aaf209ff1
48b59c1d9eb5d213d2163e5fd45bcbabcfdfd1d76c3edf81758243e57367403b
48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde
4994c3033d23ff48bd2d8bcfd8ca91595aaef14b7f5eb50937cdefef79a28190
4b52781951c70cc8a2ae2afdaac5d673c656c3be0f1c769fa6c1e9e4f5ed8d3b
4c402c8d3474dbe1b2f8b99deab2fb2683c57bc0052b09723452e48baa4f00c1
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4ff1b9b91db584b19d20b4d02af9ff7673add161ce3f9ceae9391b3a84fddab1
50f98794153a6544b5bd9faa7f39bcdf20af127284ca37d5e1ee49b6334fdc4c
550bc832d3c69d0b539e5e64cd9e7de2eadb6cb83945f1c24ce631c87bfbe292
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
5a37b6c5314987ecb3e0f8a85a4ae061c82017dcc3e4c922c5d62c54e8bf025e
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
60a19641a83ba847b9d020c73ca404cfc44d7c4d77f8b99125a14d35297fe9d2
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
629ef7993a85e00d3b4d0c2ebfd68c6493d636cac0320ec4140eb6efaa238eb0
62a62225a4e6e5ea098b9ed6aa19c2149880cbd6d3e0314f2b875a32b1f8ce25
650b45f4573778104fa40b1b22003a7b313b3b4ee27d2bae0c3f120d4fb814cc
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cbc0879ebbda19669ced4f6c9c786b854d02a99af710ab2fa8c25fde3f72ab1
6dd2ae49f47c786f9bd5aef7e06797ada8024036efbfd3c83d5461ab6b5897ee
6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037
71a5e32f50db9d5bb475d3baec615cc4d3ffdc053419ce7e6908b38eb7483651
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338
7bbd8fdc5625a8467b90ee3cc36a46f5093bbf73cd8547bc8831c30ec6619afa
7e78e69c115d8d4135868457a583b1e8f1c1037b7bd68010fcdcff0e49126a29
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ae78cfe6ee6192120b022cb3c00d586542309c4b88076fe6f12c0f7ef65f015
8c83655db4e28522876277d150a82f1bed8d015fbcc863f95a2f34980badab4e
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b4c701932d0a7e05c00f9c57ec69d8ba37cbb0da6ecea799991c28910ad6321
9c8c0ac19964706e18280f35973180a896d74c52c760c2d7047d6a94c1329a6f
9f1dbdb976feb10513869e6e85d1a5a3f3cb29acc22f01c5d333da14c968ca9e
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a227b9d209dd7d69749f18a3d2387e59391d8401b2c05e375541f9bf7ce8d928
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5e098b17b5c8c98518108f839142155ba668a1b67f70ada021e909dfa147fcc
a65e12985d44f14398aa11d74fac822e2dd0318b5a02aaf3bf914756d653e98d
a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a907e4129c3d18636ac052d3554dbdbb6388d65e9a6dda8684c137ef0c9b53cd
a93f716cf27b006ca9b1cf4379be09a005335f365b3295659a07733c6c2127e1
aa8094938bd2817f2ec8f327fa09fe7d6ea5fe5f4b49973482ec3fdb9a01af69
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afc3261eac9e8f5606c513fa7c62f5add4200b8d171d1972f11abe2ec1a0ac41
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2d2c3a2b08e3a629e06fe77c7f842a2fb5682ffe5a907f3606a225a309143eb
b73e6cb22f3ae22bcbe36217e226c082f813a2a8a7961644093d849bcbd30294
b86e503d9b38292b80b0c0460e9a6dd9350a7727d0d9852dcebc9f9b2bb83357
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
bffd3ff554c2d5bd75225188b9c2a1e932d962559dacdbb014a5fe513c8c1295
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
c459ca0a26510a1a84a8fae1a943563c00834327312f399d5c47f7cddc1d7ebe
c884ba3ff93d69be7326b4052c8451657623a588d56f21f2651d18311826a867
c96ec8b8d8550c40c2f859c4e87b59b1cc4f9409ac4b8025fa830df2035891d1
c98f7f93bdad3a30a617c3014234b5b70d649505ad9ba80e9cd8aa96e5d6fc3d
cba02a7ea67c579f5a185c78bec1bdcd04602c0947342600707fe7474da647b2
cd42c2aaf9bb3ea7ad6ea15458266d65693e6b7d01e280f12bcdd1a7e0ce6133
cdb7b46cae42cd81431bbd6892f43d4f84508bf5fb2bde0ae32bc577ce26d275
d151abaa7946d205cc769fd84d0acaeec4b759872dc714b237435f10ece11d35
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
d541f77dd45df41c827a1c2b2899696c336c7bb3a1a06422d66ca4f37454258e
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
d8eda587c3186a20460581010a936a18f2c635a20eedb2860b51808f59a292b1
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e54e601faee15c866fc80659f34bf9b78048d72901b77795bb0109d4fdabccf7
e830fb2cd84ed7cc6eb54b4f7b682ddc8bf7dfe2bc02c3662631f0ee9abda2b7
eac9ebfa63429a33a1aaa9c8f7a6f07175b7b30318b271fc543c8c4c39809314
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f17d8fa35bb5968b603fb66223c5e641ef33dc3f529cd709a7e2baa84715366f
f3481bf12191837d5e19d9526f18fd20fc88395a403c1a0b098eeef10a7f56ab
f3e5252353efd1bbf142f82a581d1a08f838137a79db7937ae078fb315995b39
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

reurl.cc Open in urlscan Pro 35.185.130.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

276 Requests

90 %HTTPS

42 %IPv6

47 Domains

70 Subdomains

56 IPs

9 Countries

4328 kBTransfer

7343 kBSize

34 Cookies

20 Outgoing links

Page URL History

Redirected requests

276 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Screenshot
Live screenshot

Full Image

276
Requests

90 %
HTTPS

42 %
IPv6

47
Domains

70
Subdomains

56
IPs

9
Countries

4328 kB
Transfer

7343 kB
Size

34
Cookies

276 HTTP transactions
4 data transactions