reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reurl.cc/O4ooex
Submission: On September 23 via manual (September 23rd 2022, 3:35:26 am UTC) from US — Scanned from DE

Summary HTTP 358 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 61 IPs in 10 countries across 40 domains to perform 358 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 220639.
TLS certificate: Issued by R3 on September 23rd 2022. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	35.185.130.121 35.185.130.121	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
40	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
2	35.186.215.140 35.186.215.140	15169 (GOOGLE) (GOOGLE)
15	13.32.99.117 13.32.99.117	16509 (AMAZON-02) (AMAZON-02)
40	2600:9000:225... 2600:9000:2250:2400:0:e06c:e940:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	35.244.196.223 35.244.196.223	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
4	210.59.219.180 210.59.219.180	3462 (HINET Dat...) (HINET Data Communication Business Group)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
3	34.95.67.231 34.95.67.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 6	35.201.76.93 35.201.76.93	15169 (GOOGLE) (GOOGLE)
5	2600:9000:225... 2600:9000:2250:ec00:3:1794:2540:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1b::9a	15169 (GOOGLE) (GOOGLE)
7	52.68.234.1 52.68.234.1	16509 (AMAZON-02) (AMAZON-02)
8	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	212.82.100.146 212.82.100.146	34010 (YAHOO-IRD) (YAHOO-IRD)
1	2a00:1288:110... 2a00:1288:110:c204::b000	34010 (YAHOO-IRD) (YAHOO-IRD)
7	103.132.192.30 103.132.192.30	138552 (RTBHOUSE-...) (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD.)
7	210.59.219.181 210.59.219.181	3462 (HINET Dat...) (HINET Data Communication Business Group)
8 16	34.96.119.68 34.96.119.68	15169 (GOOGLE) (GOOGLE)
8 8	172.104.105.5 172.104.105.5	63949 (LINODE-AP...) (LINODE-AP Linode)
1 8	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
12	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 16	162.210.196.208 162.210.196.208	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
1	34.102.176.152 34.102.176.152	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6810:fc04	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.78.244 192.0.78.244	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.78.236 192.0.78.236	2635 (AUTOMATTIC) (AUTOMATTIC)
5	34.117.219.39 34.117.219.39	15169 (GOOGLE) (GOOGLE)
8 16	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
10	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6 17	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2	35.227.249.156 35.227.249.156	15169 (GOOGLE) (GOOGLE)
4	35.79.29.97 35.79.29.97	16509 (AMAZON-02) (AMAZON-02)
2	210.59.219.175 210.59.219.175	3462 (HINET Dat...) (HINET Data Communication Business Group)
2 2	23.75.240.210 23.75.240.210	16625 (AKAMAI-AS) (AKAMAI-AS)
4	23.205.235.133 23.205.235.133	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	2a05:d018:d29... 2a05:d018:d29:3602:2324:aae3:7705:2809	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700:20:... 2606:4700:20::681a:567	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	69.173.158.64 69.173.158.64	26667 (RUBICONPR...) (RUBICONPROJECT)
6	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
33	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	37.157.4.41 37.157.4.41	198622 (ADFORM) (ADFORM)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	54.171.147.13 54.171.147.13	16509 (AMAZON-02) (AMAZON-02)
1 1	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
358	61

5 35.185.130.121 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.215.140 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 140.215.186.35.bc.googleusercontent.com

ad.sitemaji.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 13.32.99.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-117.fra60.r.cloudfront.net

img.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2600:9000:2250:2400:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.196.223 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 223.196.244.35.bc.googleusercontent.com

storage.re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 210.59.219.180 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)

bw.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.95.67.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.67.95.34.bc.googleusercontent.com

fcm.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.201.76.93 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 93.76.201.35.bc.googleusercontent.com

c.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2250:ec00:3:1794:2540:93a1 (United States)

ASN16509 (AMAZON-02, US)

adcdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.68.234.1 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-68-234-1.ap-northeast-1.compute.amazonaws.com

ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.146 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: media-router-flurry71.prod.media.vip.ir2.yahoo.com

ads.yap.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c204::b000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

geo.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net

prebid-asia.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 210.59.219.181 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)

prebid.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 34.96.119.68 (Kansas City, United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: 68.119.96.34.bc.googleusercontent.com

ad2.apx.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.104.105.5 (Tokyo, Japan) 8 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1715-5.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 162.210.196.208 (Washington, United States) 5 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

hb.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.176.152 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 152.176.102.34.bc.googleusercontent.com

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:fc04 (United States)

ASN13335 (CLOUDFLARENET, US)

mma.prnasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.244 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

img.racingcharger.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.236 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

blog.alphaloan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.117.219.39 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 39.219.117.34.bc.googleusercontent.com

fp.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:2638::1c (France) 8 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.217.18.2 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.249.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.249.227.35.bc.googleusercontent.com

m.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.79.29.97 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-79-29-97.ap-northeast-1.compute.amazonaws.com

ccm.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 210.59.219.175 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)

rec.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.75.240.210 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-240-210.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3602:2324:aae3:7705:2809 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:567 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.aralego.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.158.64 (Singapore, Singapore)

ASN26667 (RUBICONPROJECT, US)

pixel-apac.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

c6d85ec7a9819dbe89b337da69213853.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dc75fe7fed10655da611c60bb6d65efc.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.41 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.147.13 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-147-13.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
72	holmesmind.com 1 redirects cdn.holmesmind.com — Cisco Umbrella Rank: 127935 fcm.holmesmind.com — Cisco Umbrella Rank: 137871 c.holmesmind.com — Cisco Umbrella Rank: 99091 adcdn.holmesmind.com — Cisco Umbrella Rank: 128862 ad.holmesmind.com — Cisco Umbrella Rank: 87976 fp.holmesmind.com — Cisco Umbrella Rank: 126094 m.holmesmind.com — Cisco Umbrella Rank: 214739 ccm.holmesmind.com — Cisco Umbrella Rank: 330050	212 KB
51	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 105 c6d85ec7a9819dbe89b337da69213853.safeframe.googlesyndication.com dc75fe7fed10655da611c60bb6d65efc.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 142	626 KB
40	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 83037 3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net 93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net	29 KB
38	criteo.com 8 redirects bidder.criteo.com — Cisco Umbrella Rank: 761 gum.criteo.com — Cisco Umbrella Rank: 406 mug.criteo.com — Cisco Umbrella Rank: 2876	49 KB
28	scupio.com img.scupio.com — Cisco Umbrella Rank: 75843 bw.scupio.com — Cisco Umbrella Rank: 123335 prebid.scupio.com — Cisco Umbrella Rank: 65800 rec.scupio.com — Cisco Umbrella Rank: 133028	385 KB
24	appier.net 16 redirects ad2.apx.appier.net — Cisco Umbrella Rank: 39819 gocm.c.appier.net — Cisco Umbrella Rank: 2373	3 KB
24	doubleclick.net 6 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 79 cm.g.doubleclick.net — Cisco Umbrella Rank: 210 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 180 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41	368 KB
17	gstatic.com www.gstatic.com fonts.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn0.gstatic.com	296 KB
16	aralego.com 5 redirects hb.aralego.com — Cisco Umbrella Rank: 19002 sync.aralego.com — Cisco Umbrella Rank: 3193 ads.aralego.com — Cisco Umbrella Rank: 30433	6 KB
12	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 75	4 KB
10	rubiconproject.com 3 redirects secure-assets.rubiconproject.com — Cisco Umbrella Rank: 910 eus.rubiconproject.com — Cisco Umbrella Rank: 564 token.rubiconproject.com — Cisco Umbrella Rank: 667 pixel-apac.rubiconproject.com — Cisco Umbrella Rank: 30562 pixel.rubiconproject.com — Cisco Umbrella Rank: 335	22 KB
8	criteo.net static.criteo.net — Cisco Umbrella Rank: 673	272 KB
7	creativecdn.com prebid-asia.creativecdn.com — Cisco Umbrella Rank: 18967	1 KB
6	aralego.net cdn.aralego.net — Cisco Umbrella Rank: 9047	89 KB
6	yahoo.com 4 redirects ads.yap.yahoo.com — Cisco Umbrella Rank: 9118 geo.yahoo.com — Cisco Umbrella Rank: 1409 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 468 ups.analytics.yahoo.com — Cisco Umbrella Rank: 287	3 KB
5	google.de www.google.de — Cisco Umbrella Rank: 6352 adservice.google.de — Cisco Umbrella Rank: 9081	2 KB
5	reurl.cc reurl.cc — Cisco Umbrella Rank: 220639	5 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 293 fonts.googleapis.com — Cisco Umbrella Rank: 40	69 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	9 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	20 KB
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 3665	781 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 637	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 190	88 KB
2	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 857	672 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	34 KB
2	sitemaji.com ad.sitemaji.com — Cisco Umbrella Rank: 94822	11 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 392	59 KB
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 1505	351 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 45393	607 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 342	265 B
1	alphaloan.co blog.alphaloan.co	151 KB
1	wp.com i0.wp.com — Cisco Umbrella Rank: 2875	704 KB
1	racingcharger.tw img.racingcharger.tw	95 KB
1	creditcards.com.tw creditcards.com.tw	129 KB
1	gbyhn.com.tw img.gbyhn.com.tw	59 KB
1	prnasia.com mma.prnasia.com — Cisco Umbrella Rank: 410957	14 KB
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 5233	236 KB
1	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 748	6 KB
1	yimg.com s.yimg.com — Cisco Umbrella Rank: 480	30 KB
1	re-news.tw storage.re-news.tw	6 KB
358	40

	Domain	Requested by
40	cdn.holmesmind.com	reurl.cc cdn.holmesmind.com ad.holmesmind.com
32	t.ssp.hinet.net	reurl.cc cdn.holmesmind.com t.ssp.hinet.net
25	pagead2.googlesyndication.com	ads.aralego.com pagead2.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com reurl.cc googleads.g.doubleclick.net www.googletagservices.com
24	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com reurl.cc googleads.g.doubleclick.net pagead2.googlesyndication.com
16	gum.criteo.com	8 redirects static.criteo.net
16	ad2.apx.appier.net	8 redirects reurl.cc
15	img.scupio.com	reurl.cc img.scupio.com
13	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
12	bidder.criteo.com	img.scupio.com static.criteo.net
10	sync.aralego.com	3 redirects img.scupio.com ads.aralego.com reurl.cc
10	mug.criteo.com
8	www.google.com	1 redirects reurl.cc tpc.googlesyndication.com googleads.g.doubleclick.net
8	gocm.c.appier.net	8 redirects
8	static.criteo.net	cdn.holmesmind.com img.scupio.com static.criteo.net
7	prebid.scupio.com	cdn.holmesmind.com img.scupio.com
7	prebid-asia.creativecdn.com	cdn.holmesmind.com img.scupio.com
7	ad.holmesmind.com	cdn.holmesmind.com img.scupio.com
6	securepubads.g.doubleclick.net	cdn.aralego.net securepubads.g.doubleclick.net
6	cdn.aralego.net	reurl.cc ads.aralego.com
6	c.holmesmind.com	1 redirects cdn.holmesmind.com img.scupio.com
5	3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net	t.ssp.hinet.net
5	fp.holmesmind.com	cdn.holmesmind.com
5	adcdn.holmesmind.com	cdn.holmesmind.com
5	reurl.cc	reurl.cc
4	encrypted-tbn1.gstatic.com
4	encrypted-tbn3.gstatic.com
4	fonts.gstatic.com	fonts.googleapis.com
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
4	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
4	ads.aralego.com	2 redirects ads.aralego.com
4	eus.rubiconproject.com	reurl.cc eus.rubiconproject.com
4	ccm.holmesmind.com	reurl.cc cdn.holmesmind.com
4	bw.scupio.com	img.scupio.com ajax.googleapis.com
4	www.facebook.com	reurl.cc img.scupio.com
3	93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net	cdn.holmesmind.com t.ssp.hinet.net reurl.cc
3	pr-bh.ybp.yahoo.com	3 redirects
3	fcm.holmesmind.com	cdn.holmesmind.com
3	www.google-analytics.com	reurl.cc www.google-analytics.com
2	encrypted-tbn0.gstatic.com
2	encrypted-tbn2.gstatic.com
2	match.360yield.com	2 redirects
2	c1.adform.net	2 redirects
2	www.googletagservices.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net tpc.googlesyndication.com
2	partner.googleadservices.com	pagead2.googlesyndication.com
2	token.rubiconproject.com	eus.rubiconproject.com
2	secure-assets.rubiconproject.com	2 redirects
2	rec.scupio.com	img.scupio.com
2	m.holmesmind.com	cdn.holmesmind.com
2	hb.aralego.com	img.scupio.com
2	ajax.googleapis.com	img.scupio.com
2	connect.facebook.net	reurl.cc connect.facebook.net
2	ad.sitemaji.com	reurl.cc ad.sitemaji.com
2	cdn.jsdelivr.net	reurl.cc
1	ups.analytics.yahoo.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	rtb.openx.net	googleads.g.doubleclick.net
1	gcm.ctnsnet.com	1 redirects
1	www.gstatic.com	googleads.g.doubleclick.net
1	dc75fe7fed10655da611c60bb6d65efc.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	c6d85ec7a9819dbe89b337da69213853.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	pixel-apac.rubiconproject.com	eus.rubiconproject.com
1	match.adsrvr.org	img.scupio.com
1	blog.alphaloan.co	reurl.cc
1	i0.wp.com	reurl.cc
1	img.racingcharger.tw	reurl.cc
1	creditcards.com.tw	reurl.cc
1	img.gbyhn.com.tw	reurl.cc
1	mma.prnasia.com	reurl.cc
1	static.wixstatic.com	reurl.cc
1	www.google.de	reurl.cc
1	geo.yahoo.com	reurl.cc
1	ads.yap.yahoo.com	s.yimg.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	static.xx.fbcdn.net	www.facebook.com
1	s.yimg.com	ad.sitemaji.com
1	storage.re-news.tw	reurl.cc
358	78

This site contains links to these domains. Also see Links.

Domain
youtils.cc
re-news.tw
stockinfo.tw

Subject Issuer	Validity	Valid
reurl.cc R3	`2022-09-23` - `2022-12-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.ssp.hinet.net	`2021-10-12` - `2022-10-12`	a year	crt.sh
feebee.com.tw R3	`2022-08-23` - `2022-11-21`	3 months	crt.sh
*.scupio.com Sectigo RSA Organization Validation Secure Server CA	`2021-10-13` - `2022-11-13`	a year	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2022-05-19` - `2023-06-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-07-02` - `2022-09-30`	3 months	crt.sh
storage.re-news.tw GTS CA 1D4	`2022-08-26` - `2022-11-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-09-05` - `2022-10-26`	2 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-01` - `2022-11-30`	3 months	crt.sh
m.yap.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-07-05` - `2022-12-28`	6 months	crt.sh
yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-07-12` - `2023-01-04`	6 months	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-27` - `2022-11-22`	3 months	crt.sh
*.aralego.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-21` - `2022-11-20`	a year	crt.sh
*.wixstatic.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-30` - `2022-10-27`	6 months	crt.sh
*.prnasia.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-08` - `2022-12-08`	a year	crt.sh
*.gbyhn.com.tw E1	`2022-08-04` - `2022-11-02`	3 months	crt.sh
tls.automattic.com R3	`2022-09-19` - `2022-12-18`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-11` - `2023-07-12`	a year	crt.sh
*.t.ssp.hinet.net	`2022-04-14` - `2023-04-14`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-17` - `2023-04-04`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh

This page contains 59 frames:

Primary Page: https://reurl.cc/O4ooex
Frame ID: 1FC98E5F1580438063B4C7CCDB55986B
Requests: 37 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: 19F2E6E20AB8B75C2B2C684B797B0033
Requests: 2 HTTP requests in this frame

Frame: https://ad.sitemaji.com/native/reurl_passback.js?s=728x90_pc
Frame ID: 8716DA8E9BA3227AC891D21ACDEBF5CD
Requests: 4 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 9B0B3EF475078BC537E695CE08CFDB5A
Requests: 5 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 5609D472F485C2D39F4775D6E2623D81
Requests: 23 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 8173D957B394D0703F8D77C0AE39566C
Requests: 12 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: BF42383316930ED7400048D9F68DDCA1
Requests: 21 HTTP requests in this frame

Frame: https://img.scupio.com/html/ad.html?v=1.0.65
Frame ID: 4B4CF3F49A2FEA0785FD48160F2B58D4
Requests: 16 HTTP requests in this frame

Frame: https://img.scupio.com/html/ad.html?v=1.0.65
Frame ID: FA4C0524C2ECB66088DC3260D8FF5051
Requests: 16 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 0C708E0BF0E05FA1C40830FF2B2F6086
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Frame ID: 707C55D9E41B3B772B72B2DC7267E776
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Frame ID: 72AA0FFDFF196C572902AE38E3177DD9
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Frame ID: 415E5F25AADF05250948D1ECA6772238
Requests: 1 HTTP requests in this frame

Frame: https://img.scupio.com/js/adsbyscupio.js?v=1.0.2
Frame ID: D4D1B7AE3A0262CC3FECB8386255412D
Requests: 2 HTTP requests in this frame

Frame: https://img.scupio.com/js/adsbyscupio.js?v=1.0.2
Frame ID: 13747948AADAD23540B48D39E09F9362
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: 0CFFC58314B98B5AE230BF2146785BC4
Requests: 2 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/init.js
Frame ID: 7F76524F1E4BCB2157ED17FE85750770
Requests: 4 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/init.js
Frame ID: C2776505A332C2A7D922D89436743064
Requests: 4 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 8CB8E7C9A1AD2E1B5D342074844D7F7F
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: F5EA83ED0C3D61825A36C00C6C9346F4
Requests: 20 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 91F52D1CE6979EA534E75C188C806E3E
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: AE1B7A942895CC38779608AD4E4A838B
Requests: 19 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 05604D6981CA7F248DC9D4403EBD9D17
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: 9C4FAEE7D08101DE4001DF9208D54963
Requests: 2 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 8253158A3B7CF3679038460C49052E1B
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: 4315E2C2B48440D9676C2318300493BB
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: 7CC7C23B4532941FF575D7D707286DF5
Requests: 2 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Frame ID: AA20B326D9C3D75EDB999A2174617839
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Frame ID: C8076D7E33978C298E7E40DF859D0B0F
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: B4C1B87536B34D9802395468D528C89D
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Frame ID: 64B6DF229C7FFC1446BBE86E9F82B07D
Requests: 2 HTTP requests in this frame

Frame: https://img.scupio.com/html/ls.html
Frame ID: 1FD1B0244CB824611DCE65BD4FB12547
Requests: 1 HTTP requests in this frame

Frame: https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0
Frame ID: 61C31C323723F5DB3BBF3911A49489CB
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Frame ID: B4F66D22326D8912856E37E0E46C5C58
Requests: 4 HTTP requests in this frame

Frame: https://img.scupio.com/html/ls.html
Frame ID: BBA5226AEA5D532D36CBF12DF42C9E32
Requests: 1 HTTP requests in this frame

Frame: https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0
Frame ID: 57542125234F08F0CE298D7E468D2291
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Frame ID: F943AB55BA62930AF34921D1A4F3983A
Requests: 3 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Frame ID: 7D86D4D2E75E419ECEB497A08D1BCC85
Requests: 5 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Frame ID: 81DE43736B4FE926D46916DD39E38453
Requests: 5 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: 69639F7CF2D5B354200BAB44076809C2
Requests: 9 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: D15534CA30292049CDD7EE0194D27A7F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: C506AC865503CC4EB19A5D8D4B070ECE
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 0426B98A4AD464F76A77EA919848FB74
Requests: 8 HTTP requests in this frame

Frame: https://c6d85ec7a9819dbe89b337da69213853.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Frame ID: C2AA78C97BA9733D4E64A16EA5F9D80D
Requests: 1 HTTP requests in this frame

Frame: https://dc75fe7fed10655da611c60bb6d65efc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Frame ID: 239941A39AD5E8176D09DD924C88BD16
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122
Frame ID: 176C27E9226EA5B10D295173F9E58836
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124380&bpp=11&bdt=493&idt=159&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=1&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=1066432199&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=2507708330&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=1086572808427863&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ndgrug4yih8f&fsb=1&dtd=174
Frame ID: 8D9995BC449BCDEDEBCD87F80F8B2B37
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B9D828A839548B4EFA0A69062C86B307
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 96314EC90D7F7372351A1742C079E38B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3F93FF2609E4117057784B51A3E8B4EE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D55189561EC644D43B2C72CFE4B7C5AD
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/index.html
Frame ID: CF5EBAA3155EA8A90F6B4F5FD335B51E
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D05819604610ED54C16FA2C575F7E89A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B1EB2D58F68A9B4105BC666520541C1A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js
Frame ID: 655B70E0F78AB9528BF91269C80DDD13
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D00822588074958B4A13032FAD63C405
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 09995E7AE3E89136EF7620E6FC7CEE0C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 190FD6B084E3A63861D6DA3366D96A6C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 50E2A97516E2B0A9E47E45F5FA026588
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

縮短網址產生器 - reurl

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

358
Requests

91 %
HTTPS

46 %
IPv6

40
Domains

78
Subdomains

61
IPs

10
Countries

4080 kB
Transfer

7594 kB
Size

42
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://youtils.cc/big5gb
Title: 離開此頁

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/632d0a4eb3a8ac174db9c721

Search URL Search Domain Scan URL

URL: https://re-news.tw/prnasia/3876703_TW76703_2

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/42559

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/1884

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/30682

Search URL Search Domain Scan URL

URL: https://re-news.tw/golike/7892

Search URL Search Domain Scan URL

URL: https://re-news.tw/alphaloan/24976

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: 表情符號(emoji)

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: IP查詢

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QRCode

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: 身高/長度換算

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: 台股資訊網

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: 字數統計

Search URL Search Domain Scan URL

URL: https://youtils.cc/password/zh-Hants
Title: 密碼序號產生器

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: 日期計算機

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: 農曆轉國曆

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: UTM網址

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 64

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=KPGgfs9zDhOQg0Y9eSktYw

Request Chain 65

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=ua3Kon8lC_WqegYqeSktYw

Request Chain 77

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=4x4WH92_AL-hggFCeSktYw

Request Chain 78

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

Request Chain 124

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=OfpF73x2V1FxdUtjQlFoMGVYS1RCN3FjZFV3Zlc2elZZdm10c1E4OUwrTktNcG5GUGp2K1Y1U3QxUXVodldxYkdjSmJVcEFJeWw0cUtISWRldzR4YURFOFd1VkNPSFFUc3FwVXcvZ3A2dXpneUVmYTRzS0JUUmp4VElJY2NlNUl6OXJrdDdPNndYeTltdmtEUjdqZmFhQk1uaHIzSEpFdURvT0p4SlBMYnNKdEtBbWZtQ3VSODZWV0VCRGtRVVdKdHJXZllldkJpM2YvQmhuR2E0L3hYRTJPcEorYWdtUkxkVU02ZStuZUlIZDJabTRCRTcveWJKVnB3dVZNcVpjaG9WQ3VPNWxtMGNwbVdjVUV5OUxaZG9meTRnZz09fA&cppv=2

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_gid=CAESEHQeKbMBlLxJ_OQInBO5ZMs&google_cver=1

Request Chain 146

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_tc= HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_gid=CAESEG3Evpz5-qh17wlam8jyT5Y&google_cver=1

Request Chain 164

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=QM6XVl9hU29sTCUyRnhBcmJRYlZ0SENpdnBhQjFpeHVoWGJud2YwTjF4NldrejlhbDNMNWJGekxmaUdMRndyayUyRlNPSFA1TEJVTzZCNlRPT3hpQjNNbXZTemVDNHU2TW55bWpnYklUZDh2dmxCcXAlMkY4aW5EazdOSW01MkElMkIwcmV5NUZGSmM0ZHFwTWc0VkNJd3RpSlJ6SlJGSnQxUSUzRCUzRA&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=nCjo13xiNUltM2Y4Q2RocElVK3dBbGdWYkhRYzZ3VktRRWlUTHFlbVRCVnBrdFp2WG1BcXB6TGNPa0xvTUI3RStJOGk4b2tkSTJadWo3SDIrcTlOKzlIc04yY0tCcDBDdHVHUEJtdlVSeU82Ymp4N3RzWVNyVjRJZ0dsR0NzaFJkV0h0K0EveWEyaUhUUjlBaVd2OWo3bVk4UmM2RWt3S01wMm5CdXB0Tlh3ckxTRGN4cmF1VjZVWG85SHZMWlk4SXhZcVhCUW5WdFFBVGN1SlJSa1dWajV2ejFQOXpEeEJjU3ZBMDlJNjNoTTdFWW4xWmxJQTBWTWZUUHVUUXQzcTYrQmJyQjV5MHFUaG5zQ3lIK0lUc2dDQ3p1NCtzamdpeHJjQzVJb1FVU0NLclVERT18&cppv=2

Request Chain 167

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

Request Chain 168

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

Request Chain 171

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

Request Chain 172

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

Request Chain 177

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=QM6XVl9hU29sTCUyRnhBcmJRYlZ0SENpdnBhQjFpeHVoWGJud2YwTjF4NldrejlhbDNMNWJGekxmaUdMRndyayUyRlNPSFA1TEJVTzZCNlRPT3hpQjNNbXZTemVDNHU2TW55bWpnYklUZDh2dmxCcXAlMkY4aW5EazdOSW01MkElMkIwcmV5NUZGSmM0ZHFwTWc0VkNJd3RpSlJ6SlJGSnQxUSUzRCUzRA&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=1hWR1nxINUhUQXNjbjZRVTJEVWJSZFZORDJ3ME0xVXl0M3FwckJIOTR5d3JpSCsySnpzNHFRdDhzTWpoUU9ZZmx0REpvSEVlUG15bDZMQXNGZCs2Z3hNMnBocGk0L0gzelpud2lMREUzd0w5ektpOENOb0orYXVXZTg5NW1rTzZBRFlKT3AvRjhQbkdIQk5Yak12aFBBbTlwbzhlT3hlTU0wZ0lxejMyQVZodkFDbEU4aWdVWDhFTnZZbjI4ZmNnMk5KWVhUZHY2Smc4SnBrR2JrR2ljZTdTTGx2SHliM0kyZ3B1aVVOMnppUU5SNGk4TlNTdFZXRzNDTFZsN09BbnliT2xzdE5BblVMTWRLaitacTFJMzkxNDBqZm13cU91QVFFQUZRdjA1ZkF2bDFBYz18&cppv=2

Request Chain 180

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=QM6XVl9hU29sTCUyRnhBcmJRYlZ0SENpdnBhQjFpeHVoWGJud2YwTjF4NldrejlhbDNMNWJGekxmaUdMRndyayUyRlNPSFA1TEJVTzZCNlRPT3hpQjNNbXZTemVDNHU2TW55bWpnYklUZDh2dmxCcXAlMkY4aW5EazdOSW01MkElMkIwcmV5NUZGSmM0ZHFwTWc0VkNJd3RpSlJ6SlJGSnQxUSUzRCUzRA&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=zbUHenx5NUlFNGl4dG9yNFIyZ1RIODVZMGEwb0RUb081dXFMZjhGYjVWMDEwR1EvajZveFN4YitmYzh2c2x6SVRYc05wSldURXRaWlpubWZjWVlBU3QyMUlvQ0FWRmJoV0NwWU94bENsa0ZET2FtRWNaR3pleEprdjJHSGVweGNSVDB2YkRrQjI2cE40WjVCUTdnUEViQUo5TS9yZzkycm5CZ0ZHMENZbkFnMVNiYmpLZFVMTkc5eE5VdWc5MjVmeXNaZEE5VllNNTZJaERZbkU3UFZkRDJXUER2Ly9MMEpxWkxCeDRUYTFwcEFubFlLMXhiVFowQkwydWhMYlVSUXpiMlN2VVpEUUxQRVFJL3pEdUJseTArNldadXEybXpGNmZGYUFRVkhBbzRnVUNlND18&cppv=2

Request Chain 203

https://gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=FwOL63xPdWFJWXIvai9QTENRVEg3QWlZTHJPajRBSC81M1ZuYzNycm16amZ4MmxhcU5kTWd4eG4wSWV2dFBuWlkwRjNPQlF1ZzBUeUdCbjUwU2VHY0FzRm5HYXZiQ0cxWW1pamdJZklONEFJSlFxemtvR21RV21IbXJRUGdEaUxteDk4YzVzdlhCVWFucWM2bGhRbklOdEluZVI2QkdKeHB3Wm9sN0NLU0ZHZHBsMnc0eC9TVlNkZzAzWi9SdG52SnJPbHBreTlyT3haZlhRVmRsOFlNTndDVFVRWGxGb2VGZFZYY08xclZhTXc1RGljTDVpUEZWOFJSSzRNWlh0NFVMcFFGVFkrc3dIYTBrMFhJNGdsR0N2cTNadTJWQnJKdXlpbUpESTMybXhoMlNLUT18&cppv=2

Request Chain 204

https://gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=k4cSu3xWVkI4WlB4am13ZGk5MDJjRG56QkJrS1hYdmJ2TjRTNndjNy9YeGNueDIzeFlNWHhSdXFIc3pKOFlqZEppTDFXMmd5dUFFcmxpUFRLelpmaUJUaWFWTm1YNXJUSmNhQURMdHNQMjVvOC9CdUdabi9odTY5K2tiSlVRbjRYWm5tZDNpT3dTYmVxTmZhK2NydmtCVjFadytxTkI3dlJQdTFIb2hJUC9jWlE0ZGFDV1FJS0VvY29CSk1oV3NqMFJkM0FySGdLcjllQnRzaENKQ3BZQUNWZ3FleEJpVWYyT2tUeEJoUDUreDdsK3hjb1Qza3lUR2tHREN1Vi9uU2xDTzhvSHdZTEI1U0JCbmtWaXVKaDQ5Nm93OWRTYUxjaGU4OUE0M0JLZSs1aTZDMD18&cppv=2

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q0tBMjAyMjA5MjMxMTM1MjIzMDE1ODM%3d&layout=js HTTP 302
https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0

Request Chain 210

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac HTTP 301
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac

Request Chain 212

https://sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CKA20220923113522301583 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/fe9655d5-7ed8-358f-b5e6-6b6561b8cc96?gdpr=0&euconsent= HTTP 302
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-jIw2fHtE2oXKSDNXWYYhAASehzTKKp9pX8aRbuI-~A&redirect= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=

Request Chain 214

https://cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q1ZBMjAyMjA5MjMxMTM1MjI1MzIxMjY%3d&layout=js HTTP 302
https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0

Request Chain 215

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac HTTP 301
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac

Request Chain 217

https://sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CVA20220923113522532126 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/fe9655d5-7ed8-358f-b5e6-6b6561b8cc96?gdpr=0&euconsent= HTTP 302
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-vaYyvi9E2oV4LQkz.pCcEviv8orUUVaOj0tFggI-~A&redirect=

Request Chain 222

https://ads.aralego.com/sdk HTTP 301
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

Request Chain 223

https://ads.aralego.com/sdk HTTP 301
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

Request Chain 268

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=4EMQC3x4ZHZ5aXRFcmVvYTNET1FYRUJCbzBoc1IwVU93OGN0S1duVlFkQ1dtUFU4YTN4S0huNnpxZnh6eHo1ZkRUbktGL3hvaVdFWk0vZHpvM3pSdUM5QmtHYXp4S1lRakRXY0NQT0kvM1NaeE5ZVXQybGdlVm1YcndjYWFzNFQ5MzAyaHNERnNLeHpkWHZqV2RqOWVhSVVHdXYxRFlkMnFrOFNlQ1FRa041U3RRZ2tlTlp2dDVRcVlSR2F4blBKWjd5Q0p0TzkvdDU5ZUxMTWM1clR6S2RGSlo4OHBvc2FHc2F4T1JzcjYyMFVsZG1aeDhWeXgwWFFNUXkwUU52S2MwS0dPa21SOEhyYUQvK2NEbjlraWRoVEdIRGpRdm04dHZRdUlJUTRxSDVMYVpEST18&cppv=2

Request Chain 274

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=Y_7OmHx1dGRCbzdQUXBGbmw2eXdQNCt4OTdMejdsZ0Z1L3U3UE1IVTZPMFQwenJlTis1OW1aR0JrbnYybUVQdWFuQTU1cTRjRWNKd2k0QXMrVTcxeUFWVncyNE5TekxEbGtTeUhzeUJZMnJOU3NQTDgvTWFITnFTdlE1S0ZPcldmRm5Tb2t6b0FoT0lqWmhLNXZjZWdXLytYU0lMamFiTmlYTWRNVGwrT2EvMWNLSEhuaHdtYmJ3VGNwb1FOd3ZiWnlYeE9NZWxBR0JxM3pKbkd1a1puaVYvclg2bkJ0VDMzVE1FSWtGUEZKa1ZadGt6V2lFTjFIN2RiYnlBeHkvWlp4aFVDYVcwc3dNVW5hbXMvRVJiVVg5dWlhVGQrRWlCMW9hc3g0OHN5QTRUNDBYYz18&cppv=2

Request Chain 314

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 316

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEE_RC8FCmRENiCiC8k8A1yo&google_cver=1&google_push=AZmPxg-HkrWhxMSLkHH17-xbFao75KAkrLCftXtnYQQQXBsfHMB7DSVqR03QfnuzlB8EeQ62Xj4Ldko8WIfis23Qe21TlV1K5g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AZmPxg-HkrWhxMSLkHH17-xbFao75KAkrLCftXtnYQQQXBsfHMB7DSVqR03QfnuzlB8EeQ62Xj4Ldko8WIfis23Qe21TlV1K5g&google_hm=R69Us9gWQbmIQmM_ItSZvgc

Request Chain 317

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECLpFUDwvttOGEw2u2wsink&google_cver=1&google_push=AZmPxg-Ov7-p5FsQ5WcDlD2Uq8ziqH7HCq8VPEaEqy-i-rfQMV3K-7Ipfhrquc0yN6hJ3I_gZKveO8J1LO0phHmeNARypDpjAB8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-Ov7-p5FsQ5WcDlD2Uq8ziqH7HCq8VPEaEqy-i-rfQMV3K-7Ipfhrquc0yN6hJ3I_gZKveO8J1LO0phHmeNARypDpjAB8&google_hm=ODA1NzM1MjMwODE2MTcyMTUzNA%3D%3D

Request Chain 318

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAPqWh6SN4piym1vki8lvWg&google_cver=1&google_push=AZmPxg9UIK55bjuM3zbd9RP054MX_WtB3Jxe8QGphaVNJoi8gnN2ouqO1F6-f5svaVppNXPUBodmodB1qIedZh6MrGpxmAEMRg HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEAPqWh6SN4piym1vki8lvWg&google_cver=1&google_push=AZmPxg9UIK55bjuM3zbd9RP054MX_WtB3Jxe8QGphaVNJoi8gnN2ouqO1F6-f5svaVppNXPUBodmodB1qIedZh6MrGpxmAEMRg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzEyNzc3ODg3NTIyMzQyNzA0OA&google_push=AZmPxg9UIK55bjuM3zbd9RP054MX_WtB3Jxe8QGphaVNJoi8gnN2ouqO1F6-f5svaVppNXPUBodmodB1qIedZh6MrGpxmAEMRg

Request Chain 320

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAIgYMQ4SyVoc7aEao6J_lQ&google_cver=1&google_push=AZmPxg8E_zBuIJzd_w-kDuWs6-FtNmnAFFYQ9onnkgkcT6pmzc_8Ut_QhdnedFvHd0ndbhjaHK7MLEfN3Ct6mGMFigLRRaH2p4w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhEWEpaVlktSi1HNTRU&google_push=AZmPxg8E_zBuIJzd_w-kDuWs6-FtNmnAFFYQ9onnkgkcT6pmzc_8Ut_QhdnedFvHd0ndbhjaHK7MLEfN3Ct6mGMFigLRRaH2p4w

Request Chain 321

https://match.360yield.com/match/ebda?google_gid=CAESEPyyBlX3FtyMojZ64G8_hxU&google_cver=1&google_push=AZmPxg80L4XAzvhNDGA8J9pZbtiCoAxs0ON4iMDOt6FPgy0qibFumXztMker1QKoDj3yIVakRhwG2hATeu7wiqvseDz8M21SLA HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEPyyBlX3FtyMojZ64G8_hxU&google_cver=1&google_push=AZmPxg80L4XAzvhNDGA8J9pZbtiCoAxs0ON4iMDOt6FPgy0qibFumXztMker1QKoDj3yIVakRhwG2hATeu7wiqvseDz8M21SLA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=wzeuaNgzSHm-fiKuh857og&google_push=AZmPxg80L4XAzvhNDGA8J9pZbtiCoAxs0ON4iMDOt6FPgy0qibFumXztMker1QKoDj3yIVakRhwG2hATeu7wiqvseDz8M21SLA

Request Chain 322

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEI0RgOeFBrlCahlE_K3taqs&google_cver=1&google_push=AZmPxg9y4Mh5o5cfGCuur9L3dfBnrfn_rMmVg_qvs-jn2UnsZECcSQQ7sNBcPLzWU4ucaJDlercptZCfhjpONzW0LqjxLxj1j5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS16ZVFIZ2FCRTJ1R2xWUFRfcHRQY1pxOVdhUkozLmtKRX5B&google_push=AZmPxg9y4Mh5o5cfGCuur9L3dfBnrfn_rMmVg_qvs-jn2UnsZECcSQQ7sNBcPLzWU4ucaJDlercptZCfhjpONzW0LqjxLxj1j5c

358 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request O4ooex Show response
reurl.cc/ 7 KB
3 KB 786ms
260ms Document
text/html 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5f581613c740a972002493f36081b57af98a599976986a9d11c2b7aacf55500c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 03:35:19 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
25 KB 59ms
25ms Stylesheet
text/css 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16049603
x-jsd-version: 4.3.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19143-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EWq5rT67vjJm96ODlSFCYCGjPA4GZDA9BnFEjgREOTr7LOOEpYUR4NlSdLwbPq1lO75m9YxnLhHrcu5McEsP8Rri%2FPIO0o%2FnpjBOb%2F%2FzwW%2FtlbjYBYltVZg3UDMuX7LUduLdWNIIec0Y8P%2Fae6M%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 74f03ace89499bee-FRA

GET
H2 200 style.css
reurl.cc/stylesheets/rwd/ 2 KB
1 KB 261ms
259ms Stylesheet
text/css 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/stylesheets/rwd/style.css
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/O4ooex
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
last-modified: Wed, 21 Sep 2022 12:53:44 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"632b0958-9f6"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
expires: Sat, 23 Sep 2023 03:35:20 GMT

GET
H2 200 pixel.js Show response
reurl.cc/javascripts/ 429 B
524 B 263ms
261ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/O4ooex
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
last-modified: Wed, 21 Sep 2022 12:53:44 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"632b0958-1ad"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sat, 23 Sep 2023 03:35:20 GMT

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ 5 KB
2 KB 1153ms
292ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 23 Sep 2022 03:45:21 GMT

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.6.11/dist/ 91 KB
35 KB 62ms
29ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.6.11/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e0156dd49c03744e79bbea60eebbbb94b5811c1b71b91f5fb38a8270dedfbaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7526719
x-jsd-version: 2.6.11
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19174-FRA, cache-iad-kiad7000101-IAD
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"16de6-q9I58ClmstMksFEsIDvbr4Kk7Xo"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AXjhZKdGOEWcZHuoDjpnEX4LWndeqsLs2%2FjRmw9WyBAE9AJJDdRmMpgKrU08o0kvPxmoo0RDDGiOmc1MpbQlfECVmi2VsU1gYzQKpFsFQIFLT9dw0uIRJipcbXCAXTAuTKSR95Q5Uh%2FoJuaR%2FUQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 74f03ace894a9bee-FRA
access-control-expose-headers: *

GET
H2 200 renews.js Show response
reurl.cc/javascripts/ 412 B
493 B 264ms
263ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 52bb2d07b65ec544edeb2a33f4103397a28f036f0d100090f3e17e4364aea1fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/O4ooex
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
last-modified: Wed, 21 Sep 2022 12:53:44 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"632b0958-19c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sat, 23 Sep 2023 03:35:20 GMT

GET
H2 200 ysm_reurl.js Show response
ad.sitemaji.com/ 17 KB
6 KB 59ms
16ms Script
application/javascript 35.186.215.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.sitemaji.com/ysm_reurl.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.215.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.215.186.35.bc.googleusercontent.com
Software: nginx/1.12.1 (Ubuntu) /
Resource Hash: 8290d97b04510b940ddca9f2aea802eaafb36fc7a8f52e4466ed2b77db35c632

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 16:28:19 GMT
via: 1.1 google
last-modified: Thu, 20 Jun 2019 08:55:05 GMT
server: nginx/1.12.1 (Ubuntu)
age: 40021
etag: W/"5d0b49e9-4488"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400,public
content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5880
expires: Fri, 23 Sep 2022 16:28:19 GMT

GET
H2 200 ad.js Show response
img.scupio.com/js/ 76 KB
23 KB 87ms
18ms Script
application/javascript 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/ad.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: 0b7c985fafda17e8085fb6ba1cc58444ae9aad39a3f721a627db9e64d4491cea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:30:58 GMT
content-encoding: gzip
last-modified: Mon, 19 Sep 2022 02:16:55 GMT
server: nginx/1.12.1
age: 262
etag: W/"6327d117-12f95"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: yXTAnU4LhkyWInOnHBebFP61gBOXhufpDJ1iF74ZH1THxrW4OTJe1g==
expires: Fri, 23 Sep 2022 03:45:58 GMT

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ 6 KB
7 KB 74ms
18ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 17
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:04 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: JXxjbfLRNxW7J9dNIKIP-lcWCA0MIR_qjWVKDcVeFyujoeu3N5Uxag==

GET
H2 200 ga2.js Show response
reurl.cc/javascripts/ 536 B
550 B 266ms
265ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/ga2.js?v=2
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/O4ooex
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
last-modified: Wed, 21 Sep 2022 12:53:44 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"632b0958-218"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sat, 23 Sep 2023 03:35:20 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 101 KB
27 KB 52ms
16ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/pixel.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

844bfb2ff3311ad9b5611b51d8c72e0c483a8ceafe7c625a5c321637f9277399

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26839
x-xss-protection: 0
pragma: public
x-fb-debug: O/jfvsUehdWgsZpGaXLHhpjfgVtoBJYEDIAWypM16AUc9VawuFsQD+nb5AmE/ul2mRPVaH5bsR6oa0CkJIn2kw==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 23 Sep 2022 03:35:20 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 feeds Show response
storage.re-news.tw/ 6 KB
6 KB 325ms
280ms XHR
text/html 35.244.196.223
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.re-news.tw/feeds
Requested by: Host: reurl.cc
URL: https://reurl.cc/javascripts/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.196.223 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 223.196.244.35.bc.googleusercontent.com
Software: / Express
Resource Hash: 4ab817e84ed6ba6394292dc5d7f7b7cf065b50460889a578a06372e63f7df6d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
via: 1.1 google
etag: W/"1627-90Pn1IYg7k4+HYY7XgqI0+hP/mE"
x-powered-by: Express
vary: Origin
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5671

GET
H2 200 page.php Show response
www.facebook.com/plugins/ Frame 19F2 15 KB
9 KB 94ms
53ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

90277255b3f8c5538bc6faa583614a10086f37f699ea5b6b4b1a3895e3f1ad3e

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Fri, 23 Sep 2022 03:35:20 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
pragma: no-cache
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: kfIDRTqJtLRyNyXBu3NniHlTOFRk7MYIu7SBAecHU0yrHJ256ArwXnuxE7a1BT7zgg3fY7tThBiLsPut9C8qBA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 53ms
15ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/ga2.js?v=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
server: Golfe2
age: 1162
date: Fri, 23 Sep 2022 03:15:58 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19826
expires: Fri, 23 Sep 2022 05:15:58 GMT

GET
H2 200 reurl_passback.js Show response
ad.sitemaji.com/native/ Frame 8716 15 KB
5 KB 16ms
15ms Script
application/javascript 35.186.215.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.sitemaji.com/native/reurl_passback.js?s=728x90_pc
Requested by: Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/ysm_reurl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.215.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.215.186.35.bc.googleusercontent.com
Software: nginx/1.12.1 (Ubuntu) /
Resource Hash: 9106df425157d837db9798b2b26f25f27f9a4e803f2fb0b2851c88492bec14fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 12:33:20 GMT
via: 1.1 google
last-modified: Thu, 29 Aug 2019 10:21:10 GMT
server: nginx/1.12.1 (Ubuntu)
age: 54120
etag: W/"5d67a716-3bbe"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400,public
content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5256
expires: Fri, 23 Sep 2022 12:33:20 GMT

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 9B0B 5 KB
5 KB 16ms
16ms Document
text/html 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 34
content-length: 4730
content-type: text/html
date: Fri, 23 Sep 2022 03:34:46 GMT
etag: "c36f5eb091d6195fe8b68f3b263f999b"
last-modified: Mon, 22 Aug 2022 03:00:17 GMT
server: AmazonS3
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
x-amz-cf-id: PtkVFRIDz6IIReQ-E0J4b1kmjx3UaeX_dly7JzhMer3X2HgMpC2szQ==
x-amz-cf-pop: FRA60-P2
x-amz-version-id: 9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ 662 B
1013 B 16ms
15ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 44
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:45 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 662
x-amz-cf-id: 1wUr2cwGq5Bfc4to-uTYOZNwA36DsTw2oIYLXgXxN1wnOhyKFSmdLw==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 5609 9 KB
10 KB 17ms
17ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Mon, 22 Aug 2022 03:00:16 GMT
server: AmazonS3
age: 16
etag: "ddf163a3d8381378b3e35e39339ad7ab"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:04 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 9530
x-amz-cf-id: wU_APsFJjHGLrnDbTpyuTSLCBPLMLVMB3jRYMpw6dzP3OXN3I32gJg==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 8173 9 KB
10 KB 16ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Mon, 22 Aug 2022 03:00:16 GMT
server: AmazonS3
age: 16
etag: "ddf163a3d8381378b3e35e39339ad7ab"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:04 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 9530
x-amz-cf-id: kkqRJzVitIboA-MtX-_7OANzEhrWs4Ynm7dDOF4clQ7qxwu3MwmfVA==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame BF42 9 KB
10 KB 16ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Mon, 22 Aug 2022 03:00:16 GMT
server: AmazonS3
age: 16
etag: "ddf163a3d8381378b3e35e39339ad7ab"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:04 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 9530
x-amz-cf-id: 1a-jgJ8_KNimhrBVUaafD1YfBdnvwa9X2qAKGqgt_6e5IqtP_hipnQ==

GET
H2 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 25 KB
8 KB 16ms
15ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.83&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

56fb18913b2eddfa3bf80ae8c50be2d955e7337d963db5463622fd71d1312e23

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 7342
x-xss-protection: 0
pragma: public
x-fb-debug: bpethNtvkb5Lko+9EW0tHmhBRZ8hW+CcA66Z3ltjLxV3/ftlnrnIbLcW30AB46Ps7Ak8gNiVPlRWU8DywhHxjg==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 23 Sep 2022 03:35:20 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 17229.json Show response
img.scupio.com/js/config/ 461 B
869 B 48ms
16ms XHR
application/json 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/config/17229.json?v=1.0.3839
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: b8b96e3b461d44bd76d9458dca5ed5af89f46a940d9055792a0eefcdc2700366

Request headers

Accept: application/json, text/javascript, */*
Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:33:16 GMT
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
age: 124
x-cache: Hit from cloudfront
content-length: 461
last-modified: Fri, 23 Sep 2022 02:20:49 GMT
server: nginx/1.12.1
etag: "632d1801-1cd"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=10800
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
x-amz-cf-id: 3WsBHaNZ8bdw54lPp5akOi6e_J9NXxocidSPFClCFHC653FVJCCgNw==
expires: Fri, 23 Sep 2022 06:33:16 GMT

POST
H/1.1 200
OK adreqlog.aspx Show response
bw.scupio.com/adpinline/ 0
711 B 1206ms
299ms XHR
application/json 210.59.219.180
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.10927927461563924
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 210.59.219.180 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/javascript, */*
Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 23 Sep 2022 03:35:20 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Cache-Control: private
Access-Control-Allow-Credentials: true
Content-Type: application/json
Content-Length: 0

GET
H2 200 ad.html Show response
img.scupio.com/html/ Frame 4B4C 83 KB
22 KB 18ms
16ms Document
text/html 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/html/ad.html?v=1.0.65
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: f670c1ad9fafff4387b4474fda0e68b090c975ddc416cf9f2aa64f50e1a4077c

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2951
cache-control: max-age=2592000
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 23 Sep 2022 02:46:09 GMT
etag: W/"62fdf772-14d93"
expires: Sun, 23 Oct 2022 02:46:09 GMT
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
server: nginx/1.12.1
vary: Origin
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
x-amz-cf-id: TSvNCxTmdoAYCc7jQRG-9TGn6m38ocSOcnsxrveQUfUGoJBhAjOcvw==
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront

GET
H2 200 17253.json Show response
img.scupio.com/js/config/ 461 B
870 B 39ms
16ms XHR
application/json 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/config/17253.json?v=1.0.3839
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: cf54f4d1637c6abe4cde4a759e38dfef433e152e192b7a964c8aa01c22bfab68

Request headers

Accept: application/json, text/javascript, */*
Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:33:16 GMT
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
age: 124
x-cache: Hit from cloudfront
content-length: 461
last-modified: Fri, 23 Sep 2022 02:20:49 GMT
server: nginx/1.12.1
etag: "632d1801-1cd"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=10800
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
x-amz-cf-id: oa37Ho8GbYtD8XzdoFjvlJ6vBzSRsqfHrIcS3g6H8vyhh8x5pGcWMg==
expires: Fri, 23 Sep 2022 06:33:16 GMT

POST
H/1.1 200
OK adreqlog.aspx Show response
bw.scupio.com/adpinline/ 0
711 B 1202ms
300ms XHR
application/json 210.59.219.180
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.4640348972570132
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 210.59.219.180 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/javascript, */*
Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 23 Sep 2022 03:35:21 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Cache-Control: private
Access-Control-Allow-Credentials: true
Content-Type: application/json
Content-Length: 0

GET
H2 200 ad.html Show response
img.scupio.com/html/ Frame FA4C 83 KB
22 KB 19ms
18ms Document
text/html 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/html/ad.html?v=1.0.65
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: f670c1ad9fafff4387b4474fda0e68b090c975ddc416cf9f2aa64f50e1a4077c

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2951
cache-control: max-age=2592000
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 23 Sep 2022 02:46:09 GMT
etag: W/"62fdf772-14d93"
expires: Sun, 23 Oct 2022 02:46:09 GMT
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
server: nginx/1.12.1
vary: Origin
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
x-amz-cf-id: kYYs3Vvc9HaUh0RnhLfAm3ndy8CPO0GENXFMMgYHQFY6FD70QLbw5g==
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront

GET
H2 200 native.js Show response
s.yimg.com/dy/ads/ Frame 8716 78 KB
30 KB 81ms
22ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/dy/ads/native.js

Requested by

Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/native/reurl_passback.js?s=728x90_pc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

a19902458ab4a5513642a87b381b9183a2fc725849b581fd953e22d824d1c5a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
age: 220
x-amz-server-side-encryption: AES256
x-amzn-internal-status: 304
x-amz-request-id: BJ44KFTT9EFRD5QP
x-amz-id-2: kUAxlVMP9UmxTiNmuzAJ9rfwUP3pk+VoOoQWIha2qQCtySwEwd0CQdm6CQgNw3i+6pccDHgA81s=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 08 Feb 2022 12:02:57 GMT
server: ATS
etag: "7e002e241fddeeb8dd76383206c47a3d-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: application/javascript
vary: Origin, Accept-Encoding
cache-control: max-age=600
accept-ranges: bytes

GET
H2 200 cm.php Show response
fcm.holmesmind.com/ Frame 0C70 39 B
191 B 153ms
113ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 03:35:20 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 9B0B 5 KB
2 KB 991ms
294ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 23 Sep 2022 03:45:21 GMT

GET
H3

200

cm
c.holmesmind.com/ Frame 9B0B
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
16 B

148ms
132ms

Image
text/html

35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Fri, 23 Sep 2022 03:35:20 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 54ms
22ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j97&a=1518115489&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FO4ooex&ul=en-us&de=UTF-8&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=339690759&gjid=7924124&cid=1137796233.1663904120&tid=UA-102456694-1&_gid=1232033890.1663904120&_r=1&_slc=1&z=2083377665

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 45ms
15ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j97&a=1518115489&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FO4ooex&ul=en-us&de=UTF-8&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=&el=&ev=1&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=1137796233.1663904120&tid=UA-102456694-1&_gid=1232033890.1663904120&z=2095788106

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Sep 2022 22:58:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 16601
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 5609 756 B
690 B 83ms
16ms Script
text/html 2600:9000:2250:ec00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13847
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ec00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ce1e17725c0565bbdb0d7342bd669fea135d89a610c5f1c9ae7d0eed5e118267

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:33:19 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 121
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: KJm3kpvKIHDTGgk9rOyuhErHG2SIx0V3oGhjYhNUvt3O19wh3-rffg==
via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 8173 575 B
642 B 66ms
16ms Script
text/html 2600:9000:2250:ec00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13856
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ec00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 22d4fe7a41e1b5ac442faeccace387a6e59c4f056bc35b71f1b65cf42e7a6721

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:33:19 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 121
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: r_q64JR1nLOIK9SZ6idei899ptv6QWGaaAKr97VVLjJr2XTDSvtdPg==
via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame BF42 760 B
692 B 66ms
16ms Script
text/html 2600:9000:2250:ec00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13848
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ec00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 37f7cb504e24d04c0a0ad415ed8612013957406bceb5dc53e21ce7480ecbe46d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:33:19 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 121
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: NWksTP5qcE2V9gbzXSfBx9uvfxXLs1R9s680ZK22s799lhScTyNGCw==
via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 33ms
15ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FO4ooex&rl=&if=false&ts=1663904120522&sw=1600&sh=1200&v=2.9.83&r=stable&ec=0&o=28&fbp=fb.1.1663904120521.1976832040&it=1663904120455&coo=false&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 23 Sep 2022 03:35:20 GMT
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i

GET
H2 200 7yU0uQa9Hwu.css
static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/ Frame 19F2 21 KB
6 KB 48ms
16ms Stylesheet
text/css 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/7yU0uQa9Hwu.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b4f1fbe0146f2a085aea307c95961206534f52817dcfaf81686364842d59a642

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: EyoJuh851TXvTGLWgkOLQw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 5237
x-fb-rlafr: 0
x-fb-debug: vrheY+AJd4VszcuMWn49AflpY80TzHkR0LFWq5vGRsMH220XrGiszl1Gy4gmwOATU2e29BvDs8eZBDBeOMIshw==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 22 Sep 2023 17:42:58 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ Frame 4B4C 95 KB
34 KB 55ms
16ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 16:04:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41452
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Sep 2023 16:04:28 GMT

GET
H2 200 prebid.js Show response
img.scupio.com/js/ Frame 4B4C 236 KB
83 KB 16ms
16ms Script
application/javascript 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: 97a8ac3778e546a6f181085011be6050889e44dd212ac3e9782389f0b853c23d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:34:45 GMT
content-encoding: gzip
last-modified: Tue, 28 Jun 2022 05:54:43 GMT
server: nginx/1.12.1
age: 35
etag: W/"62ba97a3-3b047"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: DnNk0Z1lpyJE1Y35UJ3Z66MWaukpY6moXfDIjZZnR4FA__8QBXKYYA==
expires: Sun, 23 Oct 2022 03:34:45 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ Frame FA4C 95 KB
33 KB 69ms
31ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 16:04:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41452
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Sep 2023 16:04:28 GMT

GET
H2 200 prebid.js Show response
img.scupio.com/js/ Frame FA4C 236 KB
83 KB 28ms
28ms Script
application/javascript 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: 97a8ac3778e546a6f181085011be6050889e44dd212ac3e9782389f0b853c23d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:34:45 GMT
content-encoding: gzip
last-modified: Tue, 28 Jun 2022 05:54:43 GMT
server: nginx/1.12.1
age: 35
etag: W/"62ba97a3-3b047"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: vQiedHJVaAwVwRZsKcBGSqwCTnpkxc-aPNEjd5nwV2NOnWQVyFAvSw==
expires: Sun, 23 Oct 2022 03:34:45 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
437 B 87ms
28ms XHR
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-102456694-1&cid=1137796233.1663904120&jid=339690759&gjid=7924124&_gid=1232033890.1663904120&_u=IEBAAEAAAAAAAC~&z=1481449111

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 23 Sep 2022 03:35:20 GMT
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame BF42 2 KB
1 KB 771ms
261ms Script
text/html 52.68.234.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FO4ooex&n=886&o=1&d=1&b=2&ts=1&ii=3&FPCK=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.234.1 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-234-1.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: b110565ed138515c44d822bcea94f7f7ee78433a4259ef6dbccc94cd5fdfd448

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame BF42 3 KB
3 KB 17ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 14
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:07 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: g3iSu_ZzgfpD9AiAsR9h68JG459AZ-CDRJJCVdh-0Ph3902d9rXrAw==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame BF42 121 KB
40 KB 148ms
74ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e78c5380563a8a078ca08254718d91472579bdcd61e6b34b1dfacb0f786ed213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-1e2be"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 24 Sep 2022 03:35:20 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame BF42 2 KB
3 KB 18ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 14
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:07 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: max38wM4TdC2t4mWs0svIVxiOSJE2EKCKO2Aa7Rk44_Of2c9MFtjgQ==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame BF42 4 KB
5 KB 17ms
15ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
server: AmazonS3
age: 45
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:47 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 4530
x-amz-cf-id: qpC8Qk0ZetErOHYrHMHsPrXW1My0PR-9EbLzfG6fFO6a8_prqh-kMA==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame BF42 3 KB
3 KB 17ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 56
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:25 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: PbHDNdw3W5fRIuqY2tWZnyCAsDUltT6jOVd28gWQc38fpV7zQIdaSw==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame BF42 2 KB
2 KB 18ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e570f8141d41df3abad708fc1004b9cf7bdb8ad8e21272fe4e98c9e4a1f5210e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: dBlooN6arZMofCTLArAt5I1VZ5CKOojq
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Thu, 22 Sep 2022 05:41:36 GMT
server: AmazonS3
age: 56
etag: "7a44224e99ea18760e0a70be19eade53"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:25 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2164
x-amz-cf-id: P_91dNJeiA5HOSI5ryZsamGhC9vqSNOJVI8dMXVQeVbR8nvTNROT3g==

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 5609 0
215 B 766ms
258ms Script
text/html 52.68.234.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FO4ooex&n=252&o=1&d=1&b=2&ts=1&ii=3&FPCK=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.234.1 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-234-1.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 5609 3 KB
3 KB 18ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 14
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:07 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: jEAFuw6g3RI3N3zsHxZaoRdKFLxO-bs5NHWKh8p2qKRVkjhkGVuJLg==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 5609 121 KB
40 KB 119ms
46ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e78c5380563a8a078ca08254718d91472579bdcd61e6b34b1dfacb0f786ed213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-1e2be"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 24 Sep 2022 03:35:20 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 5609 2 KB
3 KB 19ms
17ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 14
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:07 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: hxu8dcBF7wDiD0lrc2qL4eVCGuTr_1pzDzThw9bIudy3KbXjQa9rAA==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame 5609 4 KB
5 KB 19ms
18ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
server: AmazonS3
age: 45
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:47 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 4530
x-amz-cf-id: 7AxY61QrPM4au6570bGP2Se2LtXWy-YRhF9detdjMSBzrxU5oH5-5Q==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 5609 3 KB
3 KB 20ms
19ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 56
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:25 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: cucDtO70-npuPa2h9iazSbpADPmjRvJ-piu19cjvwaeJtwJbCMr4wQ==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame 5609 2 KB
2 KB 21ms
20ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e570f8141d41df3abad708fc1004b9cf7bdb8ad8e21272fe4e98c9e4a1f5210e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: dBlooN6arZMofCTLArAt5I1VZ5CKOojq
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Thu, 22 Sep 2022 05:41:36 GMT
server: AmazonS3
age: 56
etag: "7a44224e99ea18760e0a70be19eade53"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:25 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2164
x-amz-cf-id: AzsnZpWC1O5nH3CxhgbPA4U3QCaOlv54JeY6g98-DxL4uGeql_eG6Q==

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 8173 2 KB
1001 B 769ms
264ms Script
text/html 52.68.234.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FO4ooex&n=805&o=1&d=1&b=2&ts=1&ii=3&FPCK=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.234.1 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-234-1.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 7a9ff1ed95388b22fd62f8ee961e5d202454edd764f882b622c5ebb104aacef1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 8173 3 KB
3 KB 26ms
26ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 14
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:07 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: lyBLMzvyMsqCw9Dbd9Galma1eJNuwjPr3To5GQFkfMms8ejey5lqZQ==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 8173 3 KB
3 KB 27ms
26ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 56
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:25 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: dGmCKPqhQCLpsQf8sOcbgXuy62NjAeWxaWtLUbQTkJLdlBAKkimTvw==

GET
H2 200 getAds.do Show response
ads.yap.yahoo.com/nosdk/wj/v1/ Frame 8716 290 B
468 B 151ms
51ms Script
application/javascript 212.82.100.146
YAHOO-IRD

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FO4ooex&caps=16&cb=jsonpCallback0

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

212.82.100.146 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

media-router-flurry71.prod.media.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

f7a8e9ba173126956cea416f7d8039002d47e39abd29f782ac164884ed216c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding, User-Agent
content-type: application/javascript; charset=UTF-8
strict-transport-security: max-age=31536000

GET
H2 200 b
geo.yahoo.com/ Frame 8716 43 B
446 B 131ms
42ms Image
image/gif 2a00:1288:110:c204::b000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://geo.yahoo.com/b?t=xhkd7&9sdk8454

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:20 GMT
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
x-envoy-upstream-service-time: 1
content-type: image/gif
content-length: 43

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame BF42 0
170 B 524ms
173ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:21 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame BF42 0
40 B 936ms
311ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.7935434576672766
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://reurl.cc
cache-control: private
access-control-allow-credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame BF42
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=KPGgfs9zDhOQg0Y9eSktYw

2 B
19 B

319ms
286ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=KPGgfs9zDhOQg0Y9eSktYw
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 23 Sep 2022 03:35:21 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=KPGgfs9zDhOQg0Y9eSktYw
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame BF42
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=ua3Kon8lC_WqegYqeSktYw

2 B
19 B

321ms
287ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=ua3Kon8lC_WqegYqeSktYw
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 23 Sep 2022 03:35:21 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=ua3Kon8lC_WqegYqeSktYw
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 5609 0
170 B 681ms
343ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:21 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 currency.json Show response
img.scupio.com/js/config/ Frame 4B4C 108 B
496 B 15ms
15ms XHR
application/json 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/config/currency.json
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: 48442398798a84e51c866bdd646ff1498edef901b08ddbb68fec7ea4193ff027

Request headers

Referer: https://img.scupio.com/html/ad.html?v=1.0.65
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 23 Sep 2022 03:33:52 GMT
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
last-modified: Thu, 22 Sep 2022 19:15:04 GMT
server: nginx/1.12.1
age: 128
etag: "632cb438-6c"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/json
cache-control: max-age=10800
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 108
x-amz-cf-id: qaA8BdMWo77ShmG4LlIJW5wibB7eV80cS5HzB95DeOwLj4HZ41Oqiw==
expires: Fri, 23 Sep 2022 06:33:12 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 65ms
27ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1137796233.1663904120&jid=339690759&_u=IEBAAEAAAAAAAC~&z=958337986

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 65ms
28ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1137796233.1663904120&jid=339690759&_u=IEBAAEAAAAAAAC~&z=958337986

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 4B4C 0
176 B 474ms
188ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://img.scupio.com
date: Fri, 23 Sep 2022 03:35:21 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 4B4C 0
163 B 867ms
307ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.5540741086589265
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://img.scupio.com
cache-control: private
access-control-allow-credentials: true

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 4B4C 0
215 B 81ms
28ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=67951787994

Requested by

Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H/1.1 204
No Content header Show response
hb.aralego.com/ Frame 4B4C 0
176 B 450ms
133ms XHR
text/plain 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&pubcid=26c5fa01-f405-428f-8c56-92373ddd109f&u=https%3A%2F%2Freurl.cc%2FO4ooex&host=reurl.cc&xr=0&ao=https%3A%2F%2Freurl.cc&ucfUid=819483bd-d672-45fb-a5e9-e1b9cdfc271c&w=300&h=250
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://img.scupio.com
date: Fri, 23 Sep 2022 03:35:20 GMT
access-control-allow-credentials: true
connection: close

POST
H2 200 prebid.json Show response
ad.holmesmind.com/adserver/ Frame 4B4C 0
218 B 696ms
275ms XHR
text/html 52.68.234.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/prebid.json?cb=1663904120632&hb=1&ver=1.21
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.234.1 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-234-1.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://img.scupio.com
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 5609 0
27 B 1226ms
670ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.909091402648939
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://reurl.cc
cache-control: private
access-control-allow-credentials: true

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 5609 0
50 B 1156ms
600ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.6212405125765688
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://reurl.cc
cache-control: private
access-control-allow-credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 5609
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=4x4WH92_AL-hggFCeSktYw

2 B
19 B

318ms
286ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=4x4WH92_AL-hggFCeSktYw
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 23 Sep 2022 03:35:21 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=4x4WH92_AL-hggFCeSktYw
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 5609
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

2 B
19 B

318ms
287ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 23 Sep 2022 03:35:21 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 8173 0
170 B 623ms
343ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:21 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 file.png
static.wixstatic.com/media/8d2acb_22c63974ac8e43109419039eab6b291d~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/ 236 KB
236 KB 199ms
154ms Image
image/png 34.102.176.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wixstatic.com/media/8d2acb_22c63974ac8e43109419039eab6b291d~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/file.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 152.176.102.34.bc.googleusercontent.com
Software: openresty/1.21.4.1 /
Resource Hash: dabfee6539494fba7ce5b81e70f27ce2828baf134dccb06322835ee495b618c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
via: 1.1 google
server: openresty/1.21.4.1
wix-tracer: 2F9V7bVKsMwkLe81vQPO3o136PZ
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 241605
x-seen-by: image-manipulator-5cdc794f79-2dfsh

GET
H2 200 Inuitive_Logo.jpg
mma.prnasia.com/media2/1902723/ 13 KB
14 KB 67ms
24ms Image
image/jpeg 2606:4700::6810:fc04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mma.prnasia.com/media2/1902723/Inuitive_Logo.jpg?p=medium600
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:fc04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2ead7c6d94263deb0d16d481486b6bc8473db182344fa6da5739407a0c43570e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
cf-cache-status: HIT
age: 1996
x-powered-by: ASP.NET
server-timing: intid;desc=839ca9a68e5b1d03
content-length: 13505
last-modified: Fri, 23 Sep 2022 03:02:03 GMT
server: cloudflare
vary: *, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 23 Sep 2022 03:02:04 GMT
cache-control: public, max-age=1
accept-ranges: bytes
cf-ray: 74f03ad2af9b925c-FRA
access-control-allow-headers: Content-Type
cf-bgj: h2pri

GET
H2 200 1663870545-b71104dd78bb5fdbbb008e648b3bb751-840x525.jpg
img.gbyhn.com.tw/2022/09/ 59 KB
59 KB 118ms
40ms Image
image/jpeg 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.gbyhn.com.tw/2022/09/1663870545-b71104dd78bb5fdbbb008e648b3bb751-840x525.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39d8676f59e182c6afdb830ea010d2a399a3b2c7c9b230a0ca23e8f2cc117d5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 30307
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 60236
last-modified: Thu, 22 Sep 2022 18:15:45 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MuSnmj%2Bx6h4gp%2FE17fVd9a82HvbCUW43U%2BrYbRms6XX1j63xYM2JCM40O%2FQwCuPHLKlfYbTYuN%2FwC%2F8zfgQPuq4bNvTSgXJyoNB3ms%2FN%2FdBxaVFQziiY62WZZdnNYXA%2F675nwHErZ5czT%2Fz1IMYk"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 74f03ad2ebef0081-LHR
expires: Thu, 29 Sep 2022 18:16:39 GMT

GET
H2 200 %E6%BF%80%E7%9C%81%E5%85%A8%E8%81%AF%EF%BC%8CPX-Pay-%E5%84%B2%E5%80%BC%E8%88%87%E5%84%B2%E5%80%BC%E9%87%91%E6%B6%88%E8%B2%BB%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2020/09/ 128 KB
129 KB 261ms
208ms Image
image/jpeg 192.0.78.244
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2020/09/%E6%BF%80%E7%9C%81%E5%85%A8%E8%81%AF%EF%BC%8CPX-Pay-%E5%84%B2%E5%80%BC%E8%88%87%E5%84%B2%E5%80%BC%E9%87%91%E6%B6%88%E8%B2%BB%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.244 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

17ebccf9b7e04e25cf9705ec87262b84edfd1022ca941bc6840ff5d696c39ca4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
x-ac: 2.hhn _atomic_ams BYPASS
last-modified: Wed, 16 Sep 2020 07:17:22 GMT
server: nginx
etag: "5f61bc02-201c2"
strict-transport-security: max-age=31536000
content-type: image/jpeg
accept-ranges: bytes
content-length: 131522

GET
H2 200 2022081705591796.jpg
img.racingcharger.tw/wp-content/uploads/ 95 KB
95 KB 108ms
35ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.racingcharger.tw/wp-content/uploads/2022081705591796.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76ff9a0d9cc38ee7fdee5c17ee3ace0e0921d93e209581589e4620100e206aee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
cf-cache-status: HIT
last-modified: Wed, 17 Aug 2022 05:59:25 GMT
server: cloudflare
age: 23557
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q5YVb5TIsf4Wl%2BJmmlY9lZuO0R2ZIE%2BbpZoPmdSNiCy0%2FTkFV9YtEGttM0MLaFX5FUOdd%2FQJabKyWKh%2Bz2nRzxTsbhFRO4sUeJEmdopbvcUnIt5mjHw8n9UjTxAvjaP8REXJXM9WRBC6JgCeqC4ZeWD4jQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=28800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74f03ad2ec9cf3e3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 96877

GET
H2 200 img_9273-6-scaled.jpg
i0.wp.com/golike.tw/wp-content/uploads/2022/09/ 703 KB
704 KB 51ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/golike.tw/wp-content/uploads/2022/09/img_9273-6-scaled.jpg?fit=2560%2C1920&ssl=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e573518fbed144a6b064ee8e9d074c4ab6e9a9d9b6b27ba8a608374f27bcffaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Fri, 23 Sep 2022 03:35:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 20 Sep 2022 15:42:32 GMT
server: nginx
etag: "5c08c825dfc77595"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://golike.tw/wp-content/uploads/2022/09/img_9273-6-scaled.jpg>; rel="canonical"
content-length: 719982
expires: Fri, 20 Sep 2024 03:42:32 GMT

GET
H2 200 %E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg
blog.alphaloan.co/wp-content/uploads/2022/09/ 151 KB
151 KB 262ms
216ms Image
image/jpeg 192.0.78.236
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alphaloan.co/wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.236 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7ae2f5b5d641c02de5d3222990df1b555a4a41f06b0eedac42b7f5e984454769

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
x-ac: 2.hhn _atomic_ams BYPASS
last-modified: Thu, 01 Sep 2022 07:11:29 GMT
server: nginx
etag: "63105b21-25a43"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 154179
expires: Fri, 30 Sep 2022 03:35:20 GMT

GET
H2 200 currency.json Show response
img.scupio.com/js/config/ Frame FA4C 108 B
495 B 15ms
15ms XHR
application/json 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/config/currency.json
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: 48442398798a84e51c866bdd646ff1498edef901b08ddbb68fec7ea4193ff027

Request headers

Referer: https://img.scupio.com/html/ad.html?v=1.0.65
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 23 Sep 2022 03:33:52 GMT
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
last-modified: Thu, 22 Sep 2022 19:15:04 GMT
server: nginx/1.12.1
age: 128
etag: "632cb438-6c"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/json
cache-control: max-age=10800
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 108
x-amz-cf-id: CX-gcncF5G346MqMhEsTLqYelhi9di8Ng5H9Xinj5hHadyjtzcpFhg==
expires: Fri, 23 Sep 2022 06:33:12 GMT

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame FA4C 0
27 B 830ms
309ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.23045420280579076
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://img.scupio.com
cache-control: private
access-control-allow-credentials: true

POST
H2 200 prebid.json Show response
ad.holmesmind.com/adserver/ Frame FA4C 0
218 B 861ms
476ms XHR
text/html 52.68.234.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/prebid.json?cb=1663904120683&hb=1&ver=1.21
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.234.1 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-234-1.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://img.scupio.com
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H/1.1 204
No Content header Show response
hb.aralego.com/ Frame FA4C 0
176 B 483ms
164ms XHR
text/plain 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&pubcid=26c5fa01-f405-428f-8c56-92373ddd109f&u=https%3A%2F%2Freurl.cc%2FO4ooex&host=reurl.cc&xr=0&ao=https%3A%2F%2Freurl.cc&ucfUid=05a6cd76-e4b3-4036-ac66-6ee83c88a932&w=970&h=250
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://img.scupio.com
date: Fri, 23 Sep 2022 03:35:20 GMT
access-control-allow-credentials: true
connection: close

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame FA4C 0
216 B 39ms
27ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=59178708741

Requested by

Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame FA4C 0
176 B 416ms
173ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://img.scupio.com
date: Fri, 23 Sep 2022 03:35:21 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 5609 177 B
425 B 28ms
27ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=130&profileId=184&cb=17417994953

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cc79a44128ad97409f2308a9532c7ee6c55b12159db83dff0de12897347b5d35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 163

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 5609 177 B
426 B 28ms
28ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=130&profileId=184&cb=11084058510

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

10424c7d91296c77e67e6a2dbff741e3b678c7cf1d66d5db76aadd3e4c382bf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 164

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame BF42 177 B
425 B 29ms
28ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=130&profileId=184&cb=86378836643

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ed28a970608c9299e088c1c40ab0744f8d4e18aac61842533333c84a59cd59bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 163

POST
H2 204 events
bidder.criteo.com/csm/ Frame 5609 0
209 B 22ms
22ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 events
bidder.criteo.com/csm/ Frame 5609 0
209 B 22ms
22ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 events
bidder.criteo.com/csm/ Frame BF42 0
209 B 22ms
22ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:20 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 landing.php Show response
fp.holmesmind.com/ Frame 707C 0
249 B 341ms
286ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 03:35:21 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame BF42 5 KB
2 KB 645ms
296ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 23 Sep 2022 03:45:21 GMT

GET
H2 200 landing.php Show response
fp.holmesmind.com/ Frame 72AA 0
82 B 341ms
287ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 03:35:21 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 5609 5 KB
2 KB 932ms
584ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 23 Sep 2022 03:45:21 GMT

GET
H2 200 landing.php Show response
fp.holmesmind.com/ Frame 415E 0
82 B 338ms
286ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 03:35:21 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 8173 5 KB
2 KB 927ms
582ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 23 Sep 2022 03:45:21 GMT

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame BF42 10 KB
10 KB 17ms
17ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FO4ooex&n=886&o=1&d=1&b=2&ts=1&ii=3&FPCK=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 53
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:46 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: NPXbykSzrqqAO2J2nyPZsU71Mjf0OGHWzhOR05OAgpKFXHBwDiXQcQ==

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 8173 10 KB
10 KB 17ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FO4ooex&n=805&o=1&d=1&b=2&ts=1&ii=3&FPCK=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 53
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:46 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: e98cMvUglabyRCntsaBRrcCrPmylr9PZVL7mNBt0ZKRy5AbBiRLVnw==

GET
H2 200 / Show response
t.ssp.hinet.net/ 37 B
402 B 295ms
295ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

98785a5a77a5132b629c675fa59bbf01c2ffcfcbdaae65af59c6ed8a47f51469

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 9B0B 37 B
408 B 296ms
295ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

c205a09e62e3ff35d3b96f04cc0622a3712248541c3c30589fa643762bc3e71b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame BF42 37 B
402 B 296ms
295ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

fce675e54510ef38053ec54e318b086058b3d1c9083f3b1f00c21ae86035e6c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 adsbyscupio.js Show response
img.scupio.com/js/ Frame D4D1 4 KB
2 KB 16ms
15ms Script
application/javascript 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/adsbyscupio.js?v=1.0.2
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: d7fc505653c3573f9bccca93a33e2ed14bd8b4586bdeca9180225dab01f1bbbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:31:44 GMT
content-encoding: gzip
last-modified: Mon, 19 Apr 2021 03:30:31 GMT
server: nginx/1.12.1
age: 225
etag: W/"607cf957-11ab"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
cache-control: max-age=10800
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: 3eHpiGPeZiY9K6tTVM-tnU5f3dewyK0R_ArtT-hFjcqmrPVYAE8BBQ==
expires: Fri, 23 Sep 2022 06:31:36 GMT

POST
H/1.1 200
OK bidinfo.aspx Show response
bw.scupio.com/adpinline/ Frame 4B4C 2 KB
2 KB 1206ms
303ms XHR
application/javascript 210.59.219.180
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://bw.scupio.com/adpinline/bidinfo.aspx?cb=0.3026339789927275
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 210.59.219.180 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 21174ca46d83f71c3a4b7497e22397582aa8ec3a5a9e082dff22ea44b9184d4f

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 23 Sep 2022 03:35:22 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Cache-Control: private
Access-Control-Allow-Credentials: true
Content-Type: application/javascript; charset=utf-8
Content-Length: 1480

GET
H2 200 adsbyscupio.js Show response
img.scupio.com/js/ Frame 1374 4 KB
2 KB 16ms
15ms Script
application/javascript 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/js/adsbyscupio.js?v=1.0.2
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: d7fc505653c3573f9bccca93a33e2ed14bd8b4586bdeca9180225dab01f1bbbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:31:44 GMT
content-encoding: gzip
last-modified: Mon, 19 Apr 2021 03:30:31 GMT
server: nginx/1.12.1
age: 225
etag: W/"607cf957-11ab"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
cache-control: max-age=10800
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: NJaOJ642hq7QWfDsQKibcMK45KZ_jsfjXHZaoWyNQuTfeM0MV6sVJg==
expires: Fri, 23 Sep 2022 06:31:36 GMT

POST
H/1.1 200
OK bidinfo.aspx Show response
bw.scupio.com/adpinline/ Frame FA4C 3 KB
3 KB 1196ms
300ms XHR
application/javascript 210.59.219.180
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://bw.scupio.com/adpinline/bidinfo.aspx?cb=0.48875547271665587
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 210.59.219.180 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 7c6546fd64ad184e7e5360365a73029205ef66657afe67a089b7807837128d6c

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://img.scupio.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 23 Sep 2022 03:35:22 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Cache-Control: private
Access-Control-Allow-Credentials: true
Content-Type: application/javascript; charset=utf-8
Content-Length: 1611

GET
DATA 200
OK truncated
/ Frame 4B4C 762 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ce81ecccefb27ce0f347ef564114da2ba450a9e1d9a7260b4597e62b1f71a72

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame FA4C 762 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ce81ecccefb27ce0f347ef564114da2ba450a9e1d9a7260b4597e62b1f71a72

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 300x250.png
img.scupio.com/img/2011_gym/ Frame D4D1 47 KB
48 KB 16ms
15ms Image
image/png 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.scupio.com/img/2011_gym/300x250.png
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: 7684143ee568b9ce13d69133030aa4077efd37eb289bac09d70ba9364f2ae93e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 02:38:15 GMT
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
last-modified: Mon, 19 Apr 2021 03:31:40 GMT
server: nginx/1.12.1
age: 3523
etag: "607cf99c-bcf6"
vary: Origin
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 48374
x-amz-cf-id: xnnNv1eTjhlUD1CW3pzbppTEZ0eLK_2DiSbFKd3VZ-kR8Ofbt1662w==
expires: Sat, 23 Sep 2023 02:36:38 GMT

GET
H2 200 970x250.png
img.scupio.com/img/2011_gym/ Frame 1374 86 KB
86 KB 16ms
16ms Image
image/png 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.scupio.com/img/2011_gym/970x250.png
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: 5c4e555f2cdb1d2c4bc4bd48cf25afb9944c1faed58be0725a8222e9fe2dd67e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:33:23 GMT
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
last-modified: Mon, 19 Apr 2021 03:31:40 GMT
server: nginx/1.12.1
age: 922
etag: "607cf99c-156c7"
vary: Origin
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 87751
x-amz-cf-id: PQR7Qid06882DFz7de9NyqSx7-R8w1VdzU-kgk6jRmN2NcXwdvfijQ==
expires: Sat, 23 Sep 2023 03:19:59 GMT

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 8173 37 B
400 B 295ms
292ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

2d94763fa567bd38d52e06efd09bd83224872b2a5e41786d1ad6359ac4e58aa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 5609 37 B
399 B 297ms
294ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7bc846cd5c4cbed4fcab1bfd3148df0f6603635aca433e73017708cdabe6b8f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 0CFF 15 KB
6 KB 97ms
25ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
server-processing-duration-in-ticks: 767190
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ 30 B
271 B 295ms
294ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 9B0B 30 B
278 B 294ms
294ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=61284114-8178-4527-a521-622d0b0bac49

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame BF42 30 B
271 B 296ms
296ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 0CFF
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=OfpF73x2V1FxdUtjQlFoMGVYS1RCN3FjZFV3Zlc2elZZdm10c1E4OUwrTktNcG5GUGp2K1Y1U3QxUXVodldxYkdjSmJVcEFJeWw0cUtISWRldzR4YURFOFd1VkNPSFFUc3FwVXcvZ3A2dXpneUVmYTRzS0JUUmp4VElJY2...

436 B
659 B

81ms
24ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=OfpF73x2V1FxdUtjQlFoMGVYS1RCN3FjZFV3Zlc2elZZdm10c1E4OUwrTktNcG5GUGp2K1Y1U3QxUXVodldxYkdjSmJVcEFJeWw0cUtISWRldzR4YURFOFd1VkNPSFFUc3FwVXcvZ3A2dXpneUVmYTRzS0JUUmp4VElJY2NlNUl6OXJrdDdPNndYeTltdmtEUjdqZmFhQk1uaHIzSEpFdURvT0p4SlBMYnNKdEtBbWZtQ3VSODZWV0VCRGtRVVdKdHJXZllldkJpM2YvQmhuR2E0L3hYRTJPcEorYWdtUkxkVU02ZStuZUlIZDJabTRCRTcveWJKVnB3dVZNcVpjaG9WQ3VPNWxtMGNwbVdjVUV5OUxaZG9meTRnZz09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6d39947f81609bc56e0e45a4118b32af2616e16d170f830bd31dc48917c7f3cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2040256
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://mug.criteo.com/sid?cpp=OfpF73x2V1FxdUtjQlFoMGVYS1RCN3FjZFV3Zlc2elZZdm10c1E4OUwrTktNcG5GUGp2K1Y1U3QxUXVodldxYkdjSmJVcEFJeWw0cUtISWRldzR4YURFOFd1VkNPSFFUc3FwVXcvZ3A2dXpneUVmYTRzS0JUUmp4VElJY2NlNUl6OXJrdDdPNndYeTltdmtEUjdqZmFhQk1uaHIzSEpFdURvT0p4SlBMYnNKdEtBbWZtQ3VSODZWV0VCRGtRVVdKdHJXZllldkJpM2YvQmhuR2E0L3hYRTJPcEorYWdtUkxkVU02ZStuZUlIZDJabTRCRTcveWJKVnB3dVZNcVpjaG9WQ3VPNWxtMGNwbVdjVUV5OUxaZG9meTRnZz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 563288
content-length: 0
expires: 0

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame 7F76 6 KB
7 KB 16ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 19
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:04 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: 0ryz7-xaGcHLMvGn4P9D9tic__orftqio0hGGNJQfGfiSexihM1VHw==

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame C277 6 KB
7 KB 17ms
15ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 19
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:04 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: lit2Otadu1L2jR7-qNSIgpVaiDF0HXz-8U79Qid9FS5jmm6rx07UYA==

GET
H2 200 cm Show response
t.ssp.hinet.net/ 0
187 B 295ms
294ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/ 0
80 B 1874ms
290ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/pixel?bd=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069&t=a546ca&referrer=%25%25%20referrer%20%25%25

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame BF42 0
187 B 298ms
297ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&mp=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/ Frame BF42 0
79 B 1873ms
291ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/pixel?bd=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069&t=50ef57&referrer=https%3A%2F%2Freurl.cc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 8CB8 5 KB
5 KB 16ms
16ms Document
text/html 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 36
content-length: 4730
content-type: text/html
date: Fri, 23 Sep 2022 03:34:46 GMT
etag: "c36f5eb091d6195fe8b68f3b263f999b"
last-modified: Mon, 22 Aug 2022 03:00:17 GMT
server: AmazonS3
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
x-amz-cf-id: z87n2nwCyINXm6h6pDCtzQMtAQmZqaUjDYzLMabSJtgEWYpBfwh1PA==
x-amz-cf-pop: FRA60-P2
x-amz-version-id: 9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ Frame 7F76 662 B
1005 B 16ms
15ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 46
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:45 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 662
x-amz-cf-id: -X0SuuNFOw8RWe5EY7a_IGprWnpNTwhMyP48Vdjlg70GP0UwfCqHvQ==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame F5EA 9 KB
10 KB 16ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Mon, 22 Aug 2022 03:00:16 GMT
server: AmazonS3
age: 18
etag: "ddf163a3d8381378b3e35e39339ad7ab"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:04 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 9530
x-amz-cf-id: FbtOHZLtgv4vd7qHb5eJmOdhJAWge93R6RdYRoIFob5AkGJUVhtcSg==

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 91F5 5 KB
5 KB 16ms
16ms Document
text/html 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 36
content-length: 4730
content-type: text/html
date: Fri, 23 Sep 2022 03:34:46 GMT
etag: "c36f5eb091d6195fe8b68f3b263f999b"
last-modified: Mon, 22 Aug 2022 03:00:17 GMT
server: AmazonS3
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
x-amz-cf-id: jzTxy0_9-Cv5PRpcfuYAiqodKbV9oPltMn9lg62NRQelK5Eg5xsGpw==
x-amz-cf-pop: FRA60-P2
x-amz-version-id: 9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ Frame C277 662 B
1004 B 15ms
15ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 46
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:45 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 662
x-amz-cf-id: 7ZF7u2HgOK_Amj5_G4tl-OVJl4vYa7v9lOIhaLSEktnqbF97dOp8Bg==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame AE1B 9 KB
10 KB 16ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Mon, 22 Aug 2022 03:00:16 GMT
server: AmazonS3
age: 18
etag: "ddf163a3d8381378b3e35e39339ad7ab"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:04 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 9530
x-amz-cf-id: DY_462IFCkXiUfQNRR5C2JEKEggYchgT8_PD2Zf4sGdE7jcK9yaZsQ==

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame 0560 95 B
103 B 3141ms
3107ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: b73e6cb22f3ae22bcbe36217e226c082f813a2a8a7961644093d849bcbd30294

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 86
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 03:35:25 GMT
server: Apache/2.4.29 (Ubuntu)
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 8CB8 5 KB
2 KB 294ms
291ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 23 Sep 2022 03:45:22 GMT

GET
H3 200 cm
c.holmesmind.com/ Frame 8CB8 0
15 B 1064ms
1063ms Image
text/html 35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2

200

google
m.holmesmind.com/ml/ Frame 8CB8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_gid=CAESEHQeKbMBlLxJ_OQInBO5ZMs&google_cver=1

0
166 B

1005ms
966ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_gid=CAESEHQeKbMBlLxJ_OQInBO5ZMs&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
x-guploader-uploadid: ADPycdtKdZcgXHyVdJjIrZntFiNRB8MnimOlkXVqpENb1bmjAKOHnpW9pJ0XbdcKTSfNotm8U2IpmRzw9LqAnCla3KAhs0tn3WHd
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-generation: 1519198601160228
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
content-type: image/png
expires: Fri, 23 Sep 2022 04:35:23 GMT

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:22 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://m.holmesmind.com/ml/google?cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_gid=CAESEHQeKbMBlLxJ_OQInBO5ZMs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 9C4F 15 KB
6 KB 25ms
25ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
server-processing-duration-in-ticks: 1599748
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame F5EA 1 KB
751 B 16ms
15ms Script
text/html 2600:9000:2250:ec00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13849
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ec00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a7cac69ff4c7b905552b1915305ba548a87acdf6205efe6e5bd1eef0d4700793

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:33:23 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 119
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: afC6R4Yzwg24KCKMSRyw4w021wRfaWu1jDdu1Bph8udp4PPDJPlptg==
via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)

GET
H3 200 cm
c.holmesmind.com/ Frame 91F5 0
15 B 1043ms
1043ms Image
text/html 35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H3 200 cm.php Show response
fcm.holmesmind.com/ Frame 8253 95 B
103 B 137ms
114ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: b73e6cb22f3ae22bcbe36217e226c082f813a2a8a7961644093d849bcbd30294

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 86
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 03:35:22 GMT
server: Apache/2.4.29 (Ubuntu)
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 91F5 5 KB
2 KB 292ms
291ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 23 Sep 2022 03:45:22 GMT

GET
H2

200

google
m.holmesmind.com/ml/ Frame 91F5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined
https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_tc=
https://m.holmesmind.com/ml/google?cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_gid=CAESEG3Evpz5-qh17wlam8jyT5Y&google_cver=1

0
479 B

324ms
285ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_gid=CAESEG3Evpz5-qh17wlam8jyT5Y&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
x-guploader-uploadid: ADPycduOGUU0XrPg2gNLmniwJqlhBmUgpUqSeqptMHtR_zKKmZiefmPIGCuxipdnpsGq4w6LVCMsPkdIWzDm4LieC0Fi1-QvoaM_
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-generation: 1519198601160228
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
content-type: image/png
expires: Fri, 23 Sep 2022 04:35:22 GMT

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:22 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://m.holmesmind.com/ml/google?cf_uid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&uu_m=undefined&google_gid=CAESEG3Evpz5-qh17wlam8jyT5Y&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame AE1B 1 KB
752 B 16ms
15ms Script
text/html 2600:9000:2250:ec00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13857
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ec00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a7cac69ff4c7b905552b1915305ba548a87acdf6205efe6e5bd1eef0d4700793

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:33:23 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 119
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: 8dXMFtu84say4w--SB-QOlR220sb0uYXnNx1ilHEGQ86ICkLVMT75A==
via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 8173 30 B
271 B 295ms
294ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 5609 30 B
271 B 294ms
294ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame F5EA 2 KB
1 KB 267ms
266ms Script
text/html 52.68.234.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13849&rf=https%3A%2F%2Freurl.cc%2FO4ooex&n=549&o=1&d=1&b=2&ts=1&ii=2&FPCK=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.234.1 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-234-1.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8f8bf2a688c1cfbc20304f5b9e6ea42ebdb5b5466c59343b5886aea2d7347047

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame F5EA 3 KB
3 KB 17ms
15ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 16
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:07 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: V-kjSR9OKODx-7GVpKkloSlYOSiE6FH3ylGSfH5tXv-aU0eiV5D-mA==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame F5EA 121 KB
40 KB 30ms
29ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e78c5380563a8a078ca08254718d91472579bdcd61e6b34b1dfacb0f786ed213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-1e2be"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 24 Sep 2022 03:35:22 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame F5EA 2 KB
3 KB 17ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 16
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:07 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: 2VQW3QH3sgJmqt7SP5gwh6WbOvUPklW3yXNogykz-hQiUXtisNtrXg==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame F5EA 4 KB
5 KB 17ms
17ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
server: AmazonS3
age: 47
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:47 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 4530
x-amz-cf-id: w0XmSPgaaa6bHkZ9mejs752bKze6rmCXSHsvkJN441nrbCmjh9sW8Q==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame F5EA 3 KB
3 KB 18ms
17ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 58
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:25 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: sz5z0xSeuyjs4r1ZMuFVJ54GYJt1qTf3vBg3Xzw_8A5XmN2X9HnOvA==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame F5EA 2 KB
2 KB 18ms
17ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e570f8141d41df3abad708fc1004b9cf7bdb8ad8e21272fe4e98c9e4a1f5210e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: dBlooN6arZMofCTLArAt5I1VZ5CKOojq
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Thu, 22 Sep 2022 05:41:36 GMT
server: AmazonS3
age: 58
etag: "7a44224e99ea18760e0a70be19eade53"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:25 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2164
x-amz-cf-id: 8sBkOJEJHI5yU15IH8ldq7Xm_X8a8eTpbBdhH4j8QmuNhL8HsdxYPw==

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame AE1B 2 KB
1 KB 262ms
260ms Script
text/html 52.68.234.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FO4ooex&n=162&o=1&d=1&b=2&ts=1&ii=2&FPCK=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.234.1 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-234-1.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 157fa3a9366b79892c34b7912202638d9b884917d576075951340fad0b4c8e55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame AE1B 3 KB
3 KB 18ms
15ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 16
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:07 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: 6EPek0fk8zhREGtitcFDuo5cNFIYN_hAG1VkX_YuvoRVRVlcagMbjg==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame AE1B 121 KB
40 KB 27ms
25ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e78c5380563a8a078ca08254718d91472579bdcd61e6b34b1dfacb0f786ed213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-1e2be"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 24 Sep 2022 03:35:22 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame AE1B 2 KB
3 KB 18ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 16
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:35:07 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: hBcQs8nMlqM47w-HCLiIznQhsDXWK93kJ0GmZr6NHkQmxfS1dHGVlA==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame AE1B 4 KB
5 KB 18ms
17ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
server: AmazonS3
age: 47
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:47 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 4530
x-amz-cf-id: dMPADfx-e4tOhRdbabUajQ-7nPBHNdJZlEoVzq8Kj1wZwq3-jzna3w==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame AE1B 3 KB
3 KB 19ms
17ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 58
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:25 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: FTbBpmLyEROskJ8Jd_aT-dR3SdXs7El3Xrt6RFGE7ghotd9TY64bOw==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame AE1B 2 KB
2 KB 19ms
18ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e570f8141d41df3abad708fc1004b9cf7bdb8ad8e21272fe4e98c9e4a1f5210e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: dBlooN6arZMofCTLArAt5I1VZ5CKOojq
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Thu, 22 Sep 2022 05:41:36 GMT
server: AmazonS3
age: 58
etag: "7a44224e99ea18760e0a70be19eade53"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:25 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 2164
x-amz-cf-id: eZYCU7sPLNGnW0TZWiWbJ-WnBXtXm-xPI6lZX73eC6zjY9AfmhnCdA==

GET
H2

200

sid Show response
mug.criteo.com/ Frame 9C4F
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=QM6XVl9hU29sTCUyRnhBcmJRYlZ0SENpdnBhQjFpeHVoWGJud2YwTjF4NldrejlhbDNMNWJGekxmaUdMRn...
https://mug.criteo.com/sid?cpp=nCjo13xiNUltM2Y4Q2RocElVK3dBbGdWYkhRYzZ3VktRRWlUTHFlbVRCVnBrdFp2WG1BcXB6TGNPa0xvTUI3RStJOGk4b2tkSTJadWo3SDIrcTlOKzlIc04yY0tCcDBDdHVHUEJtdlVSeU82Ymp4N3RzWVNyVjRJZ0dsR0...

430 B
655 B

24ms
24ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=nCjo13xiNUltM2Y4Q2RocElVK3dBbGdWYkhRYzZ3VktRRWlUTHFlbVRCVnBrdFp2WG1BcXB6TGNPa0xvTUI3RStJOGk4b2tkSTJadWo3SDIrcTlOKzlIc04yY0tCcDBDdHVHUEJtdlVSeU82Ymp4N3RzWVNyVjRJZ0dsR0NzaFJkV0h0K0EveWEyaUhUUjlBaVd2OWo3bVk4UmM2RWt3S01wMm5CdXB0Tlh3ckxTRGN4cmF1VjZVWG85SHZMWlk4SXhZcVhCUW5WdFFBVGN1SlJSa1dWajV2ejFQOXpEeEJjU3ZBMDlJNjNoTTdFWW4xWmxJQTBWTWZUUHVUUXQzcTYrQmJyQjV5MHFUaG5zQ3lIK0lUc2dDQ3p1NCtzamdpeHJjQzVJb1FVU0NLclVERT18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f58f311463b372d3bc2e609c0b082c327576c2294712de1abab4be0189d2d370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1628519
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://mug.criteo.com/sid?cpp=nCjo13xiNUltM2Y4Q2RocElVK3dBbGdWYkhRYzZ3VktRRWlUTHFlbVRCVnBrdFp2WG1BcXB6TGNPa0xvTUI3RStJOGk4b2tkSTJadWo3SDIrcTlOKzlIc04yY0tCcDBDdHVHUEJtdlVSeU82Ymp4N3RzWVNyVjRJZ0dsR0NzaFJkV0h0K0EveWEyaUhUUjlBaVd2OWo3bVk4UmM2RWt3S01wMm5CdXB0Tlh3ckxTRGN4cmF1VjZVWG85SHZMWlk4SXhZcVhCUW5WdFFBVGN1SlJSa1dWajV2ejFQOXpEeEJjU3ZBMDlJNjNoTTdFWW4xWmxJQTBWTWZUUHVUUXQzcTYrQmJyQjV5MHFUaG5zQ3lIK0lUc2dDQ3p1NCtzamdpeHJjQzVJb1FVU0NLclVERT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 607834
content-length: 0
expires: 0

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame F5EA 0
170 B 174ms
172ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:22 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame F5EA 0
27 B 304ms
303ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.06612932572859109
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://reurl.cc
cache-control: private
access-control-allow-credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame F5EA
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

2 B
19 B

285ms
285ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame F5EA
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

2 B
19 B

287ms
286ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame AE1B 0
170 B 174ms
172ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:22 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame AE1B 0
27 B 306ms
305ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.8819711031135808
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://reurl.cc
cache-control: private
access-control-allow-credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame AE1B
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

2 B
19 B

286ms
286ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame AE1B
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw

2 B
19 B

288ms
288ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=42VGigHNAq6NF8treSktYw
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4315 15 KB
6 KB 29ms
29ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
server-processing-duration-in-ticks: 2127886
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame F5EA 177 B
425 B 37ms
36ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=130&profileId=184&bundle=QM6XVl9hU29sTCUyRnhBcmJRYlZ0SENpdnBhQjFpeHVoWGJud2YwTjF4NldrejlhbDNMNWJGekxmaUdMRndyayUyRlNPSFA1TEJVTzZCNlRPT3hpQjNNbXZTemVDNHU2TW55bWpnYklUZDh2dmxCcXAlMkY4aW5EazdOSW01MkElMkIwcmV5NUZGSmM0ZHFwTWc0VkNJd3RpSlJ6SlJGSnQxUSUzRCUzRA&cb=26815547758

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

738d8b3dfe4ba27baa9f9542869e0c475d22a3f139d30bc22a93171379085261

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 163

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7CC7 15 KB
6 KB 26ms
25ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
server-processing-duration-in-ticks: 1849267
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame AE1B 177 B
425 B 31ms
31ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

50cbe456c176465e91377430ce4222940cd268b3dc046342e7bc5d1dc5d15de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 163

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4315
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=QM6XVl9hU29sTCUyRnhBcmJRYlZ0SENpdnBhQjFpeHVoWGJud2YwTjF4NldrejlhbDNMNWJGekxmaUdMRn...
https://mug.criteo.com/sid?cpp=1hWR1nxINUhUQXNjbjZRVTJEVWJSZFZORDJ3ME0xVXl0M3FwckJIOTR5d3JpSCsySnpzNHFRdDhzTWpoUU9ZZmx0REpvSEVlUG15bDZMQXNGZCs2Z3hNMnBocGk0L0gzelpud2lMREUzd0w5ektpOENOb0orYXVXZTg5NW...

444 B
674 B

24ms
24ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=1hWR1nxINUhUQXNjbjZRVTJEVWJSZFZORDJ3ME0xVXl0M3FwckJIOTR5d3JpSCsySnpzNHFRdDhzTWpoUU9ZZmx0REpvSEVlUG15bDZMQXNGZCs2Z3hNMnBocGk0L0gzelpud2lMREUzd0w5ektpOENOb0orYXVXZTg5NW1rTzZBRFlKT3AvRjhQbkdIQk5Yak12aFBBbTlwbzhlT3hlTU0wZ0lxejMyQVZodkFDbEU4aWdVWDhFTnZZbjI4ZmNnMk5KWVhUZHY2Smc4SnBrR2JrR2ljZTdTTGx2SHliM0kyZ3B1aVVOMnppUU5SNGk4TlNTdFZXRzNDTFZsN09BbnliT2xzdE5BblVMTWRLaitacTFJMzkxNDBqZm13cU91QVFFQUZRdjA1ZkF2bDFBYz18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1d1b60d1afa25cabf5c284c655e904b403cc152bebdbd57a2ff1606e6c99ea7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1601921
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://mug.criteo.com/sid?cpp=1hWR1nxINUhUQXNjbjZRVTJEVWJSZFZORDJ3ME0xVXl0M3FwckJIOTR5d3JpSCsySnpzNHFRdDhzTWpoUU9ZZmx0REpvSEVlUG15bDZMQXNGZCs2Z3hNMnBocGk0L0gzelpud2lMREUzd0w5ektpOENOb0orYXVXZTg5NW1rTzZBRFlKT3AvRjhQbkdIQk5Yak12aFBBbTlwbzhlT3hlTU0wZ0lxejMyQVZodkFDbEU4aWdVWDhFTnZZbjI4ZmNnMk5KWVhUZHY2Smc4SnBrR2JrR2ljZTdTTGx2SHliM0kyZ3B1aVVOMnppUU5SNGk4TlNTdFZXRzNDTFZsN09BbnliT2xzdE5BblVMTWRLaitacTFJMzkxNDBqZm13cU91QVFFQUZRdjA1ZkF2bDFBYz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 914183
content-length: 0
expires: 0

POST
H2 204 events
bidder.criteo.com/csm/ Frame F5EA 0
209 B 22ms
21ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:21 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 events
bidder.criteo.com/csm/ Frame AE1B 0
209 B 22ms
22ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2

200

sid Show response
mug.criteo.com/ Frame 7CC7
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=ChromeSyncframe&so=3&topUrl=reurl.cc&bundle=QM6XVl9hU29sTCUyRnhBcmJRYlZ0SENpdnBhQjFpeHVoWGJud2YwTjF4NldrejlhbDNMNWJGekxmaUdMRn...
https://mug.criteo.com/sid?cpp=zbUHenx5NUlFNGl4dG9yNFIyZ1RIODVZMGEwb0RUb081dXFMZjhGYjVWMDEwR1EvajZveFN4YitmYzh2c2x6SVRYc05wSldURXRaWlpubWZjWVlBU3QyMUlvQ0FWRmJoV0NwWU94bENsa0ZET2FtRWNaR3pleEprdjJHSG...

436 B
659 B

24ms
24ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=zbUHenx5NUlFNGl4dG9yNFIyZ1RIODVZMGEwb0RUb081dXFMZjhGYjVWMDEwR1EvajZveFN4YitmYzh2c2x6SVRYc05wSldURXRaWlpubWZjWVlBU3QyMUlvQ0FWRmJoV0NwWU94bENsa0ZET2FtRWNaR3pleEprdjJHSGVweGNSVDB2YkRrQjI2cE40WjVCUTdnUEViQUo5TS9yZzkycm5CZ0ZHMENZbkFnMVNiYmpLZFVMTkc5eE5VdWc5MjVmeXNaZEE5VllNNTZJaERZbkU3UFZkRDJXUER2Ly9MMEpxWkxCeDRUYTFwcEFubFlLMXhiVFowQkwydWhMYlVSUXpiMlN2VVpEUUxQRVFJL3pEdUJseTArNldadXEybXpGNmZGYUFRVkhBbzRnVUNlND18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

dc9972f08da8f70945b59ccf5f64b27ae0f58f12791bad357a68f3ee677dcbef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1540148
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://mug.criteo.com/sid?cpp=zbUHenx5NUlFNGl4dG9yNFIyZ1RIODVZMGEwb0RUb081dXFMZjhGYjVWMDEwR1EvajZveFN4YitmYzh2c2x6SVRYc05wSldURXRaWlpubWZjWVlBU3QyMUlvQ0FWRmJoV0NwWU94bENsa0ZET2FtRWNaR3pleEprdjJHSGVweGNSVDB2YkRrQjI2cE40WjVCUTdnUEViQUo5TS9yZzkycm5CZ0ZHMENZbkFnMVNiYmpLZFVMTkc5eE5VdWc5MjVmeXNaZEE5VllNNTZJaERZbkU3UFZkRDJXUER2Ly9MMEpxWkxCeDRUYTFwcEFubFlLMXhiVFowQkwydWhMYlVSUXpiMlN2VVpEUUxQRVFJL3pEdUJseTArNldadXEybXpGNmZGYUFRVkhBbzRnVUNlND18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 760868
content-length: 0
expires: 0

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 4B4C 87 KB
28 KB 28ms
25ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 24 Sep 2022 03:35:22 GMT

GET
H2 200 pixel
3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/ Frame 8173 0
79 B 1620ms
291ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/pixel?bd=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069&t=50ef57&referrer=https%3A%2F%2Freurl.cc

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 8173 0
187 B 295ms
294ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&mp=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/ Frame 5609 0
79 B 1616ms
292ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/pixel?bd=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069&t=50ef57&referrer=https%3A%2F%2Freurl.cc

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 5609 0
187 B 296ms
294ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&mp=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H3 200 landing.php Show response
fp.holmesmind.com/ Frame AA20 0
37 B 299ms
276ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame F5EA 5 KB
2 KB 292ms
292ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 23 Sep 2022 03:45:22 GMT

GET
H3 200 landing.php Show response
fp.holmesmind.com/ Frame C807 0
37 B 284ms
277ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&CFFPCKUUID=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&url=https%3A%2F%2Freurl.cc%2FO4ooex&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 03:35:22 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame AE1B 5 KB
2 KB 295ms
292ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
server: nginx
etag: W/"62de3d74-134a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 23 Sep 2022 03:45:22 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame FA4C 87 KB
28 KB 27ms
23ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 24 Sep 2022 03:35:22 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame B4C1 15 KB
6 KB 26ms
25ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
server-processing-duration-in-ticks: 1206186
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 4B4C 88 KB
29 KB 71ms
24ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 24 Sep 2022 03:35:22 GMT

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame F5EA 10 KB
10 KB 16ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13849&rf=https%3A%2F%2Freurl.cc%2FO4ooex&n=549&o=1&d=1&b=2&ts=1&ii=2&FPCK=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 54
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:46 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: ANbnRY5wg72UDAcoyR4crQ-_SILa8VuKUhTJIGo8HOrXIDTtkOdz1w==

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame AE1B 10 KB
10 KB 16ms
16ms Script
application/javascript 2600:9000:2250:2400:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FO4ooex&n=162&o=1&d=1&b=2&ts=1&ii=2&FPCK=5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2400:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 54
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 23 Sep 2022 03:34:46 GMT
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: 6XZxurSIVimTM5JRr1NtJGSrW7dczo0sq_pFpkJYa6sJ2Mi1cGxGiA==

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 8CB8 36 B
405 B 294ms
294ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

a358d6c6fa1b9a62b51ad00d510a2ef477b4516ae81251a5466ebe27522921fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 64B6 15 KB
6 KB 25ms
25ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
server-processing-duration-in-ticks: 1256882
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame FA4C 88 KB
29 KB 87ms
53ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 24 Sep 2022 03:35:22 GMT

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 91F5 36 B
405 B 294ms
294ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

a358d6c6fa1b9a62b51ad00d510a2ef477b4516ae81251a5466ebe27522921fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame 7F76 0
214 B 913ms
392ms Image
text/html 35.79.29.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6%26SID%3D54596%26Tags%3D2010%2C2005%2C2004%2C2003%2C3040%2C3126
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.79.29.97 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-79-29-97.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:23 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame 7F76 0
214 B 912ms
392ms Image
text/html 35.79.29.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6%26SID%3D54598%26Tags%3D2010%2C2005%2C2004%2C2003
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.79.29.97 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-79-29-97.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:23 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame C277 0
215 B 904ms
386ms Image
text/html 35.79.29.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6%26SID%3D54598%26Tags%3D2010%2C2005%2C2004%2C2003
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.79.29.97 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-79-29-97.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:23 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame C277 0
214 B 910ms
393ms Image
text/html 35.79.29.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6%26SID%3D54596%26Tags%3D2010%2C2005%2C2004%2C2003%2C3040%2C3126
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.79.29.97 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-79-29-97.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 23 Sep 2022 03:35:23 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2

200

sid Show response
mug.criteo.com/ Frame B4C1
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=FwOL63xPdWFJWXIvai9QTENRVEg3QWlZTHJPajRBSC81M1ZuYzNycm16amZ4MmxhcU5kTWd4eG4wSWV2dFBuWlkwRjNPQlF1ZzBUeUdCbjUwU2VHY0FzRm5HYXZiQ0cxWW1pamdJZklONEFJSlFxemtvR21RV21IbXJRUG...

452 B
664 B

24ms
24ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=FwOL63xPdWFJWXIvai9QTENRVEg3QWlZTHJPajRBSC81M1ZuYzNycm16amZ4MmxhcU5kTWd4eG4wSWV2dFBuWlkwRjNPQlF1ZzBUeUdCbjUwU2VHY0FzRm5HYXZiQ0cxWW1pamdJZklONEFJSlFxemtvR21RV21IbXJRUGdEaUxteDk4YzVzdlhCVWFucWM2bGhRbklOdEluZVI2QkdKeHB3Wm9sN0NLU0ZHZHBsMnc0eC9TVlNkZzAzWi9SdG52SnJPbHBreTlyT3haZlhRVmRsOFlNTndDVFVRWGxGb2VGZFZYY08xclZhTXc1RGljTDVpUEZWOFJSSzRNWlh0NFVMcFFGVFkrc3dIYTBrMFhJNGdsR0N2cTNadTJWQnJKdXlpbUpESTMybXhoMlNLUT18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0db63be1686a409fc42adabfc1030b16c1b3f844c79eb2bc0f649f9db70e19d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1548955
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://mug.criteo.com/sid?cpp=FwOL63xPdWFJWXIvai9QTENRVEg3QWlZTHJPajRBSC81M1ZuYzNycm16amZ4MmxhcU5kTWd4eG4wSWV2dFBuWlkwRjNPQlF1ZzBUeUdCbjUwU2VHY0FzRm5HYXZiQ0cxWW1pamdJZklONEFJSlFxemtvR21RV21IbXJRUGdEaUxteDk4YzVzdlhCVWFucWM2bGhRbklOdEluZVI2QkdKeHB3Wm9sN0NLU0ZHZHBsMnc0eC9TVlNkZzAzWi9SdG52SnJPbHBreTlyT3haZlhRVmRsOFlNTndDVFVRWGxGb2VGZFZYY08xclZhTXc1RGljTDVpUEZWOFJSSzRNWlh0NFVMcFFGVFkrc3dIYTBrMFhJNGdsR0N2cTNadTJWQnJKdXlpbUpESTMybXhoMlNLUT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 522118
content-length: 0
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 64B6
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=k4cSu3xWVkI4WlB4am13ZGk5MDJjRG56QkJrS1hYdmJ2TjRTNndjNy9YeGNueDIzeFlNWHhSdXFIc3pKOFlqZEppTDFXMmd5dUFFcmxpUFRLelpmaUJUaWFWTm1YNXJUSmNhQURMdHNQMjVvOC9CdUdabi9odTY5K2tiSl...

417 B
646 B

26ms
26ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=k4cSu3xWVkI4WlB4am13ZGk5MDJjRG56QkJrS1hYdmJ2TjRTNndjNy9YeGNueDIzeFlNWHhSdXFIc3pKOFlqZEppTDFXMmd5dUFFcmxpUFRLelpmaUJUaWFWTm1YNXJUSmNhQURMdHNQMjVvOC9CdUdabi9odTY5K2tiSlVRbjRYWm5tZDNpT3dTYmVxTmZhK2NydmtCVjFadytxTkI3dlJQdTFIb2hJUC9jWlE0ZGFDV1FJS0VvY29CSk1oV3NqMFJkM0FySGdLcjllQnRzaENKQ3BZQUNWZ3FleEJpVWYyT2tUeEJoUDUreDdsK3hjb1Qza3lUR2tHREN1Vi9uU2xDTzhvSHdZTEI1U0JCbmtWaXVKaDQ5Nm93OWRTYUxjaGU4OUE0M0JLZSs1aTZDMD18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2cc43aa7b596cf9914e3b6455656662ee62f89256c0b5d9ee71c9b55d9bddc8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1821328
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:21 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://mug.criteo.com/sid?cpp=k4cSu3xWVkI4WlB4am13ZGk5MDJjRG56QkJrS1hYdmJ2TjRTNndjNy9YeGNueDIzeFlNWHhSdXFIc3pKOFlqZEppTDFXMmd5dUFFcmxpUFRLelpmaUJUaWFWTm1YNXJUSmNhQURMdHNQMjVvOC9CdUdabi9odTY5K2tiSlVRbjRYWm5tZDNpT3dTYmVxTmZhK2NydmtCVjFadytxTkI3dlJQdTFIb2hJUC9jWlE0ZGFDV1FJS0VvY29CSk1oV3NqMFJkM0FySGdLcjllQnRzaENKQ3BZQUNWZ3FleEJpVWYyT2tUeEJoUDUreDdsK3hjb1Qza3lUR2tHREN1Vi9uU2xDTzhvSHdZTEI1U0JCbmtWaXVKaDQ5Nm93OWRTYUxjaGU4OUE0M0JLZSs1aTZDMD18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 544253
content-length: 0
expires: 0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame F5EA 36 B
398 B 294ms
294ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

a358d6c6fa1b9a62b51ad00d510a2ef477b4516ae81251a5466ebe27522921fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 8CB8 30 B
278 B 294ms
294ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=93ae0327-e03a-44fa-b5b1-25af2af5fb0d

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 91F5 30 B
278 B 294ms
294ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=93ae0327-e03a-44fa-b5b1-25af2af5fb0d

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 ls.html Show response
img.scupio.com/html/ Frame 1FD1 1 KB
1 KB 16ms
15ms Document
text/html 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/html/ls.html
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: 204b096d37249d9125a8b3450e44a31773cb148dba50c88d1fd26a0b914216ce

Request headers

Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2796
cache-control: max-age=604800
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 23 Sep 2022 02:49:50 GMT
etag: W/"583295c9-4dc"
expires: Fri, 30 Sep 2022 02:48:46 GMT
last-modified: Mon, 21 Nov 2016 06:35:53 GMT
server: nginx/1.12.1
vary: Origin
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
x-amz-cf-id: V5xz4G69enz_4HPCrNL6sS6zuOPG8m4UGNbzbopY2lEY7DZSKypI1g==
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront

GET
H/1.1

200
OK

ggid.aspx Show response
rec.scupio.com/recweb/ Frame 61C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q0tBMjAyMjA5MjMxMTM1MjIzMDE1ODM%3d&layout=js
https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0

0
551 B

1353ms
292ms

Script
text/javascript

210.59.219.175
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: HTTP/1.1
Server: 210.59.219.175 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 03:35:23 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=" NOI DSP COR CUR ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA "
Cache-Control: private
Content-Type: text/javascript
Content-Length: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:22 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame B4F6
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac

281 B
554 B

75ms
22ms

Document
text/html

23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Sep 2022 03:35:22 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Fri, 23 Sep 2022 03:35:22 GMT
location: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
server: AkamaiGHost

GET
H3 200 /
www.facebook.com/tr/ Frame 61C3 0
15 B 16ms
15ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=588795092476391&ev=ViewContent&dl=https%3A%2F%2Fimg.scupio.com%2Fhtml%2Fad.html%3Fv%3D1.0.65&rl=https%3A%2F%2Fimg.scupio.com%2Fhtml%2Fad.html%3Fv%3D1.0.65&if=true&ts=1663904122807&cd[SBST]=17&cd[PuID]=reurl&ud[external_id]=b2bd5fb87290f4906f8341630c3a781e0e92f45dbda874ef0a5a2e32a95543b9

Requested by

Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 23 Sep 2022 03:35:22 GMT
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 61C3
Redirect Chain

https://sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CKA20220923113522301583
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/fe9655d5-7ed8-358f-b5e6-6b6561b8cc96?gdpr=0&euconsent=
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-jIw2fHtE2oXKSDNXWYYhAASehzTKKp9pX8aRbuI-~A&redirect=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=

70 B
265 B

123ms
39ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:24 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
date: Fri, 23 Sep 2022 03:35:24 GMT
connection: close
content-length: 111
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 ls.html Show response
img.scupio.com/html/ Frame BBA5 1 KB
1 KB 15ms
15ms Document
text/html 13.32.99.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.scupio.com/html/ls.html
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-117.fra60.r.cloudfront.net
Software: nginx/1.12.1 /
Resource Hash: 204b096d37249d9125a8b3450e44a31773cb148dba50c88d1fd26a0b914216ce

Request headers

Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2796
cache-control: max-age=604800
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 23 Sep 2022 02:49:50 GMT
etag: W/"583295c9-4dc"
expires: Fri, 30 Sep 2022 02:48:46 GMT
last-modified: Mon, 21 Nov 2016 06:35:53 GMT
server: nginx/1.12.1
vary: Origin
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
x-amz-cf-id: JKsaU4J05mwseMk0bBtYzGBi3lDTGzSRKJQDWovYhnQsk4YASBxt4A==
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront

GET
H/1.1

200
OK

ggid.aspx Show response
rec.scupio.com/recweb/ Frame 5754
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q1ZBMjAyMjA5MjMxMTM1MjI1MzIxMjY%3d&layout=js
https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0

0
551 B

1359ms
298ms

Script
text/javascript

210.59.219.175
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: HTTP/1.1
Server: 210.59.219.175 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 03:35:23 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=" NOI DSP COR CUR ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA "
Cache-Control: private
Content-Type: text/javascript
Content-Length: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:22 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_gid=CAESENGddrXX2k9f_D5_sCStFMM&google_cver=1&google_ula=3918219,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame F943
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac

281 B
554 B

75ms
22ms

Document
text/html

23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Sep 2022 03:35:22 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Fri, 23 Sep 2022 03:35:22 GMT
location: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
server: AkamaiGHost

GET
H3 200 /
www.facebook.com/tr/ Frame 5754 0
15 B 16ms
15ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1588263144793165&ev=ViewContent&dl=https%3A%2F%2Fimg.scupio.com%2Fhtml%2Fad.html%3Fv%3D1.0.65&rl=https%3A%2F%2Fimg.scupio.com%2Fhtml%2Fad.html%3Fv%3D1.0.65&if=true&ts=1663904122816&cd[SBST]=17&cd[PuID]=reurl

Requested by

Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 23 Sep 2022 03:35:22 GMT
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i

GET
H/1.1

200
OK

idsync
sync.aralego.com/ Frame 5754
Redirect Chain

https://sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CVA20220923113522532126
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/fe9655d5-7ed8-358f-b5e6-6b6561b8cc96?gdpr=0&euconsent=
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-vaYyvi9E2oV4LQkz.pCcEviv8orUUVaOj0tFggI-~A&redirect=

35 B
155 B

315ms
106ms

Image
image/gif

162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-vaYyvi9E2oV4LQkz.pCcEviv8orUUVaOj0tFggI-~A&redirect=
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/html/ad.html?v=1.0.65
Protocol: HTTP/1.1
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
connection: close
content-length: 35
content-type: image/gif

Redirect headers

date: Fri, 23 Sep 2022 03:35:23 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-vaYyvi9E2oV4LQkz.pCcEviv8orUUVaOj0tFggI-~A&redirect=
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 8CB8 0
194 B 297ms
297ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&mp=93ae0327-e03a-44fa-b5b1-25af2af5fb0d

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net/ Frame 8CB8 0
79 B 1612ms
291ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net/pixel?bd=93ae0327-e03a-44fa-b5b1-25af2af5fb0d&t=cf&referrer=https%3A%2F%2Freurl.cc

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 pixel
93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net/ Frame 91F5 0
79 B 1603ms
291ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net/pixel?bd=93ae0327-e03a-44fa-b5b1-25af2af5fb0d&t=cf&referrer=https%3A%2F%2Freurl.cc

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 91F5 0
194 B 294ms
294ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6&mp=93ae0327-e03a-44fa-b5b1-25af2af5fb0d

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2

200

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame 7D86
Redirect Chain

https://ads.aralego.com/sdk
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

43 KB
43 KB

66ms
25ms

Script
application/octet-stream

2606:4700:20::681a:567
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Server: 2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28bf646c6e799ca96adb3a5b48fe882639d31e27102cad9ed2979555da55944a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4302
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43705
last-modified: Thu, 22 Sep 2022 10:05:53 GMT
server: cloudflare
etag: "632c3381-aab9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JzDfARHtjTOScGRlMc8S9%2BhmcgMC2UpZ%2B0gz0AyzeihPNPQNHBCV9v05XMV3R5gOBeraB1obUhgo1pI3kZRqxuoXUjAiqNXuJQ7W6osqNi0O3KmMmwb%2BzTi6n7plaz2JKi5dRFThzoXmankOwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 74f03ae628a16987-FRA

Redirect headers

location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
connection: close
content-length: 0

GET
H2

200

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame 81DE
Redirect Chain

https://ads.aralego.com/sdk
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

43 KB
43 KB

66ms
26ms

Script
application/octet-stream

2606:4700:20::681a:567
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H2
Server: 2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28bf646c6e799ca96adb3a5b48fe882639d31e27102cad9ed2979555da55944a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4302
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43705
last-modified: Thu, 22 Sep 2022 10:05:53 GMT
server: cloudflare
etag: "632c3381-aab9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UpcDa2%2FLABcugB2u8JQO%2FnWVy8o9QMJ6S2tqmlzjYohrVsHqSClLO33AzT7VB3ChOYwsaRddR9ShtxrA2YX8aheoGyjDBdeVLtalaQIeiFiW86F31sv7ODDjPjAaXqILQew9AHR9WrMm8VwLLg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 74f03ae628a26987-FRA

Redirect headers

location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
connection: close
content-length: 0

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame F5EA 0
187 B 295ms
295ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&mp=93ae0327-e03a-44fa-b5b1-25af2af5fb0d

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net/ Frame F5EA 0
79 B 1192ms
291ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net/pixel?bd=93ae0327-e03a-44fa-b5b1-25af2af5fb0d&t=50ef57&referrer=https%3A%2F%2Freurl.cc

Requested by

Host: reurl.cc
URL: https://reurl.cc/O4ooex

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 pixel
3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/ Frame AE1B 0
79 B 620ms
292ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net/pixel?bd=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069&t=50ef57&referrer=https%3A%2F%2Freurl.cc

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame AE1B 0
187 B 294ms
294ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV&mp=3514a2a4-7d1c-4fa3-8bf4-9dda4562a069

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame B4F6 31 KB
10 KB 22ms
22ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 1219d714e27f186eb7bbf428f0553a2a5a32fd30e6321b10af81582c66fa173d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 03:35:23 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Sep 2022 22:38:47 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=80587
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9421
Expires: Sat, 24 Sep 2022 01:58:30 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame F943 31 KB
10 KB 22ms
22ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 1219d714e27f186eb7bbf428f0553a2a5a32fd30e6321b10af81582c66fa173d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 03:35:23 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Sep 2022 22:38:47 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=80587
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9421
Expires: Sat, 24 Sep 2022 01:58:30 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame B4F6 284 B
536 B 155ms
16ms Image
image/jpg 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Content-Type: image/jpg

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame F943 284 B
536 B 152ms
17ms Image
image/jpg 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/jpg

GET
H/1.1 204
No Content sync.php
pixel-apac.rubiconproject.com/exchange/ Frame B4F6 0
239 B 723ms
174ms Image
image/gif 69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 38ddff6a66d3988dfd0c6ea3be81c5f1
Content-Type: image/gif

GET
H3 200 ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 7D86 975 B
813 B 40ms
20ms Stylesheet
text/css 2606:4700:20::681a:567
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 353
cf-polished: origSize=1191
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Mar 2018 07:19:46 GMT
server: cloudflare
etag: W/"5aab7012-4a7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5sLXCTYvTubJCRgtoycZHWxOR10EHWMDNLSqLnlk7Jvl5fkgTA8Xhu0Xp5DBEVgu8n4ngJ8nxcpGz1iMMUAy5AStQbWHQ3LuGW1VeJSl9XT19DSPbZewr%2BkuUZ2onJ1VxKvpqayv1MP7os4TdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 74f03ae679dc923e-FRA
cf-bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame 7D86 46 B
486 B 315ms
106ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: b01522c537d24186bf68464ed03141b13ffb0158c9f3ff352f06527bd9fee689

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
connection: close
content-length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ Frame 7D86 555 B
1 KB 378ms
176ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FO4ooex&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.7821293038321235&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&ao=https%3A%2F%2Freurl.cc&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: fdfa393e5fb39c4ab607d817e8d0b5fe3573a4a2e3e8554131fbade8d615bcbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
x-width: 300
x-height: 250
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-expose-headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
x-adsource: PSA
x-sspid: fe9655d5-7ed8-358f-b5e6-6b6561b8cc96
connection: close
access-control-allow-credentials: true
content-length: 555
x-adstyle: banner
x-adtype: html

GET
H3 200 ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 81DE 975 B
781 B 26ms
21ms Stylesheet
text/css 2606:4700:20::681a:567
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 353
cf-polished: origSize=1191
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Mar 2018 07:19:46 GMT
server: cloudflare
etag: W/"5aab7012-4a7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iGtNo5ScPQQ6S31vccrzsaQ1%2BPJQlvN3sQ2GbTn%2BmLlRgQq%2FehDYLykZWj%2FXPsTna7asuOzgRfGsYuzKgrNLh9bdcvhUKwOkjbvcxlwdfprJZKTxrtCq5XhB0b6IolPzWJ%2BchLey1ja9EuIBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 74f03ae679da923e-FRA
cf-bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame 81DE 46 B
486 B 317ms
108ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: b01522c537d24186bf68464ed03141b13ffb0158c9f3ff352f06527bd9fee689

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
connection: close
content-length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ Frame 81DE 552 B
1 KB 377ms
168ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FO4ooex&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.4889835028055358&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&ao=https%3A%2F%2Freurl.cc&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 99ec1b27528b2883154fd166e11c3fa740d28609937a1a0287d95674ea99c2bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
x-width: 300
x-height: 250
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-expose-headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
x-adsource: PSA
x-sspid: fe9655d5-7ed8-358f-b5e6-6b6561b8cc96
connection: close
access-control-allow-credentials: true
content-length: 552
x-adstyle: banner
x-adtype: html

GET
H3 200 cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame 6963 714 B
774 B 22ms
22ms Document
text/html 2606:4700:20::681a:567
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
age: 858
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 74f03ae85a8f923e-FRA
content-encoding: br
content-type: text/html
date: Fri, 23 Sep 2022 03:35:24 GMT
last-modified: Wed, 09 Feb 2022 05:59:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fqW0ndKA8PG%2BJMHT0m3SYu3pBEOdnLOATLEwp2BaJWpKlLylxmAktpjrxPjGClF2kElWuhyG7JXczLsVyJNjWioaxI1T349GHjZzlLepMZgsCtUtrAEWETjsZJ%2BVppMa8zULN1DxhcW%2FZcedzA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK idsync
sync.aralego.com/ Frame 7D86 35 B
384 B 315ms
106ms Image
image/gif 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
connection: close
content-length: 35
content-type: image/gif

GET
H3 200 cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame D155 714 B
777 B 21ms
21ms Document
text/html 2606:4700:20::681a:567
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
age: 858
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 74f03ae86a95923e-FRA
content-encoding: br
content-type: text/html
date: Fri, 23 Sep 2022 03:35:24 GMT
last-modified: Wed, 09 Feb 2022 05:59:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AaiSg%2FkDNUYR0pFPVlXiCf6oRv3QPghGn8ixr9kPcCWFEmhSZrnthZbb5blkk%2FK%2FAntN%2BncJuRFzjLINdBnlpYUuZbgccaxt6wukFMEQl4iEfqbnqW2FouhB%2FrLv1nC%2F2zUcQ4zYH9ZUrUxOCw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK idsync
sync.aralego.com/ Frame 81DE 35 B
384 B 315ms
105ms Image
image/gif 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
connection: close
content-length: 35
content-type: image/gif

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 6963 80 KB
28 KB 65ms
26ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04965fb3a6380db0aad21acd082a7cd8b77c4adccff9c558f6a46b4c5a859770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27783
x-xss-protection: 0
server: sffe
etag: "1342 / 741 of 1000 / last-modified: 1663884398"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 23 Sep 2022 03:35:24 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame D155 80 KB
27 KB 68ms
43ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04965fb3a6380db0aad21acd082a7cd8b77c4adccff9c558f6a46b4c5a859770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27783
x-xss-protection: 0
server: sffe
etag: "1342 / 818 of 1000 / last-modified: 1663884398"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 23 Sep 2022 03:35:24 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame C506 118 KB
40 KB 84ms
46ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: ads.aralego.com
URL: https://ads.aralego.com/sdk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db74fdebdd9b3681871598bfca8c3fbc7dcf3eaccc20224f709d6e749156affd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40718
x-xss-protection: 0
server: cafe
etag: 12630676057354110277
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 23 Sep 2022 03:35:24 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 0426 118 KB
40 KB 94ms
68ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: ads.aralego.com
URL: https://ads.aralego.com/sdk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

10631b2d8f19f197062e3f4335ccc6bbf67335aed0ec97dd1254cc8d18c6adf5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40722
x-xss-protection: 0
server: cafe
etag: 3388967659103901809
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 23 Sep 2022 03:35:24 GMT

GET
H3 200 pubads_impl_2022091901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 6963 379 KB
128 KB 50ms
18ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64c070e33c73628d39ab223f17487bc8efb2944794231186aeef2c3e32f5288

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 19 Sep 2022 10:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320554
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131339
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 08:34:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 19 Sep 2023 10:32:50 GMT

GET
H3 200 pubads_impl_2022091901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame D155 379 KB
128 KB 39ms
16ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64c070e33c73628d39ab223f17487bc8efb2944794231186aeef2c3e32f5288

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 19 Sep 2022 10:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320554
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131339
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 08:34:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 19 Sep 2023 10:32:50 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209080101/ Frame C506 346 KB
122 KB 105ms
73ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

163f66292859cafd647057baaa7badeae1f4ab965ab8def9b0712cf1877f446d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124748
x-xss-protection: 0
server: cafe
etag: 9061201897695642010
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 23 Sep 2022 03:35:24 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209080101/ Frame 0426 346 KB
122 KB 53ms
42ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a685111f5d5e2857fff5e252c2e677a3dab034b3c498e6454d13bb676632593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124742
x-xss-protection: 0
server: cafe
etag: 1179104162650112180
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 23 Sep 2022 03:35:24 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6963 107 B
792 B 92ms
26ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6963 107 B
549 B 64ms
25ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6963 492 B
262 B 56ms
55ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1651761858534213&correlator=577063023252176&eid=31068928%2C31069763&output=ldjh&gdfp_req=1&vrg=2022091901&ptt=17&impl=fifs&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=64515409&sfv=1-0-38&fsapi=false&sc=1&cdm=cdn.aralego.net&abxe=1&dt=1663904124448&lmt=1644386353&dlt=1663904124229&idt=200&adxs=-12245933&adys=-12245933&biw=-12245933&bih=-12245933&scr_x=-12245933&scr_y=-12245933&ucis=ln8rxx1s1o7p&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=5&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Freurl.cc%2F&top=https%3A%2F%2Freurl.cc%2F&frm=8&vis=1&psz=0x0&msz=0x-1&fws=256&ohw=0&ea=0&ga_vid=1749719437.1663904124&ga_sid=1663904124&ga_hid=1647913687&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85c6051e1ac751f0e6bd78d155846cc317ed69648317b9231f3ba0289beff9c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c6d85ec7a9819dbe89b337da69213853.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C2AA 6 KB
4 KB 78ms
23ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c6d85ec7a9819dbe89b337da69213853.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:24 GMT
expires: Sat, 23 Sep 2023 03:35:24 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame D155 107 B
165 B 75ms
36ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame D155 107 B
165 B 47ms
34ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame D155 492 B
262 B 49ms
49ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4096049460177475&correlator=3488317833979155&eid=31069761%2C44761477&output=ldjh&gdfp_req=1&vrg=2022091901&ptt=17&impl=fifs&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=64515409&sfv=1-0-38&fsapi=false&sc=1&cdm=cdn.aralego.net&abxe=1&dt=1663904124471&lmt=1644386353&dlt=1663904124243&idt=220&adxs=-12245933&adys=-12245933&biw=-12245933&bih=-12245933&scr_x=-12245933&scr_y=-12245933&ucis=8glv0w6k2mbt&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=5&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Freurl.cc%2F&top=https%3A%2F%2Freurl.cc%2F&frm=8&vis=1&psz=0x0&msz=0x-1&fws=256&ohw=0&ea=0&ga_vid=151771599.1663904124&ga_sid=1663904124&ga_hid=587125688&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49516259cbd44db6174106d6322f42139333f8a6e9ca7010ce41b131cb749731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
dc75fe7fed10655da611c60bb6d65efc.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2399 6 KB
4 KB 87ms
23ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://dc75fe7fed10655da611c60bb6d65efc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:24 GMT
expires: Sat, 23 Sep 2023 03:35:24 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 0426 212 B
453 B 24ms
23ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

05be585d250440d34ad53882f03f099e50da1dce55442d95b19b6bcfcb6da29d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 0426 107 B
165 B 24ms
23ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0426 107 B
122 B 57ms
25ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 176C 68 KB
26 KB 496ms
496ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99b0a389e99b85e6d35fe13231e4d9ec60b014ffa616ea0afb1bdb32c7da8c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 26543
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame C506 212 B
219 B 24ms
24ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

e3d86dd4ed25f13b326460d2e1d6470bf6e4f4b1b89c416f88b970d3514e7e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame C506 107 B
122 B 56ms
25ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame C506 107 B
122 B 33ms
33ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8D99 79 KB
27 KB 411ms
411ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124380&bpp=11&bdt=493&idt=159&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=1&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=1066432199&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=2507708330&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=1086572808427863&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ndgrug4yih8f&fsb=1&dtd=174

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

34f9f3cbb4a43972771a70908f8f6602bbe01be8f436502173d5342417bd923b

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJvqpPL9qfoCFY6mdwodt58A8A&gqi=fCktY5nkItKj9u8Pv4aNqAc&layout=/sadbundle/%24csp%253Der3%24/1838989884782542848/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 26806
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJvqpPL9qfoCFY6mdwodt58A8A&gqi=fCktY5nkItKj9u8Pv4aNqAc&layout=/sadbundle/%24csp%253Der3%24/1838989884782542848/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 70ms
24ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://img.scupio.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 23 Sep 2022 03:35:23 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 437143
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4B4C
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=4EMQC3x4ZHZ5aXRFcmVvYTNET1FYRUJCbzBoc1IwVU93OGN0S1duVlFkQ1dtUFU4YTN4S0huNnpxZnh6eHo1ZkRUbktGL3hvaVdFWk0vZHpvM3pSdUM5QmtHYXp4S1lRakRXY0NQT0kvM1NaeE5ZVXQybGdlVm1YcndjYW...

428 B
695 B

25ms
25ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=4EMQC3x4ZHZ5aXRFcmVvYTNET1FYRUJCbzBoc1IwVU93OGN0S1duVlFkQ1dtUFU4YTN4S0huNnpxZnh6eHo1ZkRUbktGL3hvaVdFWk0vZHpvM3pSdUM5QmtHYXp4S1lRakRXY0NQT0kvM1NaeE5ZVXQybGdlVm1YcndjYWFzNFQ5MzAyaHNERnNLeHpkWHZqV2RqOWVhSVVHdXYxRFlkMnFrOFNlQ1FRa041U3RRZ2tlTlp2dDVRcVlSR2F4blBKWjd5Q0p0TzkvdDU5ZUxMTWM1clR6S2RGSlo4OHBvc2FHc2F4T1JzcjYyMFVsZG1aeDhWeXgwWFFNUXkwUU52S2MwS0dPa21SOEhyYUQvK2NEbjlraWRoVEdIRGpRdm04dHZRdUlJUTRxSDVMYVpEST18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6eac9ad9a449ab03088fcd5eb641c72c48c02316458cc95de984b0f25c88ccc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1835975
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:23 GMT
server: Kestrel
location: https://mug.criteo.com/sid?cpp=4EMQC3x4ZHZ5aXRFcmVvYTNET1FYRUJCbzBoc1IwVU93OGN0S1duVlFkQ1dtUFU4YTN4S0huNnpxZnh6eHo1ZkRUbktGL3hvaVdFWk0vZHpvM3pSdUM5QmtHYXp4S1lRakRXY0NQT0kvM1NaeE5ZVXQybGdlVm1YcndjYWFzNFQ5MzAyaHNERnNLeHpkWHZqV2RqOWVhSVVHdXYxRFlkMnFrOFNlQ1FRa041U3RRZ2tlTlp2dDVRcVlSR2F4blBKWjd5Q0p0TzkvdDU5ZUxMTWM1clR6S2RGSlo4OHBvc2FHc2F4T1JzcjYyMFVsZG1aeDhWeXgwWFFNUXkwUU52S2MwS0dPa21SOEhyYUQvK2NEbjlraWRoVEdIRGpRdm04dHZRdUlJUTRxSDVMYVpEST18&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 425919
content-length: 0
expires: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6963 14 KB
11 KB 61ms
29ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022091901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d193c401080a0bcf073ee92a0a34729fd356ad2d22b08fc8f5bf5d9e6f4f95e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11236
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D155 14 KB
11 KB 60ms
30ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022091901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e60e804c9c14c11076198850df44de292a1bdb419b06f55657e4ff050755cd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11172
x-xss-protection: 0

GET
H/1.1 200
OK idSync
sync.aralego.com/ Frame 4B4C 35 B
266 B 304ms
102ms Image
image/gif 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idSync
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
connection: close
content-length: 35
content-type: image/gif

GET
H3 200 cm
c.holmesmind.com/ Frame 4B4C 0
13 B 129ms
129ms Image
text/html 35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 51ms
23ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://img.scupio.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 23 Sep 2022 03:35:24 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 377096
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame FA4C
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=Y_7OmHx1dGRCbzdQUXBGbmw2eXdQNCt4OTdMejdsZ0Z1L3U3UE1IVTZPMFQwenJlTis1OW1aR0JrbnYybUVQdWFuQTU1cTRjRWNKd2k0QXMrVTcxeUFWVncyNE5TekxEbGtTeUhzeUJZMnJOU3NQTDgvTWFITnFTdlE1S0...

424 B
698 B

25ms
24ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Y_7OmHx1dGRCbzdQUXBGbmw2eXdQNCt4OTdMejdsZ0Z1L3U3UE1IVTZPMFQwenJlTis1OW1aR0JrbnYybUVQdWFuQTU1cTRjRWNKd2k0QXMrVTcxeUFWVncyNE5TekxEbGtTeUhzeUJZMnJOU3NQTDgvTWFITnFTdlE1S0ZPcldmRm5Tb2t6b0FoT0lqWmhLNXZjZWdXLytYU0lMamFiTmlYTWRNVGwrT2EvMWNLSEhuaHdtYmJ3VGNwb1FOd3ZiWnlYeE9NZWxBR0JxM3pKbkd1a1puaVYvclg2bkJ0VDMzVE1FSWtGUEZKa1ZadGt6V2lFTjFIN2RiYnlBeHkvWlp4aFVDYVcwc3dNVW5hbXMvRVJiVVg5dWlhVGQrRWlCMW9hc3g0OHN5QTRUNDBYYz18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c898fb5a5d04526b7f0d2d921fa5ed1e306cc7ef781b09a570262e4961baff2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1632088
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:24 GMT
server: Kestrel
location: https://mug.criteo.com/sid?cpp=Y_7OmHx1dGRCbzdQUXBGbmw2eXdQNCt4OTdMejdsZ0Z1L3U3UE1IVTZPMFQwenJlTis1OW1aR0JrbnYybUVQdWFuQTU1cTRjRWNKd2k0QXMrVTcxeUFWVncyNE5TekxEbGtTeUhzeUJZMnJOU3NQTDgvTWFITnFTdlE1S0ZPcldmRm5Tb2t6b0FoT0lqWmhLNXZjZWdXLytYU0lMamFiTmlYTWRNVGwrT2EvMWNLSEhuaHdtYmJ3VGNwb1FOd3ZiWnlYeE9NZWxBR0JxM3pKbkd1a1puaVYvclg2bkJ0VDMzVE1FSWtGUEZKa1ZadGt6V2lFTjFIN2RiYnlBeHkvWlp4aFVDYVcwc3dNVW5hbXMvRVJiVVg5dWlhVGQrRWlCMW9hc3g0OHN5QTRUNDBYYz18&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 427747
content-length: 0
expires: 0

GET
H/1.1 200
OK idSync
sync.aralego.com/ Frame FA4C 35 B
266 B 315ms
106ms Image
image/gif 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idSync
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
connection: close
content-length: 35
content-type: image/gif

GET
H3 200 cm
c.holmesmind.com/ Frame FA4C 0
13 B 131ms
130ms Image
text/html 35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm
Requested by: Host: img.scupio.com
URL: https://img.scupio.com/js/prebid.js?v=5.20.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.scupio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6963 17 KB
7 KB 151ms
34ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 23 Sep 2022 03:35:24 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D155 17 KB
6 KB 157ms
45ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 23 Sep 2022 03:35:24 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 67ms
23ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 23 Sep 2022 03:35:24 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 700756
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 66ms
23ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 23 Sep 2022 03:35:24 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 475486
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B9D8 13 KB
5 KB 49ms
16ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 31972
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 22 Sep 2022 18:42:32 GMT
expires: Fri, 22 Sep 2023 18:42:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9631 783 B
537 B 70ms
36ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

86b6827f8f436695b0aa72540be090b138990c37693485e88ce229b116d4b3d1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ICMDRAgG4AGR5C1gZA72Dw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-ICMDRAgG4AGR5C1gZA72Dw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:24 GMT
expires: Fri, 23 Sep 2022 03:35:24 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3F93 13 KB
5 KB 39ms
15ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 31972
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 22 Sep 2022 18:42:32 GMT
expires: Fri, 22 Sep 2023 18:42:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D551 783 B
534 B 52ms
28ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f1553bfa4506608f7ba25955a8cfdd2abe7dac78a7057d4c279adb7b2b16f76c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-agT9JJPn3FTsyJ8Q_yl7Rw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-agT9JJPn3FTsyJ8Q_yl7Rw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:24 GMT
expires: Fri, 23 Sep 2022 03:35:24 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js Show response
pagead2.googlesyndication.com/bg/ Frame 3F93 36 KB
16 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 21:46:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16009
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Sep 2023 21:46:51 GMT

GET
H3 200 f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js Show response
pagead2.googlesyndication.com/bg/ Frame B9D8 36 KB
16 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 21:46:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16009
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Sep 2023 21:46:51 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D551 0
0 49ms
49ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022091901&jk=4096049460177475&rc=
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9631 0
0 49ms
49ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022091901&jk=1651761858534213&rc=
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3F93 0
10 B 17ms
16ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-2iXcg
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/ Frame CF5E 105 KB
26 KB 19ms
16ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124380&bpp=11&bdt=493&idt=159&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=1&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=1066432199&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=2507708330&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=1086572808427863&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ndgrug4yih8f&fsb=1&dtd=174

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a8c742162d4336f7579cc2113eeb132065b6875c822c0f6190c8fde9d04adfb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 10487
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 26541
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 00:40:38 GMT
expires: Sat, 23 Sep 2023 00:40:38 GMT
last-modified: Thu, 03 Mar 2022 09:38:55 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D058 143 B
166 B 17ms
15ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124380&bpp=11&bdt=493&idt=159&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=1&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=1066432199&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=2507708330&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=1086572808427863&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ndgrug4yih8f&fsb=1&dtd=174
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3363
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 02:39:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame 8D99 3 KB
1 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Oct 2022 03:21:22 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame 8D99 17 KB
7 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 02:49:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2782
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7553
x-xss-protection: 0
server: cafe
etag: 15375136450269253166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Oct 2022 02:49:03 GMT

POST
H3 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 8D99 0
20 B 51ms
51ms Other
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJvqpPL9qfoCFY6mdwodt58A8A&gqi=fCktY5nkItKj9u8Pv4aNqAc&layout=/sadbundle/%24csp%253Der3%24/1838989884782542848/index.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 176C 6 KB
1 KB 64ms
26ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 23 Sep 2022 01:59:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 23 Sep 2022 03:35:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 23 Sep 2022 03:35:25 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame 176C 2 KB
902 B 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 02:52:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Oct 2022 02:52:04 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/ Frame 176C 23 KB
9 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d485f54c3ae5920cd21c8d180458c50f092554777b97f9c52ac6f76359838a05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 02:59:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2144
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9559
x-xss-protection: 0
server: cafe
etag: 12142024561622733046
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Oct 2022 02:59:41 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame 176C 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Oct 2022 03:21:22 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame 176C 17 KB
7 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 02:49:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2782
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7553
x-xss-protection: 0
server: cafe
etag: 15375136450269253166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Oct 2022 02:49:03 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 176C 0
0 23ms
22ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTxtmhPp42Jz5QSZ_KArMEdw5VYzBkSCTExAXF-qgAyTC9NmR5v063LzzfcNv3tMhULl08m0TUf09O3PamvSU3ryyj0Iw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 176C 140 KB
44 KB 28ms
27ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

sffe /

Resource Hash

d862ec0d2b72e9f1575615db28f4196cbf0f586adb2208c605c691d6e06ee6ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44525
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1663760195623328"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 23 Sep 2022 03:35:25 GMT

GET
H2 200 b6810b6596f7ed55ed76c68d0358aca1.js Show response
www.gstatic.com/mysidia/ Frame 176C 33 KB
14 KB 52ms
14ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b6810b6596f7ed55ed76c68d0358aca1.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6480171803c66741b9d13c44e06e9817bb8f51479574044d5226cb2dc28a897

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 20:25:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13684
x-xss-protection: 0
last-modified: Wed, 21 Sep 2022 21:38:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 20:25:22 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B9D8 0
10 B 14ms
14ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?NSq7XQ
Requested by: Host: reurl.cc
URL: https://reurl.cc/O4ooex
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ Frame CF5E 4 KB
737 B 29ms
26ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:500,600|Poppins:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8842d55c7ed6bddca9f29e54a22750272dadb786cb8f6bc7b1e3e337510b2621

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 23 Sep 2022 03:35:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 23 Sep 2022 03:35:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 23 Sep 2022 03:35:25 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame CF5E 16 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 04:14:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84081
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 23 Sep 2022 04:14:04 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame CF5E 33 KB
13 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86453ecc16f6b785226ee9203819ea6bc46dc79171c51ed9605e3e2662281704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 09:36:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64745
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13228
x-xss-protection: 0
server: cafe
etag: 10485928763175976200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 23 Sep 2022 09:36:20 GMT

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/7956631791848451955/ Frame 176C 47 KB
47 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7956631791848451955/2076313506083323656

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df7b60bbb1944b990c04bd69768333a3b6d349a6e37bde5094685975d561ccfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 00:15:27 GMT
x-content-type-options: nosniff
age: 271198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48410
x-xss-protection: 0
last-modified: Wed, 07 Sep 2022 13:02:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 20 Sep 2023 00:15:27 GMT

GET
DATA 200
OK truncated
/ Frame 176C 220 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ffecb68daf9ac9e584116efe781dac3ce40ceea4c6929814550da2e7958a6e8e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8D99 0
0 23ms
23ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTrc1SmfOFA7wMKmPJUKmG81cPJfCobRtyGyh9mnAmvWUvOI-iOn-JuV4QEaD7XSSvE6PPQyH5x5Pde6hVkflcJbZCnKw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124380&bpp=11&bdt=493&idt=159&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=1&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=1066432199&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=2507708330&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=1086572808427863&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ndgrug4yih8f&fsb=1&dtd=174
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8D99 140 KB
44 KB 28ms
28ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

sffe /

Resource Hash

d862ec0d2b72e9f1575615db28f4196cbf0f586adb2208c605c691d6e06ee6ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44525
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1663760195623328"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 23 Sep 2022 03:35:25 GMT

GET
DATA 200
OK truncated
/ Frame 8D99 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0b252678c3f21354e3bdf42c723e9747f7f1c3ef7c6783eee4752a6025a37d27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B1EB 1 KB
749 B 15ms
15ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 65520
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 22 Sep 2022 09:23:25 GMT
etag: 48472445140208031
expires: Fri, 23 Sep 2022 09:23:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 176C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bec548a74f8e11fb02707e5ff945d2ab83f38009967a20f8a75159eee8803b71

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D058
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

32ms
32ms

Document
text/html

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:25 GMT
expires: Fri, 23 Sep 2022 03:35:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:25 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ Frame CF5E 30 KB
31 KB 69ms
16ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:500,600|Poppins:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 03:24:20 GMT
x-content-type-options: nosniff
age: 87065
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Sep 2023 03:24:20 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B1EB
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEE_RC8FCmRENiCiC8k8A1yo&google_cver=1&google_push=AZmPxg-HkrWhxMSLkHH17-xbFao75KAkrLCftXtnYQQQXBsfHMB7DSVqR03QfnuzlB8EeQ62Xj4Ldko8WIf...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AZmPxg-HkrWhxMSLkHH17-xbFao75KAkrLCftXtnYQQQXBsfHMB7DSVqR03QfnuzlB8EeQ62Xj4Ldko8WIfis23Qe21TlV1K5g&google_hm=R69Us9gWQbmIQmM_ItSZvgc

170 B
188 B

27ms
25ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AZmPxg-HkrWhxMSLkHH17-xbFao75KAkrLCftXtnYQQQXBsfHMB7DSVqR03QfnuzlB8EeQ62Xj4Ldko8WIfis23Qe21TlV1K5g&google_hm=R69Us9gWQbmIQmM_ItSZvgc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:24 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AZmPxg-HkrWhxMSLkHH17-xbFao75KAkrLCftXtnYQQQXBsfHMB7DSVqR03QfnuzlB8EeQ62Xj4Ldko8WIfis23Qe21TlV1K5g&google_hm=R69Us9gWQbmIQmM_ItSZvgc
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B1EB
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECLpFUDwvttOGEw2u2wsink&google_cver=1&google_push=AZmPxg-Ov7-p5FsQ5WcDlD2Uq8ziqH7HCq8VPEaEqy-i-rfQMV3K-7Ipfhrquc0yN6hJ3I_gZKveO8J1LO0phHmeNARypDp...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-Ov7-p5FsQ5WcDlD2Uq8ziqH7HCq8VPEaEqy-i-rfQMV3K-7Ipfhrquc0yN6hJ3I_gZKveO8J1LO0phHmeNARypDpjAB8&google_hm=ODA1NzM1MjMwODE2MTcyMTU...

170 B
188 B

26ms
25ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-Ov7-p5FsQ5WcDlD2Uq8ziqH7HCq8VPEaEqy-i-rfQMV3K-7Ipfhrquc0yN6hJ3I_gZKveO8J1LO0phHmeNARypDpjAB8&google_hm=ODA1NzM1MjMwODE2MTcyMTUzNA%3D%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 23 Sep 2022 03:35:25 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-Ov7-p5FsQ5WcDlD2Uq8ziqH7HCq8VPEaEqy-i-rfQMV3K-7Ipfhrquc0yN6hJ3I_gZKveO8J1LO0phHmeNARypDpjAB8&google_hm=ODA1NzM1MjMwODE2MTcyMTUzNA%3D%3D
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B1EB
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAPqWh6SN4piym1vki8lvWg&google_cver=1&google_push=AZmPxg9UIK55bjuM3zbd9RP054MX_WtB3Jxe8QGphaVNJoi8gnN2ouqO1F6-f5svaVppNXPUBodmodB1...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEAPqWh6SN4piym1vki8lvWg&google_cver=1&google_push=AZmPxg9UIK55bjuM3zbd9RP054MX_WtB3Jxe8QGphaVNJoi8gnN2ouqO1F6-f5svaVppNXPUBod...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzEyNzc3ODg3NTIyMzQyNzA0OA&google_push=AZmPxg9UIK55bjuM3zbd9RP054MX_WtB3Jxe8QGphaVNJoi8gnN2ouqO1F6-f5svaVppNXPUBodmod...

170 B
188 B

26ms
26ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzEyNzc3ODg3NTIyMzQyNzA0OA&google_push=AZmPxg9UIK55bjuM3zbd9RP054MX_WtB3Jxe8QGphaVNJoi8gnN2ouqO1F6-f5svaVppNXPUBodmodB1qIedZh6MrGpxmAEMRg

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:25 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzEyNzc3ODg3NTIyMzQyNzA0OA&google_push=AZmPxg9UIK55bjuM3zbd9RP054MX_WtB3Jxe8QGphaVNJoi8gnN2ouqO1F6-f5svaVppNXPUBodmodB1qIedZh6MrGpxmAEMRg
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame B1EB 43 B
351 B 62ms
24ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEBsCruUUCE_eCVU3ueoZSRY&google_cver=1&google_push=AZmPxg-HYo5_KbYrTz_FR4PJqUwpZHc9J93L5PcxzYVMn-yOOZKiawu-kYRng--VI4t1gU9tusRtrwdRlpV_qzzNirWv1lrIxw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:24 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: amna8tk2o3482f1qpjbq5udn6lenv1ut

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B1EB
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAIgYMQ4SyVoc7aEao6J_lQ&google_cver=1&google_push=AZmPxg8E_zBuIJzd_w-kDuWs6-FtNmnAFFYQ9onnkgkcT6pmzc_8Ut_QhdnedFvHd0ndbhjaHK7...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhEWEpaVlktSi1HNTRU&google_push=AZmPxg8E_zBuIJzd_w-kDuWs6-FtNmnAFFYQ9onnkgkcT6pmzc_8Ut_QhdnedFvHd0ndbhjaHK7MLEfN3Ct6mGMFigLRRaH2p4w

170 B
188 B

25ms
25ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhEWEpaVlktSi1HNTRU&google_push=AZmPxg8E_zBuIJzd_w-kDuWs6-FtNmnAFFYQ9onnkgkcT6pmzc_8Ut_QhdnedFvHd0ndbhjaHK7MLEfN3Ct6mGMFigLRRaH2p4w

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhEWEpaVlktSi1HNTRU&google_push=AZmPxg8E_zBuIJzd_w-kDuWs6-FtNmnAFFYQ9onnkgkcT6pmzc_8Ut_QhdnedFvHd0ndbhjaHK7MLEfN3Ct6mGMFigLRRaH2p4w
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B1EB
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEPyyBlX3FtyMojZ64G8_hxU&google_cver=1&google_push=AZmPxg80L4XAzvhNDGA8J9pZbtiCoAxs0ON4iMDOt6FPgy0qibFumXztMker1QKoDj3yIVakRhwG2hATeu7wiqvseDz8M2...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEPyyBlX3FtyMojZ64G8_hxU&google_cver=1&google_push=AZmPxg80L4XAzvhNDGA8J9pZbtiCoAxs0ON4iMDOt6FPgy0qibFumXztMker1QKoDj3yIVakRhwG2hATeu7wiqvs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=wzeuaNgzSHm-fiKuh857og&google_push=AZmPxg80L4XAzvhNDGA8J9pZbtiCoAxs0ON4iMDOt6FPgy0qibFumXztMker1QKoDj3yIVakRhwG2hATeu7wiqv...

170 B
188 B

26ms
25ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=wzeuaNgzSHm-fiKuh857og&google_push=AZmPxg80L4XAzvhNDGA8J9pZbtiCoAxs0ON4iMDOt6FPgy0qibFumXztMker1QKoDj3yIVakRhwG2hATeu7wiqvseDz8M21SLA

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=wzeuaNgzSHm-fiKuh857og&google_push=AZmPxg80L4XAzvhNDGA8J9pZbtiCoAxs0ON4iMDOt6FPgy0qibFumXztMker1QKoDj3yIVakRhwG2hATeu7wiqvseDz8M21SLA
date: Fri, 23 Sep 2022 03:35:25 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B1EB
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEI0RgOeFBrlCahlE_K3taqs&google_cver=1&google_push=AZmPxg9y4Mh5o5cfGCuur9L3dfBnrfn_rMmVg_qvs-jn2UnsZECcSQQ7sNBcPLzWU4ucaJDler...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS16ZVFIZ2FCRTJ1R2xWUFRfcHRQY1pxOVdhUkozLmtKRX5B&google_push=AZmPxg9y4Mh5o5cfGCuur9L3dfBnrfn_rMmVg_qvs-jn2UnsZECcSQQ7s...

170 B
188 B

26ms
26ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS16ZVFIZ2FCRTJ1R2xWUFRfcHRQY1pxOVdhUkozLmtKRX5B&google_push=AZmPxg9y4Mh5o5cfGCuur9L3dfBnrfn_rMmVg_qvs-jn2UnsZECcSQQ7sNBcPLzWU4ucaJDlercptZCfhjpONzW0LqjxLxj1j5c

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS16ZVFIZ2FCRTJ1R2xWUFRfcHRQY1pxOVdhUkozLmtKRX5B&google_push=AZmPxg9y4Mh5o5cfGCuur9L3dfBnrfn_rMmVg_qvs-jn2UnsZECcSQQ7sNBcPLzWU4ucaJDlercptZCfhjpONzW0LqjxLxj1j5c
date: Fri, 23 Sep 2022 03:35:25 GMT
server: ATS/9.1.10.25
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B1EB 0
12 B 23ms
23ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jjm71mlAwtTeLzqt0Cqt5T2C0kFB7xa73hmLZyReQvXTEFt9DLiZ0WGvMhrqdspt8drGaBVQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 176C 15 KB
15 KB 49ms
16ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 16 Sep 2022 13:27:29 GMT
x-content-type-options: nosniff
age: 569276
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Sep 2023 13:27:29 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 176C 15 KB
16 KB 48ms
18ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 19 Sep 2022 16:44:52 GMT
x-content-type-options: nosniff
age: 298233
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Sep 2023 16:44:52 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 176C 15 KB
15 KB 52ms
27ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 19 Sep 2022 16:39:45 GMT
x-content-type-options: nosniff
age: 298540
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Sep 2023 16:39:45 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C506 14 KB
11 KB 32ms
31ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220921&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4ec6d307cc6c7937991890283c1f3bba7e1ffbd553dbd12bf5532890a695bf9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11165
x-xss-protection: 0

GET
H3 200 Logo-Transparent-Small.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/ Frame CF5E 3 KB
3 KB 16ms
15ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/Logo-Transparent-Small.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e327c4cf3b80e5e5bdea164926c57b871c1b240212065782d28cb22dd60fa51b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 12067
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3327
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 09:38:55 GMT
server: sffe
date: Fri, 23 Sep 2022 00:14:18 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 23 Sep 2023 00:14:18 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame CF5E 10 KB
11 KB 71ms
15ms Image
image/jpeg 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQVnSJMD5cnkJHzC9-kto5bW_iagE0oHrxmKCiICAkVcPaBnzo&usqp=CAI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

522ab2e374ffaa11a71bdaa3d97f1d6484213ef7716cc7d7d1464c799fa38bf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 08:30:30 GMT
x-content-type-options: nosniff
age: 155095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10244
x-xss-protection: 0
last-modified: Tue, 03 May 2022 22:35:28 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 21 Sep 2023 08:30:30 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame CF5E 9 KB
10 KB 70ms
15ms Image
image/jpeg 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSSZor2T1yryzWJq8CXVOR9DRkAaa3mfq42FZMb0WZsNFPojzwf_43GQ-HlFA&usqp=CAI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f56bb7d57f95112338405d6b896e13b625841f4820c946feda73beee41abbbf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 08:44:45 GMT
x-content-type-options: nosniff
age: 240640
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9726
x-xss-protection: 0
last-modified: Tue, 07 Jun 2022 22:26:40 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 20 Sep 2023 08:44:45 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame CF5E 17 KB
17 KB 83ms
19ms Image
image/jpeg 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTR7hctHJW_oOq_3GEqM-uC2Od0-ouJGatxs_4ZpoixZOZtwsk&usqp=CAI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bebac62c953edf0d0ce8dced28607c288ca4e8edc7e52b2703bb45f8014bca3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 06:24:56 GMT
x-content-type-options: nosniff
age: 76229
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17473
x-xss-protection: 0
last-modified: Thu, 19 May 2022 22:32:14 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 22 Sep 2023 06:24:56 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame CF5E 10 KB
10 KB 73ms
18ms Image
image/jpeg 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQJ8qmQh3y8IpLlm2WGnh3kBs2zKuJOHdXISKTA1U5zFBsHPso&usqp=CAI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e06996d9eff7b6a6fe44e35248366b91be97cc7021a7e34bd00fa11c3e587704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 16 Sep 2022 11:43:10 GMT
x-content-type-options: nosniff
age: 575535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10411
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 22:27:07 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 16 Sep 2023 11:43:10 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame CF5E 10 KB
10 KB 81ms
16ms Image
image/jpeg 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcSxcUD6VCahoG4vcK6F_rGL6H30zi9jfFEUvSXevhwnz2AZNYo&usqp=CAI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7748101fe9215a0b58c31df76753bc6c18228f6ffae946569d9a87e6c681a2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 07:28:26 GMT
x-content-type-options: nosniff
age: 418019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9903
x-xss-protection: 0
last-modified: Tue, 03 May 2022 22:36:20 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 18 Sep 2023 07:28:26 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame CF5E 45 KB
45 KB 71ms
16ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQSL3PgKS6RTtsIjqoMJo46zGeWQmLq1L_ow6tTZCAe_toFQhl5&usqp=CAI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69d58ade10b98e22f0a6f8fae9087513cbf0126675613d43f559352486526fd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 06:11:56 GMT
x-content-type-options: nosniff
age: 422609
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45663
x-xss-protection: 0
last-modified: Sat, 07 May 2022 11:49:54 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 18 Sep 2023 06:11:56 GMT

GET
DATA 200
OK truncated
/ Frame CF5E 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0426 15 KB
11 KB 29ms
29ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220921&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7099a14f3f898a18e5c46b0b39e186ac83724b47884a1b5a955b820ea5a57f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Sep 2022 03:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11330
x-xss-protection: 0

GET
H3 200 Logo-Transparent-Small.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/ Frame CF5E 3 KB
3 KB 15ms
14ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1838989884782542848/Logo-Transparent-Small.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e327c4cf3b80e5e5bdea164926c57b871c1b240212065782d28cb22dd60fa51b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 12067
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3327
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 09:38:55 GMT
server: sffe
date: Fri, 23 Sep 2022 00:14:18 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 23 Sep 2023 00:14:18 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C506 17 KB
6 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 23 Sep 2022 03:35:25 GMT

GET
H3 200 f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js Show response
pagead2.googlesyndication.com/bg/ Frame 655B 36 KB
16 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124399&bpp=13&bdt=498&idt=105&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=2&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=911767297&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=1136780418&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069631%2C42531706%2C44773339%2C31069185%2C44771547&oid=2&pvsid=2038667843876803&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.97m6ql11uvrl&fsb=1&dtd=122

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 21:46:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107314
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16009
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Sep 2023 21:46:51 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0426 17 KB
6 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 23 Sep 2022 03:35:25 GMT

GET
H3 200 shopping
encrypted-tbn0.gstatic.com/ Frame CF5E 45 KB
45 KB 50ms
16ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQSL3PgKS6RTtsIjqoMJo46zGeWQmLq1L_ow6tTZCAe_toFQhl5&usqp=CAI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69d58ade10b98e22f0a6f8fae9087513cbf0126675613d43f559352486526fd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 06:11:56 GMT
x-content-type-options: nosniff
age: 422609
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45663
x-xss-protection: 0
last-modified: Sat, 07 May 2022 11:49:54 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 18 Sep 2023 06:11:56 GMT

GET
H3 200 shopping
encrypted-tbn1.gstatic.com/ Frame CF5E 10 KB
10 KB 47ms
15ms Image
image/jpeg 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcSxcUD6VCahoG4vcK6F_rGL6H30zi9jfFEUvSXevhwnz2AZNYo&usqp=CAI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7748101fe9215a0b58c31df76753bc6c18228f6ffae946569d9a87e6c681a2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 07:28:26 GMT
x-content-type-options: nosniff
age: 418019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9903
x-xss-protection: 0
last-modified: Tue, 03 May 2022 22:36:20 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 18 Sep 2023 07:28:26 GMT

GET
H3 200 shopping
encrypted-tbn3.gstatic.com/ Frame CF5E 10 KB
10 KB 51ms
19ms Image
image/jpeg 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQJ8qmQh3y8IpLlm2WGnh3kBs2zKuJOHdXISKTA1U5zFBsHPso&usqp=CAI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e06996d9eff7b6a6fe44e35248366b91be97cc7021a7e34bd00fa11c3e587704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 16 Sep 2022 11:43:10 GMT
x-content-type-options: nosniff
age: 575535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10411
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 22:27:07 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 16 Sep 2023 11:43:10 GMT

GET
H3 200 shopping
encrypted-tbn1.gstatic.com/ Frame CF5E 17 KB
17 KB 50ms
18ms Image
image/jpeg 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTR7hctHJW_oOq_3GEqM-uC2Od0-ouJGatxs_4ZpoixZOZtwsk&usqp=CAI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bebac62c953edf0d0ce8dced28607c288ca4e8edc7e52b2703bb45f8014bca3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 06:24:56 GMT
x-content-type-options: nosniff
age: 76229
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17473
x-xss-protection: 0
last-modified: Thu, 19 May 2022 22:32:14 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 22 Sep 2023 06:24:56 GMT

GET
H3 200 shopping
encrypted-tbn2.gstatic.com/ Frame CF5E 9 KB
10 KB 49ms
17ms Image
image/jpeg 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSSZor2T1yryzWJq8CXVOR9DRkAaa3mfq42FZMb0WZsNFPojzwf_43GQ-HlFA&usqp=CAI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f56bb7d57f95112338405d6b896e13b625841f4820c946feda73beee41abbbf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 08:44:45 GMT
x-content-type-options: nosniff
age: 240640
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9726
x-xss-protection: 0
last-modified: Tue, 07 Jun 2022 22:26:40 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 20 Sep 2023 08:44:45 GMT

GET
H3 200 shopping
encrypted-tbn3.gstatic.com/ Frame CF5E 10 KB
10 KB 48ms
16ms Image
image/jpeg 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQVnSJMD5cnkJHzC9-kto5bW_iagE0oHrxmKCiICAkVcPaBnzo&usqp=CAI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

522ab2e374ffaa11a71bdaa3d97f1d6484213ef7716cc7d7d1464c799fa38bf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 08:30:30 GMT
x-content-type-options: nosniff
age: 155095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10244
x-xss-protection: 0
last-modified: Tue, 03 May 2022 22:35:28 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 21 Sep 2023 08:30:30 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D008 13 KB
5 KB 16ms
15ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 31973
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 22 Sep 2022 18:42:32 GMT
expires: Fri, 22 Sep 2023 18:42:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0999 783 B
536 B 26ms
25ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ef34494b96ed43e92bfaa6b8c2dd7c5f3e5ae486c1b5ff9dcc9da1cbca0baddb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LB6tX2YjkuWKSAAbdRfHpQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-LB6tX2YjkuWKSAAbdRfHpQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:25 GMT
expires: Fri, 23 Sep 2022 03:35:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 190F 13 KB
5 KB 16ms
15ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 31973
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 22 Sep 2022 18:42:32 GMT
expires: Fri, 22 Sep 2023 18:42:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 50E2 783 B
534 B 29ms
28ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8fd0e8586fd46418904197eae706ec25e21e549fab9cadc9fa89c0354403ff79

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-k8c3SqgFUfIsr3Plfg4XDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-k8c3SqgFUfIsr3Plfg4XDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Sep 2022 03:35:25 GMT
expires: Fri, 23 Sep 2022 03:35:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js Show response
pagead2.googlesyndication.com/bg/ Frame D008 36 KB
16 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 21:46:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107314
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16009
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Sep 2023 21:46:51 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0999 0
0 51ms
48ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220921&jk=1086572808427863&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 50E2 0
0 49ms
48ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220921&jk=2038667843876803&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 200 f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js Show response
pagead2.googlesyndication.com/bg/ Frame 190F 36 KB
16 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 21:46:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107314
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16009
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Sep 2023 21:46:51 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame D008 0
10 B 15ms
15ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?djDi3A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 190F 0
10 B 15ms
15ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?tIehDw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 03:35:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D155 0
0 52ms
52ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022091901&jk=4096049460177475&bg=!uLulu__NAAYIxsuQKMY7ACkAdvg8Wr8-bW8VAXCyGEBTuvh-JDhMAvOIOUV3vFSxT88Lp9M2LXvRxwIAAAC5UgAAAAFoAQeZAwD-FjcephTZEbiXH5sKH16dZ5iWbYpLQNVd2hM-XEk-mIg-HTJLOvkbtDPl_rMRYLedMH7gbvBASC09272DcZpwxJQxEs_cLweVgm26tUzFrDA1eJTIWq6rxZ7x7mw0wUH1MvYBHMkJnnnv7U2YhaXTZNp6J4E_H6IC465OKBz19YAxCEE9RJEwn4IVH-6W9e2ytXbm0MBVJM7iiP0NhvgG_uCgCGRW8Es6E1MH6MZkwT7v-DqzIqon7QRvCVjh0oNWIuCpidP5hg-tGp08P6cq4wEki3eNGSOnk0-JjZZ3uID5_5IrpLWUVqN1hGOjYnhact2HGDWtFPb8OwjC9AN7gTAfrI82CZHvY3pQolQMUHpxe6UtjPiANrpxy5udXVUyAk19COyFBK5BcCPAlwRHVs7bSVJXCLqFuUVjMtmetVWRZ7VpmTeFdIEDv3G4WA5PSkt5RNT-cbFAurMqDD06G4i8miqi62bM3EdqnJCcP6xNBbzRHnw-P8Y1LClpEySUN8boP_2esxJxeDNOLkMvOCVyx887OcEOop7-Uv11abEIZVE6CaQN1-NheWpQ_zwGbUAgJh0UI5kLjwC3zG6FC7E8QbVlmGn1ouNPiGnpNjgW5zALGK-CRTdy4FJBJd4CigxmpMWPtgnbJaM5zNNEqXhHdmRfTW_zCaLTAMGZAfUSamofKj-7lTGL3i5P0Ja_f2X30Yr7oWICie7jVIaD7xcsXr8dL64Ey7mNNBOCBOa2EuFuDBEG4g1qHgFjR6z4tdT2n_3qrWGKAHeTjK7mq-4WyWS35MSXkYPg-p9lRBLWSJWAJ8DMkYpMlivGJj12CDtUgdU2nfihf1eoX8hBmCBl1EKLEz_wQmrz0pWjHVcSEES2SWfAkZPs0bGL9Hstn4LykabU-S4Rwo8acUAD_Ckwpc0mfNcdp_v-fwvLwp7j96686y9i-FCaz74Fmlk0qas_9nuXcdAeIpeVI23-8wkht68zoGKz7JjBjewD85IYgIsElezyE3AtbD9TIII
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6963 0
0 52ms
52ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022091901&jk=1651761858534213&bg=!d3SldDDNAAYIxsuQKMY7ACkAdvg8WtyZvrBQ760djm36rUKeggl4XkUDBc5po0yv2Gej3dzZum1JXwIAAADQUgAAAAJoAQeZAwFvi3TZclB20dG8T7ZIjlfliDLLB9X18I1qimMnbkBeKRPILtH1FK0jqFTUYrLTRcV6kjNZI6WMNCTvsc1-f6mJSXko8dkZsTN0D0Nv6KoL7RCNC85Ntwm2svIHu7PMTwWvqa4Zj8SxH0ikDLXhXRfxQYgMN0L2obzOBTDAZJuOADLBwEZaT_eFj29BwUBbPg283y11Rb0BJc-oaPrbtQHiNTImdlxd8DZrAwXFLTpFeLT3qc2WhBMNo-VMiRVxoywYPOLXMR_m7-SpA8dWd2EtXdHDKXpqxA5JibSWbTm1cUXF5-yi-TxDtAjWMqU1a_q7SDKXK4X_aH3iluwQTLg_3vEDiCd7YsY8KpwDaYJNe5eeaZO_DZiKXRs0Y_zYBJx1WlQP4BvSJYdoZqgYdgrBQg_F2UquSd1XBLyQdAJz3kPFj2fAF-DEvGSskZzRi-f-6OmJhLlFLFcjwBKGNMo_AB_qZDZqHjaiuW7TJG4S-eiBjPE6hyhBar9WRvDGjedOWrxgvucmezJoeZZfKiwdNoOzb_SawDx76cRA6uzD4OMC7-IfpBY30KHwFOsHz8FcPkfKcXjfTMQYS6Sutsfgi-5yX1JFu0Piz-nvPW2-wbYeHxgI04tS1L25-FFxb8VHtRXin_fI3hmrbLmBeeBIj4e-rfo7DvB7Zr0snkWu5NU9KEqU2W6BnOmRuepQbblnfem6bNntJHXRyJvrI_aqbD01rimLqUTIFvWefbfihmVBBbWRBSRwbjGamRdTEzEdNlbxu36tMkH7xCaF9MSbMoqJvAlO8A9I9Ih8kwh5psEu9556xaIFg0aW8nV8CqMnN2bDZR7o2X1GhjLZIFHnO52siplT8hDTScGgImdNATk__ywGx8wAzGjXsmCag9So2EfY6C6tzgcVFC3LVtbdDtJjobI1AC0ce9joLraZIDRorfM_Z6W2AcT1nXZl1oB0ld5H2ecqRw1u97XCMz0WZeN4p-cNm9hgoTqjSCO8QbRzVxPISQnobC-1l7NL3z1C
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C506 0
0 52ms
52ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220921&jk=1086572808427863&bg=!R0SlRADNAAYIxsuQKMY7ACkAdvg8WvY2NjuZ78DRpGnGmlaBcBLPGMk1r2KnyMVisqzVUJKn_S3JYQIAAABrUgAAAAFoAQcKAJhkCwv421eEa14yd-YCCROTg2DNizctoRvwYK68q4CVFOjhNlwOm19gifl5wlJipvIvQC37MPOCsC8XbFRPGs8s-wGDSGL2aneppsGWZResqs-jNVzD6V0Mk_VLOANy6iIzukXNPbN7pZjk38Unz5d5G6suTB_D6rIFehmeNmZwk1pKSJCF0JeZQBU7ck8aPeAxhNfGtgadcpkC9w8ZF4QJnI-7eFU-7zujnXP9_dySbNQ8aznk5BjleqcfY6sUmtJhtF4nH5klxE-XV4Mg56L7QlYc6CDfur1h7rYs8jQ1kdrjNm72AIsxnbzIiWvG3iVShuVr1_lPhTvMrGhIlq1fBvMYHDT7_2dlDRFC-_Y1dxIBgK6n1Ft5EbBthPfz4md8CQNYWPjrkEr2HTMjNXlVmfaTn1CsL9o94TuTtehM0vGqcGvAiwQSTTYYZPTDcpaXEuSbZloGlqkjT8MdPUhbUc_dwAjKXBL42QStd6EEkoWmh2Cgepghkj556tZIymPDTijNXotMkDpJ4azOikR7qS5m0MkJDrb3_aNn3zHZ8Tebq5au4tifmxgQzioucDRoaJfMrkeToDy6xvU82rger9IzjzwZz69Sz-M7X87F8-5RJfRQw736E-bTNOFGrBfUy92sv_WMv91LccraWpz9SBJ5ea2BuYa4JIO4AsgtIc7H3tA4RprOVtoGrQJpSOSW_9URuzfOBuQX-NcmkXvpGm419oUbyznDH1LfuDGahzT8z82E0r7Wm1Q49pQPA_CcILNHbWsqtAl9iPmDoj5Bw0QT7YvdSBjwJJlw5R9BRs0Sw0QicU5covTmf7o0Vnunw6pwxj1tZb99FwYVeAS8M9ozPesT138W-XFFlFi8wKEbms1ZiCjpTuXNyANYjsiY2kfsBmhfOk_KjtDIuV5-LRhtftxSLsdwkysxfZResrgvRv_qHm39UxjyMd2PwmWWUslDfbcqyevfWoOmPX2-NZJiGHLrwtmRDjE38FfpT-sd6yzW5BM2_HbIE2OqpJAcwSgHlEpqHJCN7DYQI_qSFKWN8f4ZZkQCVloMEd1XUJUI2PJWXyNTkaFX0kyNtw5FkwyU3h9Or60igmi-HVf2Y615pmTlhIF2UgpGWOBi9DuvliUOVqdduJDi3O4GM_D65X8kPxvRz2rkyUgQeTdHVcIOfXTCzbxsSTykm5PkKNgEJrO52PWRuOifiUDKf_Xypg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0426 0
0 52ms
51ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220921&jk=2038667843876803&bg=!DwylDEjNAAYIxsuQKMY7ACkAdvg8Wur4gBeTlOLsxY8npU-RJXU5weGl42P-4-eTTtrRL4M4mvB_5AIAAABaUgAAAAJoAQeZAu0YOzgteJibKVVZ9-XYKyI6fzWp-9i9_VjW9fYry3NypMkY8osCKDCbHn5bIR0EW-aF1tzJ0o1E6W_yNiwa_K1zZwNut1yL_qSaiyVqjNT9dlPzYsULHbVvThhTYPkyry6HQ3bV0fo-IEsNUdG5OjLpU36QVEaen4xxMWRK36f9E21YCmeJxCIzuK6x1ST0UzZffNCcU0fJ-C1KFS1kx5ePcRTRpJ8Tn-xRiXZtjdMv9nI95ZGWDOGGUAVaQMfk-jLlDbg-gth6wz7rJm6hFljbwlqdsCf_ha0WFcl7wg_PMfDMaIgfVfpsQiwjtLY_AwpcL9uqXb5Ric3Ehz5DgZ96DX0WWdc-msdYWGYJES88_vdKpeHEklkzZQ1C7NM-ltmGBiSEThrcgweVByIAERihUAftBrcwbw2LkpcJmX0n3itaE1oJnjKkyzhZqj-lq0XQbZU2fiTFs7w57YQGzKc5f2oNvANJV1bCbDN7hu0J-ynMZEr2SydR_n8LDvuzaS8qkPt9Krq1oie_bugbkne8tll4ulp-g60YADQHFqSM24Vd5N2rY08BgvmqXJDJvPOmjgYMt6i2_USyXYoFoiumRFJ9ucchrOxKwnxmtVYRHstIrGaSubvb4wvHMAoa_LqdWgkKwKxR6umu2x-UBVYu94e42cKEcxtsk5tcwmuz2onIdd1pwm9yPaIE2dfqm04su6sw1vqXgTHYRwqx2WKwYzqdOr7rWDXcUO4xJnCGZYmFzQbfKCpkJ-ks-qd7YAtSnRytXGw59ik6CfyNc6BQB3g5-crNxRlBKbE63X1qPiTCsyw2qnRd85X2dEqjL-dlprPLwcZZHHxTg_AL1BD1DMB6DbLQfEwo_c-mic4pj8kD_AOUQWuviJzraMHIVtZQC_f6gQ0IgBBPLDMELT7zYhfzXat5Tc0s-oHaMWw43ps91p_fRa0vDACdVGfbJDIhDEdsD4osAO3lczZIEdbJoJ41hm19c-P7ZNo_zg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8D99 42 B
64 B 59ms
58ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstrQPIWj2-RVkUh17K7aC38Qq6e6QbTn4hnkg0w9Ly_fRkRgoOpAIYw4EwB00KyyaY_j13ncZcl0PgubnJ-OVc3GPrrDex-jlW0Qc70ctv1pJ1UUuvVIgb7ZMg1nB7HHGpr0w0hzQ&sai=AMfl-YTtqlFdhQBIXo7id9_9XL2WOabdcY-kzVJFx6QRPp7cYPtIFrlHiTPvZ4tnstfW5gf4K4uyv12svmkNmITxoRRpAmoalaHesuo&sig=Cg0ArKJSzMtLLXEupsGzEAE&cid=CAASF-Ro7hbrHwacaOEhO7jRt_6qcUbCoi18&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220921&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3645501049&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1663904124555&rpt=653&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 176C 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvC8B80m1EMzdCg95rwsMdkyVRs9UJ3EnpMhyjQPlf7aLt-WmvT3tFEQG9WQ9JD1hzCFp7SzbLPe3wTg9eSO2D6TiTWrTL8hu0WNCcX1y813QXtqHT5QRFe-QUPpffeGU_Dn-uOBA&sai=AMfl-YSaxP_yvm7Z9WsA25_0eJkLbozuOytvBGScfOeG0v8MufgFnLFOghYduy0Uk2MLhhK6Fms4nIml8LP_lCAfz--7E4OozIKS3yA&sig=Cg0ArKJSzIXr9Qu3kDJ8EAE&cid=CAASF-RojAuw2MEFBlCfRQsCZMNC_n2J5V_8&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220921&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=727071374&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1663904124522&rpt=770&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 03:35:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reurl.cc/	1970-01-20 15:47:44	Name: _ga Value: GA1.2.1137796233.1663904120
.reurl.cc/	1970-01-20 06:13:10	Name: _gid Value: GA1.2.1232033890.1663904120
.reurl.cc/	1970-01-20 06:11:44	Name: _gat Value: 1
.reurl.cc/	1970-01-20 08:21:20	Name: _fbp Value: fb.1.1663904120521.1976832040
reurl.cc/	1970-01-20 06:54:56	Name: CFFPCKUUID Value: 5425-iMNI8jUHJMvG9XaBYDBcw42qRU1b3dbs
.reurl.cc/	1970-01-20 06:54:56	Name: CFFPCKUUIDMAIN Value: 9439-fsO3KAn1wJJmqAXYszTktgkwDxHqJBmV
.prnasia.com/	1970-01-20 06:11:45	Name: __cf_bm Value: kvgvwfo5KZVBxea.D7gt74ibc8qvr7RXM4SQmlNGvbA-1663904120-0-AScHjPhxZnGQoP3v4KgYFVFmDjBTtn39UKnYeAsKU/1Z2eWKInqwZUUsY16YOAfA/os0tZsmE8xSjt9vnxkBSQk=
.holmesmind.com/	1970-01-20 15:47:44	Name: P Value: 112122-yrxS2ufahxhbOXz85IRIA3hajYw879b6
.holmesmind.com/	1970-01-20 06:32:51	Name: Vision Value: 20220923-23:59,20220923-14,20220923-14,20220923-23:59
.holmesmind.com/	1970-01-20 06:32:51	Name: C Value: null
.holmesmind.com/	1970-01-20 08:36:41	Name: RK Value: null
.c.appier.net/	1970-01-20 14:57:20	Name: _auid Value: 42VGigHNAq6NF8treSktYw
.criteo.com/	1970-01-20 15:33:20	Name: uid Value: a8e90329-d7ce-4e76-a2c0-f828ffb457a4
.reurl.cc/	1970-01-20 06:13:10	Name: _ht_a546ca Value: 1
.reurl.cc/	1970-01-20 06:13:10	Name: _ht_50ef57 Value: 1
.hinet.net/	1970-01-20 15:47:44	Name: uuid Value: 93ae0327-e03a-44fa-b5b1-25af2af5fb0d
.reurl.cc/	1970-01-20 06:11:47	Name: _ht_em Value: 1
.doubleclick.net/	1970-01-20 15:33:20	Name: IDE Value: AHWqTUnZ_B-nL--CXBDVRiqZsw4pOtbisActCZACOBRuxRmNH2LiCvvMNvnl0GRbIXs
.holmesmind.com/	1970-01-20 06:13:10	Name: fcm Value: 1
.reurl.cc/	1970-01-20 15:33:20	Name: cto_bundle Value: QYaX8F9hU29sTCUyRnhBcmJRYlZ0SENpdnBhQjV3VGtsdDRXMmNxY0NkN0l2STkzSUl3UjBLazBHRktBY2NyTVlIZjUyY0E1aHQlMkJ2NW93ZkdYZ1UlMkJTOWUzaEp5S3hsWGxiUXFjNmxpRENwN0k4aXklMkJmS3NNZnNNUCUyQlJ2ZTlVeVdRbDJQREVzQnclMkZSbXNlU3ZZeXZiJTJCeGRFMXM2dyUzRCUzRA
.reurl.cc/	1970-01-20 06:13:10	Name: _ht_hi Value: 1
.scupio.com/	1970-01-20 06:21:48	Name: fxc Value: 1
.scupio.com/	1970-01-20 14:57:20	Name: OrgKeyValue Value: CVA20220923113522532126
.scupio.com/	1970-01-20 14:57:20	Name: gx Value: H4sIAPqZLWMA%2fxNmYGDg4uZ4tv%2fG7avH%2b6wFWIVYOOwFmAAMTh%2bZFwAAAA%3d%3d
.reurl.cc/	1970-01-20 14:57:20	Name: __htid Value: 93ae0327-e03a-44fa-b5b1-25af2af5fb0d
.holmesmind.com/	1970-01-20 06:32:51	Name: R Value: null
.holmesmind.com/	1970-01-20 08:36:41	Name: G Value: we3u7ZGJymKY5J47cKd8kQ==
.holmesmind.com/	1970-01-20 15:47:44	Name: d Value: /jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
.aralego.com/	1970-01-20 14:57:20	Name: sspid Value: fe9655d5-7ed8-358f-b5e6-6b6561b8cc96
.yahoo.com/	1970-01-20 14:57:41	Name: A3 Value: d=AQABBHspLWMCEOJIlkUlkDP7oJcE3U4-YEwFEgEBAQF6LmM3YwAAAAAA_eMAAA&S=AQAAAghVFCp92hAheqf77Fb3x-A
.scupio.com/	1970-01-20 06:21:48	Name: gxc Value: 1
.aralego.com/	1970-01-20 14:57:20	Name: euconsent-v2 Value:
.aralego.com/	1970-01-20 14:57:20	Name: gdpr Value: 1
.reurl.cc/	1970-01-20 15:33:20	Name: __gads Value: ID=ae10a93ae2697ebd-22e0c1552bce00f1:T=1663904124:RT=1663904124:S=ALNI_Mat4tsZlSt6DxCTez2pk4HvgGXF9w
.doubleclick.net/	1970-01-20 06:11:47	Name: DSID Value: NO_DATA
.ctnsnet.com/	1970-01-20 14:57:20	Name: cid_47af54b3d81641b98842633f22d499be Value: 1
.ctnsnet.com/	1970-01-20 14:57:20	Name: gid_CAESEE_RC8FCmRENiCiC8k8A1yo Value: 1
.analytics.yahoo.com/	1970-01-20 14:57:20	Name: IDSYNC Value: 18yx~27bf
.adform.net/	1970-01-20 06:54:56	Name: C Value: 1
.360yield.com/	1970-01-20 08:21:20	Name: tuuid Value: c337ae68-d833-4879-be7e-22ae87ce7ba2
.360yield.com/	1970-01-20 08:21:20	Name: tuuid_lu Value: 1663904125
.adform.net/	1970-01-20 07:38:08	Name: uid Value: 3127778875223427048

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124380&bpp=11&bdt=493&idt=159&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=1&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=1066432199&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=2507708330&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=1086572808427863&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ndgrug4yih8f&fsb=1&dtd=174 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/1838989884782542848/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&lmt=1663904124&url=https%3A%2F%2Freurl.cc%2FO4ooex&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1663904124380&bpp=11&bdt=493&idt=159&shv=r20220921&mjsv=m202209080101&ptt=5&saldr=sa&correlator=6297196212237&frm=23&ife=1&pv=1&ga_vid=1137796233.1663904120&ga_sid=1663904125&ga_hid=1066432199&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=675&ady=766&biw=1600&bih=1200&isw=300&ish=250&ifk=2507708330&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=1086572808427863&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ndgrug4yih8f&fsb=1&dtd=174 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/1838989884782542848/index.html".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3514a2a4-7d1c-4fa3-8bf4-9dda4562a069.t.ssp.hinet.net
93ae0327-e03a-44fa-b5b1-25af2af5fb0d.t.ssp.hinet.net
ad.holmesmind.com
ad.sitemaji.com
ad2.apx.appier.net
adcdn.holmesmind.com
ads.aralego.com
ads.yap.yahoo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
bidder.criteo.com
blog.alphaloan.co
bw.scupio.com
c.holmesmind.com
c1.adform.net
c6d85ec7a9819dbe89b337da69213853.safeframe.googlesyndication.com
ccm.holmesmind.com
cdn.aralego.net
cdn.holmesmind.com
cdn.jsdelivr.net
cm.g.doubleclick.net
connect.facebook.net
creditcards.com.tw
dc75fe7fed10655da611c60bb6d65efc.safeframe.googlesyndication.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
eus.rubiconproject.com
fcm.holmesmind.com
fonts.googleapis.com
fonts.gstatic.com
fp.holmesmind.com
gcm.ctnsnet.com
geo.yahoo.com
gocm.c.appier.net
googleads.g.doubleclick.net
gum.criteo.com
hb.aralego.com
i0.wp.com
img.gbyhn.com.tw
img.racingcharger.tw
img.scupio.com
m.holmesmind.com
match.360yield.com
match.adsrvr.org
mma.prnasia.com
mug.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-apac.rubiconproject.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-asia.creativecdn.com
prebid.scupio.com
rec.scupio.com
reurl.cc
rtb.openx.net
s.yimg.com
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
static.criteo.net
static.wixstatic.com
static.xx.fbcdn.net
stats.g.doubleclick.net
storage.re-news.tw
sync.aralego.com
t.ssp.hinet.net
token.rubiconproject.com
tpc.googlesyndication.com
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
103.132.192.30
13.32.99.117
162.210.196.208
172.104.105.5
172.217.18.2
178.250.2.131
178.250.2.146
192.0.77.2
192.0.78.236
192.0.78.244
203.75.214.136
210.59.219.175
210.59.219.180
210.59.219.181
212.82.100.146
23.205.235.133
23.75.240.210
2600:9000:2250:2400:0:e06c:e940:93a1
2600:9000:2250:ec00:3:1794:2540:93a1
2606:4700:20::681a:567
2606:4700::6810:5514
2606:4700::6810:fc04
2a00:1288:110:c204::b000
2a00:1288:80:807::2
2a00:1450:4001:801::200e
2a00:1450:4001:802::2001
2a00:1450:4001:803::200a
2a00:1450:4001:803::200e
2a00:1450:4001:806::2004
2a00:1450:4001:808::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2003
2a00:1450:4001:811::2003
2a00:1450:4001:811::200a
2a00:1450:4001:811::200e
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:830::2003
2a00:1450:400c:c1b::9a
2a02:2638::1c
2a02:2638::3
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:d018:d29:3602:2324:aae3:7705:2809
2a06:98c1:3120::3
2a06:98c1:3121::3
3.126.56.137
34.102.176.152
34.117.219.39
34.95.67.231
34.96.119.68
35.185.130.121
35.186.193.173
35.186.215.140
35.186.253.211
35.201.76.93
35.227.249.156
35.244.196.223
35.71.131.137
35.79.29.97
37.157.4.41
52.68.234.1
54.171.147.13
69.173.144.165
69.173.158.64
04965fb3a6380db0aad21acd082a7cd8b77c4adccff9c558f6a46b4c5a859770
05be585d250440d34ad53882f03f099e50da1dce55442d95b19b6bcfcb6da29d
0b252678c3f21354e3bdf42c723e9747f7f1c3ef7c6783eee4752a6025a37d27
0b7c985fafda17e8085fb6ba1cc58444ae9aad39a3f721a627db9e64d4491cea
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0db63be1686a409fc42adabfc1030b16c1b3f844c79eb2bc0f649f9db70e19d1
10424c7d91296c77e67e6a2dbff741e3b678c7cf1d66d5db76aadd3e4c382bf7
10631b2d8f19f197062e3f4335ccc6bbf67335aed0ec97dd1254cc8d18c6adf5
1219d714e27f186eb7bbf428f0553a2a5a32fd30e6321b10af81582c66fa173d
157fa3a9366b79892c34b7912202638d9b884917d576075951340fad0b4c8e55
163f66292859cafd647057baaa7badeae1f4ab965ab8def9b0712cf1877f446d
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
17ebccf9b7e04e25cf9705ec87262b84edfd1022ca941bc6840ff5d696c39ca4
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced
1d1b60d1afa25cabf5c284c655e904b403cc152bebdbd57a2ff1606e6c99ea7d
204b096d37249d9125a8b3450e44a31773cb148dba50c88d1fd26a0b914216ce
21174ca46d83f71c3a4b7497e22397582aa8ec3a5a9e082dff22ea44b9184d4f
22d4fe7a41e1b5ac442faeccace387a6e59c4f056bc35b71f1b65cf42e7a6721
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
28bf646c6e799ca96adb3a5b48fe882639d31e27102cad9ed2979555da55944a
2cc43aa7b596cf9914e3b6455656662ee62f89256c0b5d9ee71c9b55d9bddc8f
2d94763fa567bd38d52e06efd09bd83224872b2a5e41786d1ad6359ac4e58aa6
2ead7c6d94263deb0d16d481486b6bc8473db182344fa6da5739407a0c43570e
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
34f9f3cbb4a43972771a70908f8f6602bbe01be8f436502173d5342417bd923b
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6
37f7cb504e24d04c0a0ad415ed8612013957406bceb5dc53e21ce7480ecbe46d
39d8676f59e182c6afdb830ea010d2a399a3b2c7c9b230a0ca23e8f2cc117d5e
3a685111f5d5e2857fff5e252c2e677a3dab034b3c498e6454d13bb676632593
3d193c401080a0bcf073ee92a0a34729fd356ad2d22b08fc8f5bf5d9e6f4f95e
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
48442398798a84e51c866bdd646ff1498edef901b08ddbb68fec7ea4193ff027
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
49516259cbd44db6174106d6322f42139333f8a6e9ca7010ce41b131cb749731
4ab817e84ed6ba6394292dc5d7f7b7cf065b50460889a578a06372e63f7df6d8
4ce81ecccefb27ce0f347ef564114da2ba450a9e1d9a7260b4597e62b1f71a72
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ec6d307cc6c7937991890283c1f3bba7e1ffbd553dbd12bf5532890a695bf9b
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50cbe456c176465e91377430ce4222940cd268b3dc046342e7bc5d1dc5d15de2
522ab2e374ffaa11a71bdaa3d97f1d6484213ef7716cc7d7d1464c799fa38bf9
52bb2d07b65ec544edeb2a33f4103397a28f036f0d100090f3e17e4364aea1fb
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56fb18913b2eddfa3bf80ae8c50be2d955e7337d963db5463622fd71d1312e23
5c4e555f2cdb1d2c4bc4bd48cf25afb9944c1faed58be0725a8222e9fe2dd67e
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5f581613c740a972002493f36081b57af98a599976986a9d11c2b7aacf55500c
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
69d58ade10b98e22f0a6f8fae9087513cbf0126675613d43f559352486526fd8
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d39947f81609bc56e0e45a4118b32af2616e16d170f830bd31dc48917c7f3cb
6eac9ad9a449ab03088fcd5eb641c72c48c02316458cc95de984b0f25c88ccc7
738d8b3dfe4ba27baa9f9542869e0c475d22a3f139d30bc22a93171379085261
7484befc556b76b2da474fc9af0f8ac34a97d18a5ef62b9f7c4ea79e47bd29ba
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d
7684143ee568b9ce13d69133030aa4077efd37eb289bac09d70ba9364f2ae93e
76ff9a0d9cc38ee7fdee5c17ee3ace0e0921d93e209581589e4620100e206aee
7a9ff1ed95388b22fd62f8ee961e5d202454edd764f882b622c5ebb104aacef1
7ae2f5b5d641c02de5d3222990df1b555a4a41f06b0eedac42b7f5e984454769
7bc846cd5c4cbed4fcab1bfd3148df0f6603635aca433e73017708cdabe6b8f3
7c6546fd64ad184e7e5360365a73029205ef66657afe67a089b7807837128d6c
7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319
8290d97b04510b940ddca9f2aea802eaafb36fc7a8f52e4466ed2b77db35c632
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e
844bfb2ff3311ad9b5611b51d8c72e0c483a8ceafe7c625a5c321637f9277399
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85c6051e1ac751f0e6bd78d155846cc317ed69648317b9231f3ba0289beff9c1
86453ecc16f6b785226ee9203819ea6bc46dc79171c51ed9605e3e2662281704
86b6827f8f436695b0aa72540be090b138990c37693485e88ce229b116d4b3d1
8842d55c7ed6bddca9f29e54a22750272dadb786cb8f6bc7b1e3e337510b2621
8a8c742162d4336f7579cc2113eeb132065b6875c822c0f6190c8fde9d04adfb
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e60e804c9c14c11076198850df44de292a1bdb419b06f55657e4ff050755cd0
8f8bf2a688c1cfbc20304f5b9e6ea42ebdb5b5466c59343b5886aea2d7347047
8fd0e8586fd46418904197eae706ec25e21e549fab9cadc9fa89c0354403ff79
90277255b3f8c5538bc6faa583614a10086f37f699ea5b6b4b1a3895e3f1ad3e
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
9106df425157d837db9798b2b26f25f27f9a4e803f2fb0b2851c88492bec14fd
97a8ac3778e546a6f181085011be6050889e44dd212ac3e9782389f0b853c23d
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
98785a5a77a5132b629c675fa59bbf01c2ffcfcbdaae65af59c6ed8a47f51469
99b0a389e99b85e6d35fe13231e4d9ec60b014ffa616ea0afb1bdb32c7da8c1d
99ec1b27528b2883154fd166e11c3fa740d28609937a1a0287d95674ea99c2bc
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e0156dd49c03744e79bbea60eebbbb94b5811c1b71b91f5fb38a8270dedfbaf
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a19902458ab4a5513642a87b381b9183a2fc725849b581fd953e22d824d1c5a7
a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628
a358d6c6fa1b9a62b51ad00d510a2ef477b4516ae81251a5466ebe27522921fb
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7cac69ff4c7b905552b1915305ba548a87acdf6205efe6e5bd1eef0d4700793
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b01522c537d24186bf68464ed03141b13ffb0158c9f3ff352f06527bd9fee689
b110565ed138515c44d822bcea94f7f7ee78433a4259ef6dbccc94cd5fdfd448
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4f1fbe0146f2a085aea307c95961206534f52817dcfaf81686364842d59a642
b64c070e33c73628d39ab223f17487bc8efb2944794231186aeef2c3e32f5288
b73e6cb22f3ae22bcbe36217e226c082f813a2a8a7961644093d849bcbd30294
b8b96e3b461d44bd76d9458dca5ed5af89f46a940d9055792a0eefcdc2700366
bebac62c953edf0d0ce8dced28607c288ca4e8edc7e52b2703bb45f8014bca3b
bec548a74f8e11fb02707e5ff945d2ab83f38009967a20f8a75159eee8803b71
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
c205a09e62e3ff35d3b96f04cc0622a3712248541c3c30589fa643762bc3e71b
c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b
c7748101fe9215a0b58c31df76753bc6c18228f6ffae946569d9a87e6c681a2d
c898fb5a5d04526b7f0d2d921fa5ed1e306cc7ef781b09a570262e4961baff2b
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36
cc79a44128ad97409f2308a9532c7ee6c55b12159db83dff0de12897347b5d35
ce1e17725c0565bbdb0d7342bd669fea135d89a610c5f1c9ae7d0eed5e118267
cf54f4d1637c6abe4cde4a759e38dfef433e152e192b7a964c8aa01c22bfab68
d485f54c3ae5920cd21c8d180458c50f092554777b97f9c52ac6f76359838a05
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
d7099a14f3f898a18e5c46b0b39e186ac83724b47884a1b5a955b820ea5a57f1
d7fc505653c3573f9bccca93a33e2ed14bd8b4586bdeca9180225dab01f1bbbe
d862ec0d2b72e9f1575615db28f4196cbf0f586adb2208c605c691d6e06ee6ed
dabfee6539494fba7ce5b81e70f27ce2828baf134dccb06322835ee495b618c5
db74fdebdd9b3681871598bfca8c3fbc7dcf3eaccc20224f709d6e749156affd
dc9972f08da8f70945b59ccf5f64b27ae0f58f12791bad357a68f3ee677dcbef
df7b60bbb1944b990c04bd69768333a3b6d349a6e37bde5094685975d561ccfe
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
e06996d9eff7b6a6fe44e35248366b91be97cc7021a7e34bd00fa11c3e587704
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32
e327c4cf3b80e5e5bdea164926c57b871c1b240212065782d28cb22dd60fa51b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d86dd4ed25f13b326460d2e1d6470bf6e4f4b1b89c416f88b970d3514e7e60
e570f8141d41df3abad708fc1004b9cf7bdb8ad8e21272fe4e98c9e4a1f5210e
e573518fbed144a6b064ee8e9d074c4ab6e9a9d9b6b27ba8a608374f27bcffaa
e6480171803c66741b9d13c44e06e9817bb8f51479574044d5226cb2dc28a897
e78c5380563a8a078ca08254718d91472579bdcd61e6b34b1dfacb0f786ed213
ed28a970608c9299e088c1c40ab0744f8d4e18aac61842533333c84a59cd59bd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef34494b96ed43e92bfaa6b8c2dd7c5f3e5ae486c1b5ff9dcc9da1cbca0baddb
f1553bfa4506608f7ba25955a8cfdd2abe7dac78a7057d4c279adb7b2b16f76c
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
f56bb7d57f95112338405d6b896e13b625841f4820c946feda73beee41abbbf4
f58f311463b372d3bc2e609c0b082c327576c2294712de1abab4be0189d2d370
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f670c1ad9fafff4387b4474fda0e68b090c975ddc416cf9f2aa64f50e1a4077c
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f7a8e9ba173126956cea416f7d8039002d47e39abd29f782ac164884ed216c5e
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
fce675e54510ef38053ec54e318b086058b3d1c9083f3b1f00c21ae86035e6c6
fdfa393e5fb39c4ab607d817e8d0b5fe3573a4a2e3e8554131fbade8d615bcbf
ffecb68daf9ac9e584116efe781dac3ce40ceea4c6929814550da2e7958a6e8e

reurl.cc Open in urlscan Pro 35.185.130.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

358 Requests

91 %HTTPS

46 %IPv6

40 Domains

78 Subdomains

61 IPs

10 Countries

4080 kBTransfer

7594 kBSize

42 Cookies

18 Outgoing links

Redirected requests

358 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Screenshot
Live screenshot

Full Image

358
Requests

91 %
HTTPS

46 %
IPv6

40
Domains

78
Subdomains

61
IPs

10
Countries

4080 kB
Transfer

7594 kB
Size

42
Cookies

358 HTTP transactions
6 data transactions