reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reurl.cc/X4Rxn0
Submission Tags: falconsandbox
Submission: On February 14 via api (February 14th 2022, 10:39:20 am UTC) from US — Scanned from DE

Summary HTTP 119 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 28 IPs in 5 countries across 22 domains to perform 119 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 230807.
TLS certificate: Issued by R3 on January 24th 2022. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 7	35.185.130.121 35.185.130.121	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	35.185.136.122 35.185.136.122	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
5	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
6 8	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
4 8	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 5	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	52.51.212.11 52.51.212.11	16509 (AMAZON-02) (AMAZON-02)
15	2a00:1450:400... 2a00:1450:4001:829::2006	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.78.135 192.0.78.135	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700:303... 2606:4700:3032::6815:43a6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.176.152 34.102.176.152	15169 (GOOGLE) (GOOGLE)
2	2600:9000:224... 2600:9000:224a:aa00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
119	28

7 35.185.130.121 (Taipei, Taiwan) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 121.130.185.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.185.136.122 (Taipei, Taiwan)

ASN15169 (GOOGLE, US)
PTR: 122.136.185.35.bc.googleusercontent.com

re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.184.226 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.172.45 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.212.11 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-212-11.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:829::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.135 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::6815:43a6 (United States)

ASN13335 (CLOUDFLARENET, US)

img.racingcharger.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.176.152 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 152.176.102.34.bc.googleusercontent.com

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:224a:aa00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: nyidt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 tpc.googlesyndication.com — Cisco Umbrella Rank: 120	395 KB
22	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 stats.g.doubleclick.net — Cisco Umbrella Rank: 67 cm.g.doubleclick.net — Cisco Umbrella Rank: 175 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	136 KB
15	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	657 KB
11	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 671 static.adsafeprotected.com — Cisco Umbrella Rank: 502 dt.adsafeprotected.com — Cisco Umbrella Rank: 465	101 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488	7 KB
7	reurl.cc 1 redirects reurl.cc — Cisco Umbrella Rank: 230807	6 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	5 KB
4	google.com adservice.google.com — Cisco Umbrella Rank: 59 www.google.com — Cisco Umbrella Rank: 2	2 KB
3	gstatic.com www.gstatic.com	13 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	113 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 9027 www.google.de — Cisco Umbrella Rank: 6342	1 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	14 KB
2	re-news.tw re-news.tw	27 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	38 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 401	56 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 5192	386 KB
1	racingcharger.tw img.racingcharger.tw	118 KB
1	creditcards.com.tw creditcards.com.tw	50 KB
1	gbyhn.com.tw img.gbyhn.com.tw	571 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 741	641 B
119	22

	Domain	Requested by
20	pagead2.googlesyndication.com	reurl.cc pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
16	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com reurl.cc pagead2.googlesyndication.com
15	s0.2mdn.net	reurl.cc s0.2mdn.net googleads.g.doubleclick.net
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net reurl.cc
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	dt.adsafeprotected.com	googleads.g.doubleclick.net reurl.cc
7	reurl.cc	1 redirects reurl.cc
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	reurl.cc
3	www.gstatic.com	googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net reurl.cc
3	www.facebook.com	reurl.cc www.facebook.com
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	fw.adsafeprotected.com	1 redirects reurl.cc
2	www.google.com	reurl.cc tpc.googlesyndication.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	re-news.tw	reurl.cc
2	connect.facebook.net	reurl.cc connect.facebook.net
2	www.google-analytics.com	reurl.cc www.google-analytics.com
2	cdn.jsdelivr.net	reurl.cc
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	static.wixstatic.com	reurl.cc
1	img.racingcharger.tw	reurl.cc
1	creditcards.com.tw	reurl.cc
1	img.gbyhn.com.tw	reurl.cc
1	www.google.de	reurl.cc
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
119	30

This site contains links to these domains. Also see Links.

Domain
secuirutmaicu.dnsrd.com
imgus.cc
re-news.tw
youtils.cc
stockinfo.tw

Subject Issuer	Validity	Valid
reurl.cc R3	`2022-01-24` - `2022-04-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-11-23` - `2022-02-21`	3 months	crt.sh
re-news.tw R3	`2022-01-20` - `2022-04-20`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.gbyhn.com.tw E1	`2022-02-08` - `2022-05-09`	3 months	crt.sh
tls.automattic.com R3	`2022-01-14` - `2022-04-14`	3 months	crt.sh
*.wixstatic.com Sectigo RSA Domain Validation Secure Server CA	`2021-11-27` - `2022-05-26`	6 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh

This page contains 19 frames:

Primary Page: https://reurl.cc/X4Rxn0
Frame ID: 7693B293C72877DD5567776B6CB6AEF6
Requests: 33 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: BA4F9A6DB64F5A72593BD00BB352D569
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20190131/zrt_lookup.html
Frame ID: 5EF7E18FBEDF869F98DB0A7865ABE6E5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98
Frame ID: A5069B18D425738EA5C03069617709DA
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&adk=1812271804&adf=3025194257&lmt=1644835156&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156029&bpp=1&bdt=397&idt=91&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=6665813709914&frm=20&pv=1&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=95
Frame ID: F3A588B46A4C30452BB8C8B90CE4A132
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIY2dqVwAEwAQ&v=APEucNVsX0LmeYA7Rq1cFUeIhflHY1tobEvN1bkPbr8F-5P9x_RxO5KhPymgIdm9KmLCRaImr2dzrxDzL_6c3B39Xqf1OTNfTB3XbvS0GJDwW0Hqf9_7fvpUymVX4ptwlmkARynK3eFXbOQXDBbfjY5-DZEzasipBTNBh2sSFsi_YNW8wASNvXY
Frame ID: 4995C919723048BA69DEDD1734F7DD4D
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5226CB08532399B60772E63467A07C0E
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11970038483466294934/fiatpro_728x90_eval_102021.html
Frame ID: 9937C32D4E8714AE659BEA36A132724C
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Frame ID: 848006EA687B120F15B8B759F10DB988
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Frame ID: D3B681DD4C0060DED8E4E6B67CBC8584
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 5FBAA7996AB7FA912B6F8E5E5FCAB034
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzEWhDxmu4BGLjrwb4BMAE&v=APEucNUSDFx-AbSXGQo9jczyihQql6BkmT83Jcw5CdUcTAkvZz_ldMVOAZmQ-yQ_BEs6PK0xGsoca9bC9jep6HubZ20BjJSRrT2_Zzdnp7Xydwk07bw4dEzz25baY9jYMlodu9YWFC2nKN0kwc8uLEliFRqvh_Z4dQGcF0mqt_Di2K-yiiAhkx8
Frame ID: 7AD920ED25468E49A632719331A0D1A5
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CiKpQbmhbAuEy78Z6Iy0TxOnkqZ10LpBiMUseKpsfPjQ0CH8jV0xeEIYyVZLxwpjAunkOqsFFMG026gY9B7Ik6mhYUCKG7uHyZm8XAbWzVZfzdnNVzVz0tzBTYHib0gD_4v5jysvRdTIhNYQ-Wr0SlzoJ9bg&dbm_d=AKAmf-ArwzrumWIZCPiJAdenvZ4k_sZkQKOuF-1-aRLftvsg5YSHV6Q_v_3DBJ31h0SRQSzCkvF2oTkJ3h67i_VT7UqOxg2ujsLWSkSlGvvMbYEXc_Grh_pukEUdRaq9d9A1_-orngI91fInTF_3SLQCdbVAPc0xJ3WFEqeVVSuSDWQ8N_yUNu9Y3oMwn-sbtlHwOnWTF6Q3_7KddFu0JwTtZveLTNBzd4mEDs6X5cOfRJMEpv0SItYaWMfN3V6INI4scl3b3DY9H4E_z-SqUZKS8zEipfWVta5sGfJ1KgH_l5fEiY1xYLPEmCtJhFYPiL9OrxZym6jyAFZIJRqRLSy26N70YiQMGoeZUjr3dNscZTWmXlPrwbnS2B1aZPbWJZ54GjOFeT46bJtF3AVLdW2X-TqV1PGBUsqBN-zYij7vGmQTwuGNz1gyYrV5L-nbVhCNgdiSsl4Hmd5XYv3rhwJrRjfkbO0r-Hu4MvQ_icinrpF6jXaK67u7SdPqiXUwk5-DqM13adw1NeZFB4eBO4D5fVOCuKtJgEzIa0QPtOGbn7anHxbmz2wMs4ojIAEYRTtlS_aqUCzXDPmPUEw_ieLRI3fK6Em7w58vOgpLkO82ZMgdr_h_fCWJu6omZ9_qpge4zm1TwBIuu451iErPHcIsGOnNAhW57B_dLKBNbggCSY0C8VZKlUhnjMoI-nWKoiBZZnCjw7M-rYRchWsqVbeeQ8sJnFsicQgUvHSmJlZoQSRuoDuX1Es2NCFSWbDfanp3bVASFzQ7aDcypHxn3Xq1f8UsC9n2xWMLs7yqKpDUse_YzLp_90KDOEQ8AsGTC-5QOtQmSuuznHmXQcb9dKNKxWN9GYse8MllhYfrCin7Y2e5rSEZZLZGum34Xx2cRtA1DQ_qVE4NzOMhjgco0l-pgdqLZGJh7G3KWhqXXoPnIJALjSNb5skzLq57AM-Fy73l_Dp9V-zjHmOmdTcEcj3YH1MZKAdbo5QpgMJjd5affmT8dZ1H39mQNy2JahUfV2SDMd3lA_Dbwm0QntoY1FEm1JqX-Yuxwl5W747HglyhkT7H1Vjug3eNwEvpGAQAc9UKM8A0Gj-903UGMeZR0kcYkBcSm3hgPfi9AkPXDifEYXxeyjXaKR-e9NjY9jmZEI8M_qIJSEfKD1pL1l2fd3rEbhGO7-luH9nPOj9Rotceo7fz9GBaUkjQovfigUWvTdZgt4gSIAhrdqq3Q5uDJwa8K6AKxBn7-JVhA7FbbBTy5rljnWzzB0ReAX2Tvoceda1uKUclUK_YHqSy69q-T1pul4BHUJA0h9nwwO8-PlDFMMGuPjLmr8i2VuaK1pxgLGkRVDG1nSH4yrj_OCyYyxm17NA5DGvmqmI2y0eApIxwpRoMPuiP8zOWgvC-HXFIg8W4yalFdV0ISYGuLX0TX0x0OQeTyjAVUrVvKlw6w8sKf_-K2dOhmUm8Gt9rEO9mqRKM9nTcL2Cqq3rqVVu0dK9mljqMFj4fL1Gb2WyOQNs4JgWRl4_z9GoTMqlkRP9DQZTXHc5t3Jyl3b2W3ITuc3tTqjS9htdAynoOxeZ_VB7SCfXs0T1IiJDEYJuZC2blRkwqKu_kR2hs_Wb6TmkvcKrTZ6m_ab_t_MgtHziRbY_cIOU-fq7LJe4KljeXMq4U2-XWW-_D0FOsXZ5YJpPEq9L5v7ye9qdat0E0Axl4k7662CZ5jFvu-bKFqVkjHD02PeEKUycbeaMQFNU5eTKgpYN1_J9lBWrz4rxImEuFx-khkAlHu5Z3CeD9XTbl1JaFYw9SMJUxG3UYKBA5z--gHPdmflJ1KrjmtL2Zez1UEK0Eb_P1i-qS8BsdXReWtixpAwBAkDTUoITYkFXdFFRWaTCYJQMj5_zsFJ80lTP9Wk-Z-2IB_fbJ3kgoss3Cz7--9DNIsH02nk-Prn3Edf_rFPXpunqChNeDuHgc6oqQzp1kNZ6rwSaqpImQiFuzRrRdjMBxuEozD_2gFTl-n-n-hVOJh8ickhbIQ-S7SkqJq-pcC93HYdMYsptWDLl69Q5JDHCBmwIPJfRNKEPU6c7ocEk4a776IXfhcyZtm-2qBU9q39lzUv8hgBs-ittUsIHDgB2JvsZ-JExn8bVVEuQJihJoAKQuzLZda7UKEANQt4o2u4F2CaU1bmj9-99oExKaQkRw2VM7m6GZmqF2scBcNa-6ssAPlmJ7Hw3jt3egrQBUkiApchJ0XjcbQuto42lxcVNungqMSPQcAuYHOogIKheGA_-ab5W14H8YatFWQ4VAjlAmy812U9f9gMIQmb0gCgehranGuvdUPRZzE1Nt3hYO5vKHJM7fKhSfNG6tz2IulRp3hR33vYpRLm0i3N8pls606BPbPby9bCA9CbwI6O6ENivp3JnL82xEVVtn7E2bU1l4q18AEyonZ4bxTAAsSiWTqRq0ynjW3MFnLMKBa9EKJ6sFfGaphRzjj8QUtFWFFqI8axy1PywLgyg5umFVRAuRVuzL_c9Q3ew87p8WVlqUOqW181kPnOSAmHUJjAEMtRCsxEz9KS61ZBzUJPgdhK99ARjn5mRrcsj7-kQBoS58qMPl643LkGklipIgj3K9SIxBKA_1PNOy5HIne5Uf93d6r3dhi9xU0nUUG-qRF-H6Ke75EUrSDn792FvG17LdTmznCGGoGnqMQRWEygCsBmoFYyty2B8YwPZhrcRegB2MTX3tsPUFcbPB8uyQL0898VXn0faUgvQo2Wi0vBzKi7scStG9hcTANNefP1UWiD4deKrRJVlTY1kr5Y89XBUPYdkXLUykyuTAGO_zgaLhK5jKO_CX1iQ2vzVe8fXDAc_L3smvHvit1gM8mLVk_RNmKJO5eiZOqunKXt_qM1yF4s1xs97OWQxIsPELo6sHndNWF5boP3Pe9LXj-wXjXCFiK5b1emYx3rc&cid=CAASBORokOc&rfl=2%2Chttps%253A%252F%252Freurl.cc%252F%240
Frame ID: 99BF63A1C560AA4D0C38A19E838A322D
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/load_preloaded_resource_fy2019.js
Frame ID: 8962C4EED55697D21C650D8E7DDC9799
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/3he9SSTPTzffGJDQBOTZcvp_zoO7E8v038ekVtZ_6Vg.js
Frame ID: DC03F3594F851E5E7F82FFB6ABCC1E99
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CE99F1ACC1253DF345A25ADAE784BEEA
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html
Frame ID: D6E1911A7A3DC37D2FCE69C96830704A
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 546DCDF99BCC0E22A69A91641F0675FD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A8146148EBA67AA833838BA9BB553459
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mountain America Credit Union in Utah & the West

Page URL History Show full URLs

https://reurl.cc/X4Rxn0/ HTTP 301
https://reurl.cc/X4Rxn0 Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

119
Requests

92 %
HTTPS

63 %
IPv6

22
Domains

30
Subdomains

28
IPs

5
Countries

2711 kB
Transfer

4778 kB
Size

14
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://secuirutmaicu.dnsrd.com/macu/macu.com
Title: 是，保持前往

Search URL Search Domain Scan URL

URL: https://imgus.cc/
Title: 離開此頁

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/31315

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/277082

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/22687

Search URL Search Domain Scan URL

URL: https://re-news.tw/alphaloan/undefined

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/61adadd3e904ad0016ffab57

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: 表情符號(emoji)

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: IP查詢

Search URL Search Domain Scan URL

URL: https://youtils.cc/big5gb
Title: 繁簡轉換

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QRCode

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: 身高/長度換算

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: 台股資訊網

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: 字數統計

Search URL Search Domain Scan URL

URL: https://youtils.cc/password/zh-Hants
Title: 密碼序號產生器

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: 日期計算機

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: 農曆轉國曆

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: UTM網址

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://reurl.cc/X4Rxn0/ HTTP 301
https://reurl.cc/X4Rxn0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8P_oNPAyublrWJzP7cbkk&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8P_oNPAyublrWJzP7cbkk&google_cver=1&C=1

Request Chain 33

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YgoxVPjbR-zI2rhDq.Pw1AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1&google_hm=2

Request Chain 34

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECHyro7kgO-aJ3Wo1Wj6BDE&google_cver=1

Request Chain 35

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE3NjQ3OTEzNjU4Mzk3ODAwMw%3D%3D

Request Chain 60

https://fw.adsafeprotected.com/rfw/st/901669/60420920/4.js?ias_dspID=3&ias_campId=15932658&ias_pubId=pub-2473403521176190&ias_chanId=1&ias_placementId=42708743&bidurl=https://reurl.cc/X4Rxn0&ias_dealId=&adContainerId=brand_safety_VDEKYuPMMpORjuwPy7WPmA0&cbFunctionName=goog_wrapCb_VDEKYuPMMpORjuwPy7WPmA0&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Freurl.cc%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2473403521176190%26output%3Dhtml%26h%3D90%26slotname%3D5826368511%26adk%3D2404911984%26adf%3D2369281301%26pi%3Dt.ma~as.5826368511%26w%3D728%26lmt%3D1644835156%26rafmt%3D12%26psa%3D0%26format%3D728x90%26url%3Dhttps%253A%252F%252Freurl.cc%252FX4Rxn0%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1644835156016%26bpp%3D3%26bdt%3D385%26idt%3D86%26shv%3Dr20220209%26mjsv%3Dm202202030101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D6665813709914%26frm%3D20%26pv%3D2%26ga_vid%3D2114483540.1644835156%26ga_sid%3D1644835156%26ga_hid%3D1789127845%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D436%26ady%3D389%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42531398%252C31062423%252C31064771%252C44756894%252C44758229%26oid%3D2%26pvsid%3D1146860076840336%26pem%3D299%26tmod%3D1167171467%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D256%26bc%3D31%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3Ddll3HNPs0G%26p%3Dhttps%253A%2F%2Freurl.cc%26dtd%3D98&adsafe_type=d&adsafe_jsinfo=,id:803749ea-2b99-5498-83ff-30f0515b3107,c:4bS4gy,sl:outOfView,em:true,fr:false,thd:1,mn:app06ie,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:4,fm:sXpuH2l+11%7C12%7C13*.901669-60420920%7C131%7C1321%7C133%7C14%7C15%7C16,idMap:13*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:22,oid:5bf65ddf-8d82-11ec-bf3b-0a55872b6571,v:19.8.285,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1

Request Chain 77

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YgoxVPjbR-zI2rhDq.Pw1AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1&google_hm=2

Request Chain 78

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOAdj3VsBvaeMps0fweY69E&google_cver=1

Request Chain 79

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE3NjQ3OTEzNjU4Mzk3ODAwMw%3D%3D

119 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request X4Rxn0 Show response
reurl.cc/
Redirect Chain

https://reurl.cc/X4Rxn0/
https://reurl.cc/X4Rxn0

7 KB
3 KB

266ms
266ms

Document
text/html

35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: dbc581dee67efe316b8b8d22e4564470c979dbcf32f65b4439fc7e806d3aed74

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx/1.18.0
date: Mon, 14 Feb 2022 10:39:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
target: https://secuirutmaicu.dnsrd.com/macu/macu.com
content-encoding: gzip

Redirect headers

server: nginx/1.18.0
date: Mon, 14 Feb 2022 10:39:15 GMT
content-type: text/html; charset=utf-8
content-length: 42
location: /X4Rxn0

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
24 KB 76ms
35ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 49360
x-jsd-version: 4.3.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19133-FRA, cache-mxp6922-MXP
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6dd5abeb1f6f59cb-MXP

GET
H2 200 style.css
reurl.cc/stylesheets/rwd/ 3 KB
1 KB 262ms
261ms Stylesheet
text/css 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/stylesheets/rwd/style.css?v=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: 90296978da322c8d9f6770768f22ace58468ea72e4a115b21541de6eb6d00bce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/X4Rxn0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:15 GMT
content-encoding: gzip
last-modified: Fri, 28 Jan 2022 08:50:54 GMT
server: nginx/1.18.0
etag: W/"61f3ae6e-d29"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
expires: Tue, 14 Feb 2023 10:39:15 GMT

GET
H2 200 ga.js Show response
reurl.cc/javascripts/ 384 B
492 B 263ms
261ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/ga.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: 0f339cf9e117cb1612e7079c0a02fcc2ef26d9ffc19c93d0370d10bf81bb714f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/X4Rxn0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:15 GMT
content-encoding: gzip
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
server: nginx/1.18.0
etag: W/"61100f5a-180"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 14 Feb 2023 10:39:15 GMT

GET
H2 200 pixel.js Show response
reurl.cc/javascripts/ 470 B
551 B 263ms
262ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: 6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/X4Rxn0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:15 GMT
content-encoding: gzip
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
server: nginx/1.18.0
etag: W/"61100f5a-1d6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 14 Feb 2023 10:39:15 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 152 KB
53 KB 68ms
47ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36f69faa3cbb30040e72ac3354367ded937084b50496c10609361f65856f5f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53615
x-xss-protection: 0
server: cafe
etag: 2868222688039867072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 14 Feb 2022 10:39:15 GMT

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 84 KB
32 KB 72ms
31ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 49333
x-jsd-version: 2.5.16
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19123-FRA, cache-mxp6940-MXP
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6dd5abeb1f7059cb-MXP

GET
H2 200 renews.js Show response
reurl.cc/javascripts/ 727 B
560 B 263ms
262ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: 2c61363e9fdfb0a5195aba270cda7a621d51fe6aaa2c45b1f38111d165863f47

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/X4Rxn0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:15 GMT
content-encoding: gzip
last-modified: Fri, 03 Dec 2021 16:41:36 GMT
server: nginx/1.18.0
etag: W/"61aa48c0-2d7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 14 Feb 2023 10:39:15 GMT

GET
H2 200 loading.js Show response
reurl.cc/javascripts/ 240 B
362 B 262ms
262ms Script
application/javascript 35.185.130.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/loading.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: 25355805f44af99037c6b951f9afd762f5fd74eb126aba4b2f82cafa563c0f90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/X4Rxn0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:15 GMT
content-encoding: gzip
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
server: nginx/1.18.0
etag: W/"61100f5a-f0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 14 Feb 2023 10:39:15 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/ga.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3861
date: Mon, 14 Feb 2022 09:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 14 Feb 2022 11:34:54 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 21ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/pixel.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26236
x-xss-protection: 0
pragma: public
x-fb-debug: 1n7v8TiIJBM3eJvOXULN+n95Rnb6UesU2r2WPDki7jSvsXu1J8iWoHQHcdtFFlzX0TqeRUgWWFQPllN4YjZi1w==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 14 Feb 2022 10:39:15 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 page.php Show response
www.facebook.com/plugins/ Frame BA4F 15 KB
9 KB 129ms
115ms Document
text/html 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

18ed8262b6d0f2ef8700a462d4e67ebc0e97cef7aebd5fba6566bdc853bdc53a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: DT0EUmjrRSCOypKrQ0Xke246vi/Ag/hdPtW+X55yA5NgIZOjE8F4UR3T1KRu5ppt+d8AcICZ7h11WtJhzKovBg==
date: Mon, 14 Feb 2022 10:39:16 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

GET
H2 200 feeds Show response
re-news.tw/ 4 KB
3 KB 1055ms
262ms XHR
text/html 35.185.136.122
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://re-news.tw/feeds
Requested by: Host: reurl.cc
URL: https://reurl.cc/javascripts/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.136.122 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 122.136.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 274892f0fb184c42092311f950da5209ce13a1075a24569aeae4ea10f6de0925

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: gzip
etag: W/"1112-gytKbuyAsruG4Tpva2pz/xQWflc"
server: nginx/1.18.0 (Ubuntu)
x-powered-by: Express
vary: Origin
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc

GET
H2 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 41 KB
11 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.52&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0befda268290526c1eee7a894d4b630bec436952b483109e89661b69f2923845

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 11261
x-xss-protection: 0
pragma: public
x-fb-debug: R/xd65q661TGahxTrTgDsmB9JPRxxs9lCWm81GjYJ3rRU6luZu8pRe0D+brahVe87rFFKP20zjLxxUdzFwbhtg==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 14 Feb 2022 10:39:15 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 28ms
14ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1789127845&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FX4Rxn0&ul=en-us&de=UTF-8&dt=Mountain%20America%20Credit%20Union%20in%20Utah%20%26%20the%20West&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=16681541&gjid=1015543469&cid=2114483540.1644835156&tid=UA-102456694-1&_gid=1181667001.1644835156&_r=1&_slc=1&z=693533160

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/ 289 KB
104 KB 51ms
37ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2473403521176190&plah=reurl.cc&bust=31064771

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7dca558b219d38f8feb7021e31466b26fccc157cbe9d94e9ac4f3ebd442617af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106377
x-xss-protection: 0
server: cafe
etag: 9157965172527817583
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 14 Feb 2022 10:39:16 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220209/r20190131/ Frame 5EF7 10 KB
5 KB 28ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220209/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4612
x-xss-protection: 0
date: Sun, 13 Feb 2022 23:18:13 GMT
expires: Sun, 27 Feb 2022 23:18:13 GMT
cache-control: public, max-age=1209600
age: 40863
etag: 18247940800414524076
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 6ms
6ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FX4Rxn0&rl=&if=false&ts=1644835156038&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=28&fbp=fb.1.1644835156037.2124376071&it=1644835155990&coo=false&exp=p1&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Mon, 14 Feb 2022 10:39:16 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
437 B 62ms
19ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102456694-1&cid=2114483540.1644835156&jid=16681541&gjid=1015543469&_gid=1181667001.1644835156&_u=IEBAAEAAAAAAAC~&z=216974177

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 14 Feb 2022 10:39:16 GMT
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 CTrbLzmYyuL.css
www.facebook.com/rsrc.php/v3/yn/l/0,cross/ Frame BA4F 21 KB
5 KB 15ms
7ms Stylesheet
text/css 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yn/l/0,cross/CTrbLzmYyuL.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

69f00feac75be895ae91d6640d8ef6b9c4458e26c1df034c6b448be424c838cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 16:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: /hnrDmwjB1Q9m95uwAow4g==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
content-length: 5229
x-fb-rlafr: 0
x-fb-debug: GeMisSBl3GMJOVOYdzkkklwaFgTt/QsqQm1rKzg4dOTtULpqki+XnfVLuJ3kij2HF2hQ6YEpEux2BoWrDqAaqQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 13 Feb 2023 16:32:46 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 212 B
641 B 42ms
15ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-2473403521176190

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2473403521176190&plah=reurl.cc&bust=31064771

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

46213a0adc56f9be456e4918e8d9e5f81e61736b47ae1befcc7d35ac3f491a58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 70ms
35ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 55ms
33ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A506 14 KB
7 KB 667ms
652ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d603d035c56b82d53625f5f04dfb7aad91e1c9f3fab5817d9e99214e66adf9fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 14 Feb 2022 10:39:16 GMT
server: cafe
content-length: 7431
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 14 Feb 2022 10:39:16 GMT
cache-control: private

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 55ms
33ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102456694-1&cid=2114483540.1644835156&jid=16681541&_u=IEBAAEAAAAAAAC~&z=1910075266

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 54ms
32ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102456694-1&cid=2114483540.1644835156&jid=16681541&_u=IEBAAEAAAAAAAC~&z=1910075266

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F3A5 166 KB
48 KB 815ms
810ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&adk=1812271804&adf=3025194257&lmt=1644835156&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156029&bpp=1&bdt=397&idt=91&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=6665813709914&frm=20&pv=1&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=95

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cfa14d3e84dcaa2f6be75f26fd62aa98b26560d80fa5500a1d9a34b63c6aaae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 14 Feb 2022 10:39:16 GMT
server: cafe
content-length: 49187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 14 Feb 2022 10:39:16 GMT
cache-control: private

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A506 42 B
63 B 40ms
40ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CosXZLD4ie1sSLCSzKxjFkDzm2QxUibbz2UoSFBEvqsa_-AEn6Py7b4qGmNSls8VjbQq67TxapUIe2GAUDL83ftVTCJ47Z7-ZQEx6T1vE8qb54h7M

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame A506 2 KB
1 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 473
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:31:23 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A506 124 KB
38 KB 28ms
22ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38562
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1644410386637351"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Feb 2022 10:39:16 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame A506 15 KB
7 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:21:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6367
x-xss-protection: 0
server: cafe
etag: 17798303060702513824
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:21:34 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4995 624 B
300 B 18ms
17ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIY2dqVwAEwAQ&v=APEucNVsX0LmeYA7Rq1cFUeIhflHY1tobEvN1bkPbr8F-5P9x_RxO5KhPymgIdm9KmLCRaImr2dzrxDzL_6c3B39Xqf1OTNfTB3XbvS0GJDwW0Hqf9_7fvpUymVX4ptwlmkARynK3eFXbOQXDBbfjY5-DZEzasipBTNBh2sSFsi_YNW8wASNvXY

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Feb 2022 10:39:16 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 14 Feb 2022 10:39:16 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A506 85 KB
33 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BKT6XKenR1wBLJy8Ip4C5llO7dVJNvZvZKFW_NSclMcLO3lMc43rgpY2VJjU5TEfEz9xkZJ1gn52EjQ_8SpEg2ycdvmbjKsFfx2yCDWsqIL483L7mCk2zzpg7NmQYCb_P1albw3TyIfILjc5euPh8tEc8uQQ&dbm_d=AKAmf-DdmU0mHZ-XxpWSeVQoqLIuiKInw0Nb4MoODCHh7sWmmjIDbU41ohzeuFpvxTCJ7m5AYpHdMtGMR6k2mSKGzzrqV7fxcJ6zBAwb7ouadM7jXv1PEBxOgZ7L7gep7AQpM271KsUB0mPoLVxmaT0AlNG_-Jo0fXhkJCiSInjqbhs3RMqA4VxcjkXTYlMMOtNuSVZbzABgrhekas-NefVhf-fLRyumf8lXi2DSwccx2DkdID7ISoVBtO6G06jD6IQfkTUHD6u_J8s_NX0p5tEtZPPcuVguc77AsLlcsrwQUXRFGzXj5FFHi7a9AW_ofebmAFopoz_GfXHBb7Ecwg3e_jr5fzcTyAm2VOZzDp6SHLIGebWk-U4jfGneaAwrXb2CmKM5oo2HE_1O7r6YkFrPYNOQlz2eKIwRgIKLoagam0-ayenj40lWJe6tu0nS2O9dcH9YL9AWsZKtMoyR6lVQOCU8tZXQq_rpmEXxuR9YttDuzDO54MaAsc6gEvk3edqIeZvQ6v0ssKVsYXUKmk5-Mnen3ODndVXDPz2pGYLWfxDPWQSx3iFhypPgBvAJdTmzHVpc7z7NoaQ3U2mJuIEA5PjWMKwl_IaFkjdXyxpbEUOQVDhef6reRHDWcBAPNS2m5Y2nQrQ4IPOYT0jkreWI_p9t42FDf23bvwwsO8OOiVPJwZN2GcY2KM49udettvDzfP7kvncyBc-J34Dznm55Rp-IXW3pEYHLIJNwnmHWn9bH9q-04rlGNFo0n-w7R-nardXXHpIF_ZBkHjjt307kaebW9ZciZZDBWHSl4RwvI1B2NQhlZDYMwYJ-PpuEoodpioRyLysvVMEOkSGc3o86_RlQQcmwIpKuE-WxXkMtG8l-8A7QKq5pIK1lW6ZqNuxxO8EZdX8MzmAnaQF2aI5qApLkfg8kfWMCxbHCk0X92NCiTiOR3zO1uhcyyWSsUacfRbbkU_guc6RGxLG9AM_R-yIvFmZu1wHbsYAcax7i3IYr9R0QKkY9LC0RZ2pW1RrQrwNIwaTueUFW2rUZmGYMMIp59USRTZV7HuAS9ZoOIFcC6sEcegvSVqVjYXp8WGfS6VcXWN6AAot3eXnJSasZ0wvBvWW1SrpM1uLzq-n1uNbz5wNen-Zabe8Fq-KRxCcicxzYIKcQOxw47BDaHsDO5ox5A7R109LDkull6wRSfzPDwv-HDa3yAaJ3kgtAG2rpqWwNXVoGm8fdov-BdO5G5f7uBagWewCtHNhY1SfWzc1mf8bE_KdkC83UKF_SxZKYh_YX73uk_RAVoZoIvqXO1agj7oCI_-p4PXSOgbiNDV38xaqJrpJqmjeCFuulfTF8sZe8Wk4308wPiN9bTlSjTYxoKOLm4GXfrdurd8ROqokusOqlNE-GxyIbX8MIOn5N3uRmxwB2gWIiPPEH3mrJOlx6B44peKmFTBlJwzwBYVz_xHMLN4DHd2hgBqRTBqTwBOI3uTQWXaEQGbnXgnf1JNk6ARmJioLdM1a0z3qM4_ScbZrt-m4obt8AhrzJPHWfmbzGOUQf9jReijQ8Y1Efpe8cX-QsUQ21VX4lGt0sxeTiOO8TiQdVcbiB1RNq6YTGJMvYZsVSs8x4vY1qP6cwg2kMRIVEzDfMA5GOt_ERL3W-5r8ux7_PgevzRKsw_EgR8VZW8H7HAveBXEawWS6KqyLhRZl8M7Y8aMO43yIDXHWdldAS-BKxp4FxEyFhNhgTSRNkX-KlGS2py5bvGk1yBipy-wQu91BjeQCK_DsXdMy99rfk1RP_rt8j2-dWukkA4hitYv7WSL2zLUIvYAPwYGYPSRDXKShR70XPEOsqgmhQhpXdscAE4-e3X1a3rlLy_5Dcf8Aj57ujMtYwZTeSYM34yUMY6fcsm-ZXK-NED9i1wd-K4XHLm80Xtov2X4k2cKEF3IB6vdYBmEFfAWOHkosagkNT_IQmPtVudmScPeddhxi2Jr37fXGYNPqAidD2uherZuxu1cI3CDtiVD-0NrqVvxfSooUwyYOrdppKtHavykuJxhGVD9dlGowDu6aWSvmloxLS8V7HyoFU304VGmT_pDrQ2MrJ0X1yJBINH1w8GD2cO0e06uaRq8Lat32DBna3KsCCH8_BAJB-r_LSkKTTBnoKczK3M4b9LJxrYdobWRQYA8Utx1k6_1HAaB4v3z-_YPVFKNjieP_joi6yRctcWdnT21nbIkjADEkHN_5KLZQ-YJoA5GCqgtUvsGSAWz02krVoF6aOisR5WgburOgamsRMtNzdBJ7xqG-27CgrfzIsbp-FsHwYiVkXQm30WRJe08Jqyc6TBISFmcv9FCo4pdwLvmMPim1lR2GCp-WVJZhHHDYVCSMMtvbmVC9EE0Xk5z_9S2KbLBE-i6UxfXBljx5bGYHvwO2IamyH5hNEBNiG_6L0E3u_ucJyklXG3nNtLAV2rqcU8RJRLWxuGy0nV5zVyRAjVhFvH2RYgMrkSIKDODYC6r__CuuTdKG0QJjDOsXq_X7BVU6qz7-gLRs1EYjnfKG9xo4Dt4WLZW_LvWHWspM5gfTKtTI4n0OMPZFOWqL6Ffs9TNJMi_p1QJ1f78G18NPMXLmvojIe2LppscL6GnA_udWTcDnl7YL-lrBGeidblVSzz06rrbn95Nt-SL5xrH1phcSMmExMKj2C87uaz9eE7UyvEqOmw_PieHLOtIgaN9SxG8ksxqeb8lEGQNFUb6CLSDYxJdLdAOM9_jmLCWlAPDUdN25QHdcpr8wrU2bsKLWNqGrAxS8-36NmZDVRRahYTJgeQKz6nktfyt2bv9W93IWZBwj2kwiaCPKiOM8JhkRrlodxj5w64oRO-WvZVsZDsh6HdWCeiFGhvHXmLzA&cid=CAASBORoXLo&rfl=1%2Chttps%253A%252F%252Freurl.cc%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d5df4c08cc664b1096a7a4529a430d5881e3403603cf9987dcedfedc2f498e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33799
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4995
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8P_oNPAyublrWJzP7cbkk&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8P_oNPAyublrWJzP7cbkk&google_cver=1&C=1

43 B
894 B

24ms
24ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8P_oNPAyublrWJzP7cbkk&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIY2dqVwAEwAQ&v=APEucNVsX0LmeYA7Rq1cFUeIhflHY1tobEvN1bkPbr8F-5P9x_RxO5KhPymgIdm9KmLCRaImr2dzrxDzL_6c3B39Xqf1OTNfTB3XbvS0GJDwW0Hqf9_7fvpUymVX4ptwlmkARynK3eFXbOQXDBbfjY5-DZEzasipBTNBh2sSFsi_YNW8wASNvXY
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:16 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Feb 2022 10:39:16 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8P_oNPAyublrWJzP7cbkk&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 14 Feb 2022 10:39:16 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4995
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YgoxVPjbR-zI2rhDq.Pw1AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1&google_hm=2

43 B
1014 B

43ms
42ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIY2dqVwAEwAQ&v=APEucNVsX0LmeYA7Rq1cFUeIhflHY1tobEvN1bkPbr8F-5P9x_RxO5KhPymgIdm9KmLCRaImr2dzrxDzL_6c3B39Xqf1OTNfTB3XbvS0GJDwW0Hqf9_7fvpUymVX4ptwlmkARynK3eFXbOQXDBbfjY5-DZEzasipBTNBh2sSFsi_YNW8wASNvXY
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Feb 2022 10:39:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:16 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 4995
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECHyro7kgO-aJ3Wo1Wj6BDE&google_cver=1

43 B
1002 B

10ms
9ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECHyro7kgO-aJ3Wo1Wj6BDE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIY2dqVwAEwAQ&v=APEucNVsX0LmeYA7Rq1cFUeIhflHY1tobEvN1bkPbr8F-5P9x_RxO5KhPymgIdm9KmLCRaImr2dzrxDzL_6c3B39Xqf1OTNfTB3XbvS0GJDwW0Hqf9_7fvpUymVX4ptwlmkARynK3eFXbOQXDBbfjY5-DZEzasipBTNBh2sSFsi_YNW8wASNvXY

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:16 GMT
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: a15f6599-8c3a-4630-873f-3af0db73e594
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:16 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECHyro7kgO-aJ3Wo1Wj6BDE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4995
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE3NjQ3OTEzNjU4Mzk3ODAwMw%3D%3D

170 B
188 B

52ms
35ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE3NjQ3OTEzNjU4Mzk3ODAwMw%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:16 GMT
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: de9887af-0219-480d-9cf0-d2adaaf02f6c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE3NjQ3OTEzNjU4Mzk3ODAwMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/901669/60420920/ Frame A506 231 KB
76 KB 121ms
35ms Script
application/javascript 52.51.212.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/901669/60420920/skeleton.js?ias_dspID=3&ias_campId=15932658&ias_pubId=pub-2473403521176190&ias_chanId=1&ias_placementId=42708743&bidurl=https://reurl.cc/X4Rxn0&ias_dealId=
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.212.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-212-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b02a00d94c31613ccbcade7ddb4887b8d311e1f3b92a1b14ce8cca110931708d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: gzip
x-server-name: app06.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame A506 106 KB
38 KB 42ms
7ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 14:19:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73180
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Feb 2022 14:19:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/ Frame A506 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BKT6XKenR1wBLJy8Ip4C5llO7dVJNvZvZKFW_NSclMcLO3lMc43rgpY2VJjU5TEfEz9xkZJ1gn52EjQ_8SpEg2ycdvmbjKsFfx2yCDWsqIL483L7mCk2zzpg7NmQYCb_P1albw3TyIfILjc5euPh8tEc8uQQ&dbm_d=AKAmf-DdmU0mHZ-XxpWSeVQoqLIuiKInw0Nb4MoODCHh7sWmmjIDbU41ohzeuFpvxTCJ7m5AYpHdMtGMR6k2mSKGzzrqV7fxcJ6zBAwb7ouadM7jXv1PEBxOgZ7L7gep7AQpM271KsUB0mPoLVxmaT0AlNG_-Jo0fXhkJCiSInjqbhs3RMqA4VxcjkXTYlMMOtNuSVZbzABgrhekas-NefVhf-fLRyumf8lXi2DSwccx2DkdID7ISoVBtO6G06jD6IQfkTUHD6u_J8s_NX0p5tEtZPPcuVguc77AsLlcsrwQUXRFGzXj5FFHi7a9AW_ofebmAFopoz_GfXHBb7Ecwg3e_jr5fzcTyAm2VOZzDp6SHLIGebWk-U4jfGneaAwrXb2CmKM5oo2HE_1O7r6YkFrPYNOQlz2eKIwRgIKLoagam0-ayenj40lWJe6tu0nS2O9dcH9YL9AWsZKtMoyR6lVQOCU8tZXQq_rpmEXxuR9YttDuzDO54MaAsc6gEvk3edqIeZvQ6v0ssKVsYXUKmk5-Mnen3ODndVXDPz2pGYLWfxDPWQSx3iFhypPgBvAJdTmzHVpc7z7NoaQ3U2mJuIEA5PjWMKwl_IaFkjdXyxpbEUOQVDhef6reRHDWcBAPNS2m5Y2nQrQ4IPOYT0jkreWI_p9t42FDf23bvwwsO8OOiVPJwZN2GcY2KM49udettvDzfP7kvncyBc-J34Dznm55Rp-IXW3pEYHLIJNwnmHWn9bH9q-04rlGNFo0n-w7R-nardXXHpIF_ZBkHjjt307kaebW9ZciZZDBWHSl4RwvI1B2NQhlZDYMwYJ-PpuEoodpioRyLysvVMEOkSGc3o86_RlQQcmwIpKuE-WxXkMtG8l-8A7QKq5pIK1lW6ZqNuxxO8EZdX8MzmAnaQF2aI5qApLkfg8kfWMCxbHCk0X92NCiTiOR3zO1uhcyyWSsUacfRbbkU_guc6RGxLG9AM_R-yIvFmZu1wHbsYAcax7i3IYr9R0QKkY9LC0RZ2pW1RrQrwNIwaTueUFW2rUZmGYMMIp59USRTZV7HuAS9ZoOIFcC6sEcegvSVqVjYXp8WGfS6VcXWN6AAot3eXnJSasZ0wvBvWW1SrpM1uLzq-n1uNbz5wNen-Zabe8Fq-KRxCcicxzYIKcQOxw47BDaHsDO5ox5A7R109LDkull6wRSfzPDwv-HDa3yAaJ3kgtAG2rpqWwNXVoGm8fdov-BdO5G5f7uBagWewCtHNhY1SfWzc1mf8bE_KdkC83UKF_SxZKYh_YX73uk_RAVoZoIvqXO1agj7oCI_-p4PXSOgbiNDV38xaqJrpJqmjeCFuulfTF8sZe8Wk4308wPiN9bTlSjTYxoKOLm4GXfrdurd8ROqokusOqlNE-GxyIbX8MIOn5N3uRmxwB2gWIiPPEH3mrJOlx6B44peKmFTBlJwzwBYVz_xHMLN4DHd2hgBqRTBqTwBOI3uTQWXaEQGbnXgnf1JNk6ARmJioLdM1a0z3qM4_ScbZrt-m4obt8AhrzJPHWfmbzGOUQf9jReijQ8Y1Efpe8cX-QsUQ21VX4lGt0sxeTiOO8TiQdVcbiB1RNq6YTGJMvYZsVSs8x4vY1qP6cwg2kMRIVEzDfMA5GOt_ERL3W-5r8ux7_PgevzRKsw_EgR8VZW8H7HAveBXEawWS6KqyLhRZl8M7Y8aMO43yIDXHWdldAS-BKxp4FxEyFhNhgTSRNkX-KlGS2py5bvGk1yBipy-wQu91BjeQCK_DsXdMy99rfk1RP_rt8j2-dWukkA4hitYv7WSL2zLUIvYAPwYGYPSRDXKShR70XPEOsqgmhQhpXdscAE4-e3X1a3rlLy_5Dcf8Aj57ujMtYwZTeSYM34yUMY6fcsm-ZXK-NED9i1wd-K4XHLm80Xtov2X4k2cKEF3IB6vdYBmEFfAWOHkosagkNT_IQmPtVudmScPeddhxi2Jr37fXGYNPqAidD2uherZuxu1cI3CDtiVD-0NrqVvxfSooUwyYOrdppKtHavykuJxhGVD9dlGowDu6aWSvmloxLS8V7HyoFU304VGmT_pDrQ2MrJ0X1yJBINH1w8GD2cO0e06uaRq8Lat32DBna3KsCCH8_BAJB-r_LSkKTTBnoKczK3M4b9LJxrYdobWRQYA8Utx1k6_1HAaB4v3z-_YPVFKNjieP_joi6yRctcWdnT21nbIkjADEkHN_5KLZQ-YJoA5GCqgtUvsGSAWz02krVoF6aOisR5WgburOgamsRMtNzdBJ7xqG-27CgrfzIsbp-FsHwYiVkXQm30WRJe08Jqyc6TBISFmcv9FCo4pdwLvmMPim1lR2GCp-WVJZhHHDYVCSMMtvbmVC9EE0Xk5z_9S2KbLBE-i6UxfXBljx5bGYHvwO2IamyH5hNEBNiG_6L0E3u_ucJyklXG3nNtLAV2rqcU8RJRLWxuGy0nV5zVyRAjVhFvH2RYgMrkSIKDODYC6r__CuuTdKG0QJjDOsXq_X7BVU6qz7-gLRs1EYjnfKG9xo4Dt4WLZW_LvWHWspM5gfTKtTI4n0OMPZFOWqL6Ffs9TNJMi_p1QJ1f78G18NPMXLmvojIe2LppscL6GnA_udWTcDnl7YL-lrBGeidblVSzz06rrbn95Nt-SL5xrH1phcSMmExMKj2C87uaz9eE7UyvEqOmw_PieHLOtIgaN9SxG8ksxqeb8lEGQNFUb6CLSDYxJdLdAOM9_jmLCWlAPDUdN25QHdcpr8wrU2bsKLWNqGrAxS8-36NmZDVRRahYTJgeQKz6nktfyt2bv9W93IWZBwj2kwiaCPKiOM8JhkRrlodxj5w64oRO-WvZVsZDsh6HdWCeiFGhvHXmLzA&cid=CAASBORoXLo&rfl=1%2Chttps%253A%252F%252Freurl.cc%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:35:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 235
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:35:21 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame A506 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9577
x-xss-protection: 0
server: cafe
etag: 11201793935764353180
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:37:25 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A506 41 KB
15 KB 23ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 16:15:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66206
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 13 Feb 2023 16:15:50 GMT

GET
DATA 200
OK truncated
/ Frame A506 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b70bc004d14621909f788a72c8c619293ded3e0458268933d52c2ab16608328

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5226 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 13 Feb 2022 16:17:00 GMT
expires: Mon, 13 Feb 2023 16:17:00 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 66136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 fiatpro_728x90_eval_102021.html Show response
s0.2mdn.net/sadbundle/11970038483466294934/ Frame 9937 6 KB
2 KB 21ms
7ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11970038483466294934/fiatpro_728x90_eval_102021.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c307135e5c747cb1f9fe99795b141ac66a54a3ddb642d9ca889701b71774a7b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 2367
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 14 Feb 2022 10:29:22 GMT
expires: Tue, 14 Feb 2023 10:29:22 GMT
cache-control: public, max-age=31536000
age: 594
last-modified: Tue, 12 Oct 2021 15:26:15 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A506 0
571 B 128ms
92ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss8U3HtU2ujzuuurheHtxR12lj49R3eGiFiCRJniF6Edcz4vU4tPN0G42JJ87O-Lk1uI34VR7XNiPJUf5JhHw4TlP9AAihxwaWonbYTGrX2HGkle74VfpcEWt0VSOPngN2h5uSx9sBgtAJX-dddzLqN5-vnAm7WUd2Gv-famiQ5SZduoL-A4XM3MY-m5XwlN9gI91qQ22pyPn-A400xoNeOEt8G3zSbiUb23RSCMZs7pxPDoGdPbwgtQnaMf9hUSF1zIzFrNGj18xIbXQiIYF1w7qmZl9oNOTgVKgGLPiXkQ549FoCFtrfrqaX2o12pt7ONkClkhkNOTBO4iHJh2dvS00xFDGveqIQ_r3Y5Kwg61f33-fLnWB3UxKm7coXScVeWsrIHweaCRe4Csj0w1tS56MaRvUpIdVGYaxuhBSNCI30uwr872w5l3DEG_1GCHq_9FcKVAnwYzvhMV1wEIrTi7ApVYz8WT2KNTDqJ76fKriCM_2N1CK1GTuZdxXM5fkOAPsaTKe7VjOZRIe2HUoYIRKkAfdDDzcAzrKhhtSIi_o2k8VMaPeGK1rVODZOshmdmswNXzxMhKlJl5y-oEjXic3umUPP0bUASByAZj3VLgtrlCz9I8yv78ZRhASyZkXFox8PfM8GrNHrRNVz1S2xqArrZzB5LiKL5BIK1JEitfelnr9tq8Eo1vilZef9SPlKtIMDw-jG8Do-MxgvmvD_my0zdZk0YtMJXezyQ6aWhnntebaSLYcghiHRsVuekBWxaWe7v6VMlvJCi3QaAAtdxFbfUcLDeGAAlEPy7jThttw9FmcX4sCR2foeAX52Isx_ngQGbiCHQWQOPf7t1dsuWLvEzjKyH7LHYrjPniewf3_0dMHOTwswLfD0_UckTwD0vHlrpkX0BlHrKm89iBP3yPFEUtIY1WMimYEs9oQ_GU8oYx1hAK4NPV6cRHkQ9S2HpJ9bdSQ1mL-uew-Git0uASrc2RAPzWMG40wS0Qq7d9eMGXHQXOZcepfARHK8iP5KmBIIyXQ2y_sOwGT9XQsfm5VcP2r6OvffP1dFxKbJ5IXpOcoHrwvWW6EkXozwQQWLH9VDvG-qol2fV&sai=AMfl-YTLzptLBGPqfr8WWo9DlzddVPIwMawKJJTIAgzLL0djhOq65SALqe0AyZVC6E7onJkSSjShZBX5SmvslUugKDEny4nRamsiBuTH-CL7xGSDVxaK9d-hQUX3ggagv268PtmV&sig=Cg0ArKJSzMflvxGKfJZ3EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=67&cbvp=1&cstd=65&cisv=r20220209.48544&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Feb 2022 10:39:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/ 150 KB
53 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/reactive_library_fy2019.js?bust=31064771

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11861d7a9f3a93e5bab30b26a38dec607d5ad82988d30e25b0bcfd86eccdcda3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54417
x-xss-protection: 0
server: cafe
etag: 14345865829346382559
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 Feb 2022 10:39:16 GMT

GET
H3 200 3he9SSTPTzffGJDQBOTZcvp_zoO7E8v038ekVtZ_6Vg.js Show response
pagead2.googlesyndication.com/bg/ Frame 5226 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3he9SSTPTzffGJDQBOTZcvp_zoO7E8v038ekVtZ_6Vg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de17bd4924cf4f37df1890d004e4d972fa7fce83bb13cbf4dfc7a456d67fe958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 19:36:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54140
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13552
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Feb 2023 19:36:56 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 9937 236 KB
63 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11970038483466294934/fiatpro_728x90_eval_102021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11970038483466294934/fiatpro_728x90_eval_102021.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Feb 2022 10:39:16 GMT

GET
H3 200 fiatpro_728x90_eval_102021.js Show response
s0.2mdn.net/sadbundle/11970038483466294934/ Frame 9937 45 KB
9 KB 7ms
7ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11970038483466294934/fiatpro_728x90_eval_102021.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11970038483466294934/fiatpro_728x90_eval_102021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55c9d64deb33d2861f3c2e5cc0c2e5035b52fcb9e5ffcf83a9ed28bc69f73cbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11970038483466294934/fiatpro_728x90_eval_102021.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:29:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 594
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8784
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 15:26:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Feb 2023 10:29:22 GMT

GET
H2 200 1644041549-20b85f5371998c1cf311a512be26853b-840x525.png
img.gbyhn.com.tw/2022/02/ 569 KB
571 KB 928ms
26ms Image
image/png 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.gbyhn.com.tw/2022/02/1644041549-20b85f5371998c1cf311a512be26853b-840x525.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2e478e9fca1340650c89fc81c000a3ee36eeee8f361184668fd629ece6dd89b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:17 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 311
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 583146
last-modified: Sat, 05 Feb 2022 06:12:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zLvh0Ho7MTMNplsDcSI8a3uvlOO8lbzvusd4cazpcTieLNU6GwjlMJM49%2FMZRnkpgb%2BMQ%2BiCUWFr9fLi709QhEYLIp%2FxpyttZEXpPZoSxZspDrNnEqwlI%2FkETL840oMF61mb0JBC9RUM6sHmxDSm"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 6dd5abf94ae683ac-MXP
expires: Mon, 21 Feb 2022 10:34:03 GMT

GET
H2 200 2022-%E5%85%86%E8%B1%90%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2022/02/ 50 KB
50 KB 615ms
206ms Image
image/webp 192.0.78.135
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2022/02/2022-%E5%85%86%E8%B1%90%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6-1080x630.jpg?crop=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.135 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3df23b7494fb4954da70fedec0362c3083e8712d2f6a6cf2560fc79ef2ed8abc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:17 GMT
x-ac: 2.hhn _atomic_ams
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-length: 51336
x-nc: HIT bur 5
last-modified: Mon, 14 Feb 2022 02:33:22 GMT
server: nginx
etag: "6179e92537f7560e"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
expires: Wed, 14 Feb 2024 14:33:22 GMT

GET
H2 200 2022021110493860.jpg
img.racingcharger.tw/wp-content/uploads/ 118 KB
118 KB 711ms
611ms Image
image/jpeg 2606:4700:3032::6815:43a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.racingcharger.tw/wp-content/uploads/2022021110493860.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:43a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d62938006853ff9c2212be629591ca8d9afd1b4d5fc84db34dbe591e98457261

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:17 GMT
cf-cache-status: REVALIDATED
last-modified: Fri, 11 Feb 2022 10:49:45 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYaRuxuSuJnxiqGHVZgDdRTa4NBnNqFX%2F490dowLBvhaPsrvils%2FCdnp9M%2FVg11dQXkf9GfbLGjY2iYOtNIuZV9nFRR7cUDM50f28264RYthTN%2BEwAAUkKF6bN%2BXXlBN3N3VfEcXX1myKqb%2By0RQkHnaxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=28800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6dd5abf44bdfe8fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 120551

GET
H2 200 renews-title1.png
re-news.tw/images/ 24 KB
24 KB 1047ms
523ms Image
image/png 35.185.136.122
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://re-news.tw/images/renews-title1.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.136.122 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 122.136.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:17 GMT
last-modified: Sun, 28 Nov 2021 04:19:19 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "61a30347-5fad"
content-length: 24493
content-type: image/png

GET
H2 200 file.png
static.wixstatic.com/media/8d2acb_1dbc7cfe267a4b2683faa473c9dc3592~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/ 385 KB
386 KB 66ms
21ms Image
image/png 34.102.176.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wixstatic.com/media/8d2acb_1dbc7cfe267a4b2683faa473c9dc3592~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/file.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.176.152 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 152.176.102.34.bc.googleusercontent.com
Software: openresty/1.19.9.1 /
Resource Hash: 11456f86d15e663a9a583f77f6af27aba6ccf7fa24b4808f4ccb7470b37285d5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 06:58:06 GMT
via: 1.1 google
server: openresty/1.19.9.1
age: 272471
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
content-length: 394720
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
wix-tracer: 24xC7qaXKWe3KickuNr4RZseOcg
x-seen-by: image-manipulator-68d4c57bf7-qzk86

GET
H3 200 fiatpro_728x90_eval_102021_atlas_P_1.png
s0.2mdn.net/sadbundle/11970038483466294934/images/ Frame 9937 453 KB
453 KB 21ms
21ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11970038483466294934/images/fiatpro_728x90_eval_102021_atlas_P_1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a18aebfb22e1f1fa300b5094295fc551e8fc22c41e5171b6ae788eacedd9e62d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11970038483466294934/fiatpro_728x90_eval_102021.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:29:03 GMT
x-content-type-options: nosniff
age: 614
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 463740
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 15:26:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Feb 2023 10:29:03 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A506 0
60 B 61ms
61ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss8U3HtU2ujzuuurheHtxR12lj49R3eGiFiCRJniF6Edcz4vU4tPN0G42JJ87O-Lk1uI34VR7XNiPJUf5JhHw4TlP9AAihxwaWonbYTGrX2HGkle74VfpcEWt0VSOPngN2h5uSx9sBgtAJX-dddzLqN5-vnAm7WUd2Gv-famiQ5SZduoL-A4XM3MY-m5XwlN9gI91qQ22pyPn-A400xoNeOEt8G3zSbiUb23RSCMZs7pxPDoGdPbwgtQnaMf9hUSF1zIzFrNGj18xIbXQiIYF1w7qmZl9oNOTgVKgGLPiXkQ549FoCFtrfrqaX2o12pt7ONkClkhkNOTBO4iHJh2dvS00xFDGveqIQ_r3Y5Kwg61f33-fLnWB3UxKm7coXScVeWsrIHweaCRe4Csj0w1tS56MaRvUpIdVGYaxuhBSNCI30uwr872w5l3DEG_1GCHq_9FcKVAnwYzvhMV1wEIrTi7ApVYz8WT2KNTDqJ76fKriCM_2N1CK1GTuZdxXM5fkOAPsaTKe7VjOZRIe2HUoYIRKkAfdDDzcAzrKhhtSIi_o2k8VMaPeGK1rVODZOshmdmswNXzxMhKlJl5y-oEjXic3umUPP0bUASByAZj3VLgtrlCz9I8yv78ZRhASyZkXFox8PfM8GrNHrRNVz1S2xqArrZzB5LiKL5BIK1JEitfelnr9tq8Eo1vilZef9SPlKtIMDw-jG8Do-MxgvmvD_my0zdZk0YtMJXezyQ6aWhnntebaSLYcghiHRsVuekBWxaWe7v6VMlvJCi3QaAAtdxFbfUcLDeGAAlEPy7jThttw9FmcX4sCR2foeAX52Isx_ngQGbiCHQWQOPf7t1dsuWLvEzjKyH7LHYrjPniewf3_0dMHOTwswLfD0_UckTwD0vHlrpkX0BlHrKm89iBP3yPFEUtIY1WMimYEs9oQ_GU8oYx1hAK4NPV6cRHkQ9S2HpJ9bdSQ1mL-uew-Git0uASrc2RAPzWMG40wS0Qq7d9eMGXHQXOZcepfARHK8iP5KmBIIyXQ2y_sOwGT9XQsfm5VcP2r6OvffP1dFxKbJ5IXpOcoHrwvWW6EkXozwQQWLH9VDvG-qol2fV&sai=AMfl-YTLzptLBGPqfr8WWo9DlzddVPIwMawKJJTIAgzLL0djhOq65SALqe0AyZVC6E7onJkSSjShZBX5SmvslUugKDEny4nRamsiBuTH-CL7xGSDVxaK9d-hQUX3ggagv268PtmV&sig=Cg0ArKJSzMflvxGKfJZ3EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=180&vt=11&dtpt=113&dett=3&cstd=65&cisv=r20220209.48544&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Feb 2022 10:39:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 72ms
36ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Feb 2022 10:39:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 74ms
38ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Feb 2022 10:39:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/ Frame 8480 10 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4612
x-xss-protection: 0
date: Sun, 13 Feb 2022 23:43:07 GMT
expires: Sun, 27 Feb 2022 23:43:07 GMT
cache-control: public, max-age=1209600
age: 39370
etag: 18247940800414524076
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/ Frame D3B6 10 KB
5 KB 24ms
24ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4612
x-xss-protection: 0
date: Sun, 13 Feb 2022 23:43:07 GMT
expires: Sun, 27 Feb 2022 23:43:07 GMT
cache-control: public, max-age=1209600
age: 39370
etag: 18247940800414524076
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame A506
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/901669/60420920/4.js?ias_dspID=3&ias_campId=15932658&ias_pubId=pub-2473403521176190&ias_chanId=1&ias_placementId=42708743&bidurl=https://reurl.cc/X4Rxn0&ias_de...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

43ms
35ms

Script
application/javascript

2600:9000:224a:aa00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98
Protocol: H2
Server: 2600:9000:224a:aa00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 10 Feb 2022 21:45:01 GMT
content-encoding: gzip
age: 305656
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 10 Feb 2022 21:44:59 GMT
server: AmazonS3
etag: W/"96e16e7453ae2e6952bc6d2a20ea29f7"
vary: Accept-Encoding
x-amz-version-id: WQohwvyxqSXtLQ0CYtip6YPzB4rvFs6y
via: 1.1 6b2d62d60926d8d51fdcbcc94fce643a.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: DUS51-P1
content-type: application/javascript
x-amz-cf-id: gA2Kg8Rd7qZlSuL6-tN2AzHaohESyp07nBgRikWdP3MBbwuo_jHhVA==

Redirect headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:17 GMT
x-server-name: app08.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 5FBA 80 KB
21 KB 84ms
33ms Script
application/javascript 2600:9000:224a:aa00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:aa00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:56:46 GMT
content-encoding: gzip
age: 1708952
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 6b2d62d60926d8d51fdcbcc94fce643a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
content-type: application/javascript
x-amz-cf-id: 5QihPQDx2piIZA-Ns3MoP5WpjoccePfv_dkMSjhKKcpUZk5E7O7sUg==

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame A506 43 B
301 B 293ms
88ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=901669&asId=803749ea-2b99-5498-83ff-30f0515b3107&tv=%7Bc:4bS4hr,pingTime:-3,time:76,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:76,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B68~0%5D,as:%5B68~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sXpuH2l+11%7C12%7C13*.901669-60420920%7C131%7C1321%7C133%7C14%7C15%7C16,idMap:13*,rmeas:1,rend:0,renddet:na%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:17 GMT
X-Server-Name: dt47.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame A506 43 B
301 B 288ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=901669&asId=803749ea-2b99-5498-83ff-30f0515b3107&tv=%7Bc:4bS4hu,pingTime:-6,time:79,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:79,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B71~0%5D,as:%5B71~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sXpuH2l+11%7C12%7C13*.901669-60420920%7C131%7C1321%7C133%7C14%7C15%7C16,idMap:13*,rmeas:1,rend:0,renddet:na%7D&tpiLookup=ao:reurl.cc*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:17 GMT
X-Server-Name: dt37.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame A506 43 B
301 B 271ms
88ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=901669&asId=803749ea-2b99-5498-83ff-30f0515b3107&tv=%7Bc:4bS4hO,pingTime:-2,time:99,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1002,beZ:1004,mfA:1006,cmA:1008,inA:1008,inZ:1012,prA:1012,prZ:1017,si:1024,poA:1025,poZ:1045,cmZ:1045,mfZ:1045,loA:1080,loZ:1083,ltA:1101,ltZ:1101%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:99,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sXpuH2l+11%7C12%7C13*.901669-60420920%7C131%7C1321%7C133%7C14%7C15%7C16,idMap:13*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:na,sinceFw:76,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2473403521176190&output=html&h=90&slotname=5826368511&adk=2404911984&adf=2369281301&pi=t.ma~as.5826368511&w=728&lmt=1644835156&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Freurl.cc%2FX4Rxn0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644835156016&bpp=3&bdt=385&idt=86&shv=r20220209&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&correlator=6665813709914&frm=20&pv=2&ga_vid=2114483540.1644835156&ga_sid=1644835156&ga_hid=1789127845&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=389&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31062423%2C31064771%2C44756894%2C44758229&oid=2&pvsid=1146860076840336&pem=299&tmod=1167171467&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=dll3HNPs0G&p=https%3A//reurl.cc&dtd=98
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:17 GMT
X-Server-Name: dt37.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 css2
fonts.googleapis.com/ Frame 8480 4 KB
1 KB 60ms
16ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 09:19:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 14 Feb 2022 10:39:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Feb 2022 10:39:17 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 8480 205 B
743 B 46ms
6ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 15:11:01 GMT
x-content-type-options: nosniff
age: 70096
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 13 Feb 2023 15:11:01 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 8480 604 B
695 B 46ms
7ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 01:07:05 GMT
x-content-type-options: nosniff
age: 34332
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 14 Feb 2023 01:07:05 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/ Frame 8480 19 KB
8 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a7b5f2e7e3fd51102d05b2706291210864e7890361d932311a18048073374ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:27:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 678
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8079
x-xss-protection: 0
server: cafe
etag: 5902764951541284931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:27:59 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7AD9 624 B
299 B 17ms
17ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzEWhDxmu4BGLjrwb4BMAE&v=APEucNUSDFx-AbSXGQo9jczyihQql6BkmT83Jcw5CdUcTAkvZz_ldMVOAZmQ-yQ_BEs6PK0xGsoca9bC9jep6HubZ20BjJSRrT2_Zzdnp7Xydwk07bw4dEzz25baY9jYMlodu9YWFC2nKN0kwc8uLEliFRqvh_Z4dQGcF0mqt_Di2K-yiiAhkx8

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Feb 2022 10:39:17 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 14 Feb 2022 10:39:17 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 99BF 74 KB
31 KB 76ms
76ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CiKpQbmhbAuEy78Z6Iy0TxOnkqZ10LpBiMUseKpsfPjQ0CH8jV0xeEIYyVZLxwpjAunkOqsFFMG026gY9B7Ik6mhYUCKG7uHyZm8XAbWzVZfzdnNVzVz0tzBTYHib0gD_4v5jysvRdTIhNYQ-Wr0SlzoJ9bg&dbm_d=AKAmf-ArwzrumWIZCPiJAdenvZ4k_sZkQKOuF-1-aRLftvsg5YSHV6Q_v_3DBJ31h0SRQSzCkvF2oTkJ3h67i_VT7UqOxg2ujsLWSkSlGvvMbYEXc_Grh_pukEUdRaq9d9A1_-orngI91fInTF_3SLQCdbVAPc0xJ3WFEqeVVSuSDWQ8N_yUNu9Y3oMwn-sbtlHwOnWTF6Q3_7KddFu0JwTtZveLTNBzd4mEDs6X5cOfRJMEpv0SItYaWMfN3V6INI4scl3b3DY9H4E_z-SqUZKS8zEipfWVta5sGfJ1KgH_l5fEiY1xYLPEmCtJhFYPiL9OrxZym6jyAFZIJRqRLSy26N70YiQMGoeZUjr3dNscZTWmXlPrwbnS2B1aZPbWJZ54GjOFeT46bJtF3AVLdW2X-TqV1PGBUsqBN-zYij7vGmQTwuGNz1gyYrV5L-nbVhCNgdiSsl4Hmd5XYv3rhwJrRjfkbO0r-Hu4MvQ_icinrpF6jXaK67u7SdPqiXUwk5-DqM13adw1NeZFB4eBO4D5fVOCuKtJgEzIa0QPtOGbn7anHxbmz2wMs4ojIAEYRTtlS_aqUCzXDPmPUEw_ieLRI3fK6Em7w58vOgpLkO82ZMgdr_h_fCWJu6omZ9_qpge4zm1TwBIuu451iErPHcIsGOnNAhW57B_dLKBNbggCSY0C8VZKlUhnjMoI-nWKoiBZZnCjw7M-rYRchWsqVbeeQ8sJnFsicQgUvHSmJlZoQSRuoDuX1Es2NCFSWbDfanp3bVASFzQ7aDcypHxn3Xq1f8UsC9n2xWMLs7yqKpDUse_YzLp_90KDOEQ8AsGTC-5QOtQmSuuznHmXQcb9dKNKxWN9GYse8MllhYfrCin7Y2e5rSEZZLZGum34Xx2cRtA1DQ_qVE4NzOMhjgco0l-pgdqLZGJh7G3KWhqXXoPnIJALjSNb5skzLq57AM-Fy73l_Dp9V-zjHmOmdTcEcj3YH1MZKAdbo5QpgMJjd5affmT8dZ1H39mQNy2JahUfV2SDMd3lA_Dbwm0QntoY1FEm1JqX-Yuxwl5W747HglyhkT7H1Vjug3eNwEvpGAQAc9UKM8A0Gj-903UGMeZR0kcYkBcSm3hgPfi9AkPXDifEYXxeyjXaKR-e9NjY9jmZEI8M_qIJSEfKD1pL1l2fd3rEbhGO7-luH9nPOj9Rotceo7fz9GBaUkjQovfigUWvTdZgt4gSIAhrdqq3Q5uDJwa8K6AKxBn7-JVhA7FbbBTy5rljnWzzB0ReAX2Tvoceda1uKUclUK_YHqSy69q-T1pul4BHUJA0h9nwwO8-PlDFMMGuPjLmr8i2VuaK1pxgLGkRVDG1nSH4yrj_OCyYyxm17NA5DGvmqmI2y0eApIxwpRoMPuiP8zOWgvC-HXFIg8W4yalFdV0ISYGuLX0TX0x0OQeTyjAVUrVvKlw6w8sKf_-K2dOhmUm8Gt9rEO9mqRKM9nTcL2Cqq3rqVVu0dK9mljqMFj4fL1Gb2WyOQNs4JgWRl4_z9GoTMqlkRP9DQZTXHc5t3Jyl3b2W3ITuc3tTqjS9htdAynoOxeZ_VB7SCfXs0T1IiJDEYJuZC2blRkwqKu_kR2hs_Wb6TmkvcKrTZ6m_ab_t_MgtHziRbY_cIOU-fq7LJe4KljeXMq4U2-XWW-_D0FOsXZ5YJpPEq9L5v7ye9qdat0E0Axl4k7662CZ5jFvu-bKFqVkjHD02PeEKUycbeaMQFNU5eTKgpYN1_J9lBWrz4rxImEuFx-khkAlHu5Z3CeD9XTbl1JaFYw9SMJUxG3UYKBA5z--gHPdmflJ1KrjmtL2Zez1UEK0Eb_P1i-qS8BsdXReWtixpAwBAkDTUoITYkFXdFFRWaTCYJQMj5_zsFJ80lTP9Wk-Z-2IB_fbJ3kgoss3Cz7--9DNIsH02nk-Prn3Edf_rFPXpunqChNeDuHgc6oqQzp1kNZ6rwSaqpImQiFuzRrRdjMBxuEozD_2gFTl-n-n-hVOJh8ickhbIQ-S7SkqJq-pcC93HYdMYsptWDLl69Q5JDHCBmwIPJfRNKEPU6c7ocEk4a776IXfhcyZtm-2qBU9q39lzUv8hgBs-ittUsIHDgB2JvsZ-JExn8bVVEuQJihJoAKQuzLZda7UKEANQt4o2u4F2CaU1bmj9-99oExKaQkRw2VM7m6GZmqF2scBcNa-6ssAPlmJ7Hw3jt3egrQBUkiApchJ0XjcbQuto42lxcVNungqMSPQcAuYHOogIKheGA_-ab5W14H8YatFWQ4VAjlAmy812U9f9gMIQmb0gCgehranGuvdUPRZzE1Nt3hYO5vKHJM7fKhSfNG6tz2IulRp3hR33vYpRLm0i3N8pls606BPbPby9bCA9CbwI6O6ENivp3JnL82xEVVtn7E2bU1l4q18AEyonZ4bxTAAsSiWTqRq0ynjW3MFnLMKBa9EKJ6sFfGaphRzjj8QUtFWFFqI8axy1PywLgyg5umFVRAuRVuzL_c9Q3ew87p8WVlqUOqW181kPnOSAmHUJjAEMtRCsxEz9KS61ZBzUJPgdhK99ARjn5mRrcsj7-kQBoS58qMPl643LkGklipIgj3K9SIxBKA_1PNOy5HIne5Uf93d6r3dhi9xU0nUUG-qRF-H6Ke75EUrSDn792FvG17LdTmznCGGoGnqMQRWEygCsBmoFYyty2B8YwPZhrcRegB2MTX3tsPUFcbPB8uyQL0898VXn0faUgvQo2Wi0vBzKi7scStG9hcTANNefP1UWiD4deKrRJVlTY1kr5Y89XBUPYdkXLUykyuTAGO_zgaLhK5jKO_CX1iQ2vzVe8fXDAc_L3smvHvit1gM8mLVk_RNmKJO5eiZOqunKXt_qM1yF4s1xs97OWQxIsPELo6sHndNWF5boP3Pe9LXj-wXjXCFiK5b1emYx3rc&cid=CAASBORokOc&rfl=2%2Chttps%253A%252F%252Freurl.cc%252F%240

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b754b5fddee423c03eb5152a7557c9bf96cc9512f70282d98ebe0177cd907b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31690
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 99BF 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 474
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:31:23 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 99BF 124 KB
38 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38562
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1644410386637351"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Feb 2022 10:39:17 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 99BF 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6367
x-xss-protection: 0
server: cafe
etag: 17798303060702513824
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:30:24 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 99BF 42 B
63 B 38ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ADperAN3jiEpQtEmEagCBU2khZAxpjW4u9qyqF8Y5upf7X5tmYa7trOCsiNRYstCWA8tlMn_aRG7MxGhcaZ_jqF87GIaCfW7U_PYDpGBODqbnZnfw

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 fiatpro_728x90_eval_102021_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/11970038483466294934/images/ Frame 9937 17 KB
17 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11970038483466294934/images/fiatpro_728x90_eval_102021_atlas_NP_1.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2eb6b8c3bcd2e94b7aa0434887e9c06f68def607b9144030bf4c0c10ba18f826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11970038483466294934/fiatpro_728x90_eval_102021.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:29:03 GMT
x-content-type-options: nosniff
age: 614
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17799
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 15:26:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Feb 2023 10:29:03 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7AD9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1

43 B
894 B

34ms
33ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzEWhDxmu4BGLjrwb4BMAE&v=APEucNUSDFx-AbSXGQo9jczyihQql6BkmT83Jcw5CdUcTAkvZz_ldMVOAZmQ-yQ_BEs6PK0xGsoca9bC9jep6HubZ20BjJSRrT2_Zzdnp7Xydwk07bw4dEzz25baY9jYMlodu9YWFC2nKN0kwc8uLEliFRqvh_Z4dQGcF0mqt_Di2K-yiiAhkx8
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Feb 2022 10:39:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7AD9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YgoxVPjbR-zI2rhDq.Pw1AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1&google_hm=2

43 B
894 B

26ms
26ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzEWhDxmu4BGLjrwb4BMAE&v=APEucNUSDFx-AbSXGQo9jczyihQql6BkmT83Jcw5CdUcTAkvZz_ldMVOAZmQ-yQ_BEs6PK0xGsoca9bC9jep6HubZ20BjJSRrT2_Zzdnp7Xydwk07bw4dEzz25baY9jYMlodu9YWFC2nKN0kwc8uLEliFRqvh_Z4dQGcF0mqt_Di2K-yiiAhkx8
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Feb 2022 10:39:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE-itQ6EQEV4eK51qIsL8cA&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7AD9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOAdj3VsBvaeMps0fweY69E&google_cver=1

43 B
1002 B

10ms
10ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOAdj3VsBvaeMps0fweY69E&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzEWhDxmu4BGLjrwb4BMAE&v=APEucNUSDFx-AbSXGQo9jczyihQql6BkmT83Jcw5CdUcTAkvZz_ldMVOAZmQ-yQ_BEs6PK0xGsoca9bC9jep6HubZ20BjJSRrT2_Zzdnp7Xydwk07bw4dEzz25baY9jYMlodu9YWFC2nKN0kwc8uLEliFRqvh_Z4dQGcF0mqt_Di2K-yiiAhkx8

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:17 GMT
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: e960562d-a081-4a04-8151-6a49e69f0327
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOAdj3VsBvaeMps0fweY69E&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7AD9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE3NjQ3OTEzNjU4Mzk3ODAwMw%3D%3D

170 B
188 B

36ms
35ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE3NjQ3OTEzNjU4Mzk3ODAwMw%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:17 GMT
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: ddafc9f5-acba-4a0e-bdbc-5d543ccc77c5
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE3NjQ3OTEzNjU4Mzk3ODAwMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 8962 1 KB
875 B 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:30:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 848
x-xss-protection: 0
server: cafe
etag: 2277666839114365613
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:30:20 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame 8962 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7817
x-xss-protection: 0
server: cafe
etag: 7051432691878289762
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:37:26 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 8962 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 474
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:31:23 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8962 124 KB
38 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38562
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1644410386637351"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Feb 2022 10:39:17 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 8962 15 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6367
x-xss-protection: 0
server: cafe
etag: 17798303060702513824
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:30:24 GMT

GET
H3 200 ff20f166b0acb5bbc58563e896201b58.js Show response
www.gstatic.com/mysidia/ Frame 8962 27 KB
11 KB 25ms
9ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ff20f166b0acb5bbc58563e896201b58.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 05:35:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 450202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11452
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 06:53:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 10 May 2022 05:35:55 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 99BF 106 KB
37 KB 30ms
10ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 14:19:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Feb 2022 14:19:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/ Frame 99BF 8 KB
3 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CiKpQbmhbAuEy78Z6Iy0TxOnkqZ10LpBiMUseKpsfPjQ0CH8jV0xeEIYyVZLxwpjAunkOqsFFMG026gY9B7Ik6mhYUCKG7uHyZm8XAbWzVZfzdnNVzVz0tzBTYHib0gD_4v5jysvRdTIhNYQ-Wr0SlzoJ9bg&dbm_d=AKAmf-ArwzrumWIZCPiJAdenvZ4k_sZkQKOuF-1-aRLftvsg5YSHV6Q_v_3DBJ31h0SRQSzCkvF2oTkJ3h67i_VT7UqOxg2ujsLWSkSlGvvMbYEXc_Grh_pukEUdRaq9d9A1_-orngI91fInTF_3SLQCdbVAPc0xJ3WFEqeVVSuSDWQ8N_yUNu9Y3oMwn-sbtlHwOnWTF6Q3_7KddFu0JwTtZveLTNBzd4mEDs6X5cOfRJMEpv0SItYaWMfN3V6INI4scl3b3DY9H4E_z-SqUZKS8zEipfWVta5sGfJ1KgH_l5fEiY1xYLPEmCtJhFYPiL9OrxZym6jyAFZIJRqRLSy26N70YiQMGoeZUjr3dNscZTWmXlPrwbnS2B1aZPbWJZ54GjOFeT46bJtF3AVLdW2X-TqV1PGBUsqBN-zYij7vGmQTwuGNz1gyYrV5L-nbVhCNgdiSsl4Hmd5XYv3rhwJrRjfkbO0r-Hu4MvQ_icinrpF6jXaK67u7SdPqiXUwk5-DqM13adw1NeZFB4eBO4D5fVOCuKtJgEzIa0QPtOGbn7anHxbmz2wMs4ojIAEYRTtlS_aqUCzXDPmPUEw_ieLRI3fK6Em7w58vOgpLkO82ZMgdr_h_fCWJu6omZ9_qpge4zm1TwBIuu451iErPHcIsGOnNAhW57B_dLKBNbggCSY0C8VZKlUhnjMoI-nWKoiBZZnCjw7M-rYRchWsqVbeeQ8sJnFsicQgUvHSmJlZoQSRuoDuX1Es2NCFSWbDfanp3bVASFzQ7aDcypHxn3Xq1f8UsC9n2xWMLs7yqKpDUse_YzLp_90KDOEQ8AsGTC-5QOtQmSuuznHmXQcb9dKNKxWN9GYse8MllhYfrCin7Y2e5rSEZZLZGum34Xx2cRtA1DQ_qVE4NzOMhjgco0l-pgdqLZGJh7G3KWhqXXoPnIJALjSNb5skzLq57AM-Fy73l_Dp9V-zjHmOmdTcEcj3YH1MZKAdbo5QpgMJjd5affmT8dZ1H39mQNy2JahUfV2SDMd3lA_Dbwm0QntoY1FEm1JqX-Yuxwl5W747HglyhkT7H1Vjug3eNwEvpGAQAc9UKM8A0Gj-903UGMeZR0kcYkBcSm3hgPfi9AkPXDifEYXxeyjXaKR-e9NjY9jmZEI8M_qIJSEfKD1pL1l2fd3rEbhGO7-luH9nPOj9Rotceo7fz9GBaUkjQovfigUWvTdZgt4gSIAhrdqq3Q5uDJwa8K6AKxBn7-JVhA7FbbBTy5rljnWzzB0ReAX2Tvoceda1uKUclUK_YHqSy69q-T1pul4BHUJA0h9nwwO8-PlDFMMGuPjLmr8i2VuaK1pxgLGkRVDG1nSH4yrj_OCyYyxm17NA5DGvmqmI2y0eApIxwpRoMPuiP8zOWgvC-HXFIg8W4yalFdV0ISYGuLX0TX0x0OQeTyjAVUrVvKlw6w8sKf_-K2dOhmUm8Gt9rEO9mqRKM9nTcL2Cqq3rqVVu0dK9mljqMFj4fL1Gb2WyOQNs4JgWRl4_z9GoTMqlkRP9DQZTXHc5t3Jyl3b2W3ITuc3tTqjS9htdAynoOxeZ_VB7SCfXs0T1IiJDEYJuZC2blRkwqKu_kR2hs_Wb6TmkvcKrTZ6m_ab_t_MgtHziRbY_cIOU-fq7LJe4KljeXMq4U2-XWW-_D0FOsXZ5YJpPEq9L5v7ye9qdat0E0Axl4k7662CZ5jFvu-bKFqVkjHD02PeEKUycbeaMQFNU5eTKgpYN1_J9lBWrz4rxImEuFx-khkAlHu5Z3CeD9XTbl1JaFYw9SMJUxG3UYKBA5z--gHPdmflJ1KrjmtL2Zez1UEK0Eb_P1i-qS8BsdXReWtixpAwBAkDTUoITYkFXdFFRWaTCYJQMj5_zsFJ80lTP9Wk-Z-2IB_fbJ3kgoss3Cz7--9DNIsH02nk-Prn3Edf_rFPXpunqChNeDuHgc6oqQzp1kNZ6rwSaqpImQiFuzRrRdjMBxuEozD_2gFTl-n-n-hVOJh8ickhbIQ-S7SkqJq-pcC93HYdMYsptWDLl69Q5JDHCBmwIPJfRNKEPU6c7ocEk4a776IXfhcyZtm-2qBU9q39lzUv8hgBs-ittUsIHDgB2JvsZ-JExn8bVVEuQJihJoAKQuzLZda7UKEANQt4o2u4F2CaU1bmj9-99oExKaQkRw2VM7m6GZmqF2scBcNa-6ssAPlmJ7Hw3jt3egrQBUkiApchJ0XjcbQuto42lxcVNungqMSPQcAuYHOogIKheGA_-ab5W14H8YatFWQ4VAjlAmy812U9f9gMIQmb0gCgehranGuvdUPRZzE1Nt3hYO5vKHJM7fKhSfNG6tz2IulRp3hR33vYpRLm0i3N8pls606BPbPby9bCA9CbwI6O6ENivp3JnL82xEVVtn7E2bU1l4q18AEyonZ4bxTAAsSiWTqRq0ynjW3MFnLMKBa9EKJ6sFfGaphRzjj8QUtFWFFqI8axy1PywLgyg5umFVRAuRVuzL_c9Q3ew87p8WVlqUOqW181kPnOSAmHUJjAEMtRCsxEz9KS61ZBzUJPgdhK99ARjn5mRrcsj7-kQBoS58qMPl643LkGklipIgj3K9SIxBKA_1PNOy5HIne5Uf93d6r3dhi9xU0nUUG-qRF-H6Ke75EUrSDn792FvG17LdTmznCGGoGnqMQRWEygCsBmoFYyty2B8YwPZhrcRegB2MTX3tsPUFcbPB8uyQL0898VXn0faUgvQo2Wi0vBzKi7scStG9hcTANNefP1UWiD4deKrRJVlTY1kr5Y89XBUPYdkXLUykyuTAGO_zgaLhK5jKO_CX1iQ2vzVe8fXDAc_L3smvHvit1gM8mLVk_RNmKJO5eiZOqunKXt_qM1yF4s1xs97OWQxIsPELo6sHndNWF5boP3Pe9LXj-wXjXCFiK5b1emYx3rc&cid=CAASBORokOc&rfl=2%2Chttps%253A%252F%252Freurl.cc%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:35:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:35:21 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame 99BF 24 KB
9 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9577
x-xss-protection: 0
server: cafe
etag: 11201793935764353180
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Feb 2022 10:37:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5226 0
20 B 44ms
42ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BHFljVDEKYuPMMpORjuwPy7WPmA0AAAAAOAHgBAI&bg=!g4ClgMTNAAbAtJCDwLQ7ACkAdvg8WrGni4eCwvCcfG3KKbWiwTGOXyhep0arCiy9chJg0zW3LNQueAIAAAFlUgAAAAJoAQcKAIj-ZpbbWZv4-0pD2CpIoVuqbhUXRzHNFgosxj1CQqWs1eCWrW9mK57t6IBP_nUT18Hel-GgHV6XvJhq1HWwMWTrmAAvqIElSuWbdXf7ALRqAavbHVpR1hLG993K9spCeQG9SLJfZJ7g7YWCey_rba_jgv5wJ_arUV3eSX2Bj7PyrtOD6LMkficbmQK9ZK_J-FyupKL2WF4joUzIEIZgD8jAvVObTZ247NifFQhyf51bl5JysK8tS8rKQZvSu7vOIXdW2K3cp5Cu4qqQlPX5DsB4ZMJDoVGjLaspHJsGcbE0BI6P2S4jYriHskwL0XQzHISR4Ck9hn1E4GUgtaDopUiVcAmap15UN44jwfkne8Clh4bGyDi24y58xsQwgdBsq9sBqPw_3Bm_t3x6heNCPLvmMIywZxgU9r1MivXD4LnUy5_0gpvYwIIAisGz8tk_ynT5e79w8q42gHRX0m1ouRw-BH7UCb1bQffL2ZeMnGPvzNHIvaaIT3D7MU86xQ5d8m64QqjAoMzdgSCUERxaApNWv1NKMzJBCVjzQxc7oFlvB5TMWSSoJ7J8v9XG92QnBtL_HWY1GImiBCuR2tIK_QfOE_rlG4-4eHLEo2eF1Xe3OdD_4afSb7SoNAvAnxfted2ha2d88VD71kC2l-CWyat92ytzSmdtTj2xfECMiGVHDal5fZTDU9PmNR1DswA8c91hcEev1fiv130oeH-99nbBJ_oZsU0FJhEKarbUz7s7Y-eq6D42F_IphHv2j8lEWsBX8YmHDVMTRLjhqVbofUMT__I7LXbpgyVkT7_SmWeauY7NW4p8oGSRrfYFgWRZfa_lJMJ8CmdRFi0gld1yOdkgXpVECZAM0LrVHY7HO_benDkB_gJ7hAHr7Mi9VjoybYi7zAXaGZON0h2DPFd9FO_1DVa5sUqaock2uwJultvpgjeHL1rfW9LbJddP4bj3UB1JVKkGYMo6YcwBtE1YLlAPwIZzt1S_aGoUm723Fs4F3xHKy0a2gxKo-KPtpcMWw5wt76n9nUMjiENMQslwnrQGdCIDkajT85mRLMbq3HeWgi6KhGa_REf2Vi7xuiCv6KSFRjzV5MH4OVoMH56Rhi6Eyl2KBPuN25g

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 99BF 41 KB
15 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 16:15:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66207
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 13 Feb 2023 16:15:50 GMT

GET
DATA 200
OK truncated
/ Frame 99BF 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf43a103c37182df103a89f8d269e54be39dc2ff6d3b181dd4e5387f45a44fdc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 3he9SSTPTzffGJDQBOTZcvp_zoO7E8v038ekVtZ_6Vg.js Show response
pagead2.googlesyndication.com/bg/ Frame DC03 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3he9SSTPTzffGJDQBOTZcvp_zoO7E8v038ekVtZ_6Vg.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de17bd4924cf4f37df1890d004e4d972fa7fce83bb13cbf4dfc7a456d67fe958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 19:36:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13552
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Feb 2023 19:36:56 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CE99 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 13 Feb 2022 16:17:00 GMT
expires: Mon, 13 Feb 2023 16:17:00 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 66137
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/ Frame D6E1 4 KB
2 KB 9ms
7ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d64bf0c540a370613f5f26c55378245d606e4eefa43317280cb130941529b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 1538
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 11 Feb 2022 10:49:10 GMT
expires: Sat, 11 Feb 2023 10:49:10 GMT
cache-control: public, max-age=31536000
age: 258607
last-modified: Thu, 23 Dec 2021 13:15:57 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 99BF 0
24 B 94ms
80ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssfW8_QC2LRiN3oiPlO7LrMmVvlrcMoIOu9H5jJuJyyAZJ_N-UQHQmZHUEF9_embKpssF4cMGBmM15MMgnQpnZxm3PjPBjWxmh4LSlBjsFgOn7F7YwxdGiV7VBZNMnNlwm7D-HOrVcMvtOufaMTMUSafaJCrIGrJFXau426HGb0-J4xNjT-WJvJPYpqd45YEGu5PWWqDfGTh2Q5qzv1n0zycfAlfCWi0aXeXW_KK25Xs-z1fJqmXnnXicNwihCcM23WQioMGohGV-qYsCU1nagdW_to5Hj6HcS1w3csd1eTWmfVZERvK1WUj_uH2tdXFpoLVHtRz2sE5bktPsppgNLNDtGRx83BYZPnXQkR9rDsKybr9Sg1jmQTQSMjAW8kYk3C0jo3HHuZKQklf3G6HhedUdbi2nW_4NYCMK4iwzp1jA5e8J2J7_jyVVQTa64wonptzcJAPYez3FYvqgMCB5lJAWscp9WNSwkSXgFoBWz6JzMIS3oHHqRuDmmQY2K1KV_1a5Cv3DV7dK9CIXnun-DBOWkpWM-ALqjj-hH0JHbN_Hi4jOO4puu24o_ia7GmRPke64J04Hf6HprW6dm-p2NhDpROn_aEYVWZ_VotmBdTlOHJxJKonQFA1UgdNKPiD6nRNRn7GHtP5LYPzkeE1GxU4y3IhH2ZA4mceWge9qEa9ncIYmWnaruHfgP2GlZFEVLkSxQs_oUgkRzyBkXPCEnrZujEG2BR4cYZPiAuR0SlUW9_GrO9t9moZcJrMphjIct05Yg7UeJvyVwA_Mhel3NDoMkAX_1Blv1cIueKCisPz0npxfNFhzzXyNbQACJoqff6vCu33qkLDtv2SLpjNMbbve6WZRGzKI96eyxctgyQtC9VHI2JyB8pDMZaJxXC2jPXBI-F6YI1NWiOA3IhqBB0XnF0ol-wxp0o197__5K5G1y0sHMKLBceY1buuE1iKmXtmUKRvU7HnzDpgLm39emAEVVBRDjkWj51MGrJGhwpTGJuyIBiV8d4VcJpPyHqS2SBpWxFuJYZANbS4mtli9BJhGi81CHbwUOj-WGeoy4TuGQQHSXjxc0jnjirLFL_b6m-LywN38yccujQ3-U&sai=AMfl-YTNftt3jjJPOY1rSyxooIk1smg-dx5uQECuxlYUUQ7kaKE85lmDcOkL1zDtRyV9dYUvOvH8-DAUQGJ32n-hSyJsMNuia7SVlQhTvfAw5kisNa9Is8NVtBDN1RS-Y2kJjYx6&sig=Cg0ArKJSzNzIuYi27TxdEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=75&cbvp=1&cstd=74&cisv=r20220209.68464&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Feb 2022 10:39:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 style.css
s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/ Frame D6E1 507 B
351 B 8ms
8ms Stylesheet
text/css 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

714fdc8f45f2cffbe310f8437d1ee626a200c0814313f075afc8bca5ee093da6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 10:49:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258607
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 322
x-xss-protection: 0
last-modified: Thu, 23 Dec 2021 13:15:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Feb 2023 10:49:10 GMT

GET
H3 200 animations.css
s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/ Frame D6E1 2 KB
347 B 8ms
7ms Stylesheet
text/css 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/animations.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6424a276777843e184cd58a866136adec17697b54ed595a2d1a1990555c73c28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 10:49:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258607
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 318
x-xss-protection: 0
last-modified: Thu, 23 Dec 2021 13:15:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Feb 2023 10:49:10 GMT

GET
H3 200 img-logo.png
s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/ Frame D6E1 6 KB
6 KB 8ms
7ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/img-logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfc9e9f008087d660e704703f6588e40ab13d0c50ccdc549b4fe962d019fc0ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 10:49:10 GMT
x-content-type-options: nosniff
age: 258607
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6241
x-xss-protection: 0
last-modified: Thu, 23 Dec 2021 13:15:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Feb 2023 10:49:10 GMT

GET
H3 200 img-personas.png
s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/ Frame D6E1 17 KB
17 KB 8ms
8ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/img-personas.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

592a30b3f5ffdaf659d0d5df2e5599afbe976c904c2a9a23b291cbf9cc48ed9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 10:49:10 GMT
x-content-type-options: nosniff
age: 258607
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16960
x-xss-protection: 0
last-modified: Thu, 23 Dec 2021 13:15:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Feb 2023 10:49:10 GMT

GET
H3 200 text-MBA.png
s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/ Frame D6E1 7 KB
7 KB 9ms
9ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/text-MBA.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5c3dbbe7fd7e66ce1456d0a500996b3fe3fd4785ff1734c1b99032016055e8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 08 Feb 2022 11:46:37 GMT
x-content-type-options: nosniff
age: 514360
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7362
x-xss-protection: 0
last-modified: Thu, 23 Dec 2021 13:15:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Feb 2023 11:46:37 GMT

GET
H3 200 button-start.png
s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/ Frame D6E1 4 KB
4 KB 9ms
9ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/button-start.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c66f2b53c6c0b3f177fcaea281313121c2ffa5710af46d82b97ae5c74b864062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 10:49:10 GMT
x-content-type-options: nosniff
age: 258607
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4295
x-xss-protection: 0
last-modified: Thu, 23 Dec 2021 13:15:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Feb 2023 10:49:10 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame A506 43 B
301 B 88ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=901669&asId=803749ea-2b99-5498-83ff-30f0515b3107&tv=%7Bc:4bS4nI,pingTime:-10,time:465,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85OC4wLjQ3NTguODAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1644835157582%7C%7C0ece2d5e2448f48a7020a17985a62394%7C%7C920bd99aa4265c459f442b819dba176b%7C%7C074456d39373e459d8059f2efc65d42e%7C%7C38ecfdced691522ed8216ac6bd8d83b9%7C%7C849983897fb3837c30b722dc252e4bb8%7C%7C41c596f00fed51535674f94cba6b2122%7C%7Cc69bdf14fc3b0fae832f73f4a53df589%7C%7C1629390669,im:%7Bpci:%7Btdr:437%7D%7D%7D
Requested by: Host: reurl.cc
URL: https://reurl.cc/X4Rxn0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:17 GMT
X-Server-Name: dt37.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 background.png
s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/ Frame D6E1 2 KB
2 KB 10ms
9ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/img/background.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4c865fbe662dd710dae3d06b8ab98adf88f9e6314d4e6a3771e42151b30b640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7358846028699040144/FT_EUROPA_CONSIDERATION_MBA_728x90_231221/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 10:49:10 GMT
x-content-type-options: nosniff
age: 258607
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1808
x-xss-protection: 0
last-modified: Thu, 23 Dec 2021 13:15:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Feb 2023 10:49:10 GMT

GET
H3 200 3he9SSTPTzffGJDQBOTZcvp_zoO7E8v038ekVtZ_6Vg.js Show response
pagead2.googlesyndication.com/bg/ Frame CE99 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3he9SSTPTzffGJDQBOTZcvp_zoO7E8v038ekVtZ_6Vg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de17bd4924cf4f37df1890d004e4d972fa7fce83bb13cbf4dfc7a456d67fe958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 19:36:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13552
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Feb 2023 19:36:56 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 99BF 0
23 B 43ms
43ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssfW8_QC2LRiN3oiPlO7LrMmVvlrcMoIOu9H5jJuJyyAZJ_N-UQHQmZHUEF9_embKpssF4cMGBmM15MMgnQpnZxm3PjPBjWxmh4LSlBjsFgOn7F7YwxdGiV7VBZNMnNlwm7D-HOrVcMvtOufaMTMUSafaJCrIGrJFXau426HGb0-J4xNjT-WJvJPYpqd45YEGu5PWWqDfGTh2Q5qzv1n0zycfAlfCWi0aXeXW_KK25Xs-z1fJqmXnnXicNwihCcM23WQioMGohGV-qYsCU1nagdW_to5Hj6HcS1w3csd1eTWmfVZERvK1WUj_uH2tdXFpoLVHtRz2sE5bktPsppgNLNDtGRx83BYZPnXQkR9rDsKybr9Sg1jmQTQSMjAW8kYk3C0jo3HHuZKQklf3G6HhedUdbi2nW_4NYCMK4iwzp1jA5e8J2J7_jyVVQTa64wonptzcJAPYez3FYvqgMCB5lJAWscp9WNSwkSXgFoBWz6JzMIS3oHHqRuDmmQY2K1KV_1a5Cv3DV7dK9CIXnun-DBOWkpWM-ALqjj-hH0JHbN_Hi4jOO4puu24o_ia7GmRPke64J04Hf6HprW6dm-p2NhDpROn_aEYVWZ_VotmBdTlOHJxJKonQFA1UgdNKPiD6nRNRn7GHtP5LYPzkeE1GxU4y3IhH2ZA4mceWge9qEa9ncIYmWnaruHfgP2GlZFEVLkSxQs_oUgkRzyBkXPCEnrZujEG2BR4cYZPiAuR0SlUW9_GrO9t9moZcJrMphjIct05Yg7UeJvyVwA_Mhel3NDoMkAX_1Blv1cIueKCisPz0npxfNFhzzXyNbQACJoqff6vCu33qkLDtv2SLpjNMbbve6WZRGzKI96eyxctgyQtC9VHI2JyB8pDMZaJxXC2jPXBI-F6YI1NWiOA3IhqBB0XnF0ol-wxp0o197__5K5G1y0sHMKLBceY1buuE1iKmXtmUKRvU7HnzDpgLm39emAEVVBRDjkWj51MGrJGhwpTGJuyIBiV8d4VcJpPyHqS2SBpWxFuJYZANbS4mtli9BJhGi81CHbwUOj-WGeoy4TuGQQHSXjxc0jnjirLFL_b6m-LywN38yccujQ3-U&sai=AMfl-YTNftt3jjJPOY1rSyxooIk1smg-dx5uQECuxlYUUQ7kaKE85lmDcOkL1zDtRyV9dYUvOvH8-DAUQGJ32n-hSyJsMNuia7SVlQhTvfAw5kisNa9Is8NVtBDN1RS-Y2kJjYx6&sig=Cg0ArKJSzNzIuYi27TxdEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=228&vt=11&dtpt=153&dett=3&cstd=74&cisv=r20220209.68464&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Feb 2022 10:39:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CE99 0
20 B 47ms
47ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BoXAkVTEKYom7EeyBjuwPmu2ukAYAAAAAOAHgBAI&bg=!AQKlAkbNAAbAtJCDwLQ7ACkAdvg8WiciZ2pGzGxgiTgmayu_jTBb6DmegnSmktauotrU8Q1wVyO_QwIAAABYUgAAAAJoAQcKAGiJzi_uCxh6H4fAAioxLuziUHD2bi-9UZ6XnR8wQq9CQwzoPfD2d33HxYX-_IPizhGJ1kbM1UYd_WwNb41ytUF45zoeRD8SlkziNhhCQn1bSpSnaa0D4An4bh3kkabbg5rn2Q9OCUfyTZkC-fk9K741SRSeawXuPCRMWVqrG6O9tcbnFF6cyBqj2acyq3_O1KW2LaNC7Hq02KQUI3uLBfZQFA-lIYhqPS79pKYgjV40HvRQ1a5ZtKTkXio1Sh6AtShSTRBWVuub8BbtmGbR9eBs9qvre2LwtkOlDbzv4xbWiZUAsPTznH0NF0zQRSdCzGZRnOeD_MSoDHdOFGNVctB8jfw7toa7BxDWr7gIXz3CFegdZwwqny4N9MfCIgYaU7vNQM1c21O2eaG-JLXYZmaajibr8vIXox1JL4NyZNrqFHhSSkwzEUFqhRVqaDVzAO5y1tRN4eD73gKIzSsOFpy29ZGiNu-x7F7c9NeOamqbZ8FuOmU8ufVqn-uJR9vvKhkC0xXY5nxdrDASXztQTVBf0GlNHvcTDdbydU18Ybo4nnNDk5rgoJGmYemcuCwjagJ0PhmIB472o0yMK6F6iuWAdGfvFjVVNOzTzJA2ThyGd8vh8faRnRZSiO5vG-nvpHRsOfOGN6wQWVYuLPYzueezeAdvCPJXvL5Ej_qcIIH7TFyQizDrziLaJc2-hDoe7fHvOaQRZCJdi8YaKp0JFfNt7NDrHBTITtN0H54imG7Yz1yTuNisllTfvsCiomqVC3st5xTtfbS6Ffl4vNG3_85V1ue90m676NwIfKbsFH74Do2gstHvzASSKlnqIEW-aWjvhPSRTPqrMaHe39_3Hcrtmn2ZkuRe4DI6WpzMkcw5d6pkjLqyUs0fpkHqOK1qJ901nc4p3thZw-rHkGZ-wekzr0j-zotWkrovDuojv1SqPWA4Di_B5fJfxIxxXOq3um2Ukwqgxwl2a5Q03KKHKihfL6JWOlfHW6PcEOffot7bDQk9w_XGg7Y6mGgWYEkeQsnMEH6PBxn49Z9JjCeqDg2G3gBmsOyJE8SOC_8CSfZogBcL3m02e_24WpAK8dH8YKr-TpghTACx0jq-x-cRY6pC1EjpOFFtc8u-v_DxLtMAIVAtYH_vEbUU3s7ab7GFtHoqfKws

Requested by

Host: reurl.cc
URL: https://reurl.cc/X4Rxn0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 38ms
22ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220209&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

259e42f5ee438954e07066e3ddd1ea722d64ea4a4da486ed0c4ff05810c76510

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Feb 2022 10:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9854
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Feb 2022 10:39:18 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A506 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstE6BwPlO5ZSAEoc067V_xi9SPKiwxDuaMVhmbknUFllcNTrX32cwQUer2Pw-P1KFqbpmh-xfOdBI5dVByv0xEodLyeOGEdS88yzEp7vYCByyi3vjI6Yw&sai=AMfl-YT3V_hAeRL8FXiljCsMRzs4Wj2dlMen2ut37Wai-DbwZJEK5ymc8Wlcq06RUT8Tp1MACraonnoYHvsi&sig=Cg0ArKJSzD_qXWdratTnEAE&cid=CAASBORoXLo&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220209&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2404911984&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644835156115&rpt=998&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 546D 13 KB
5 KB 9ms
9ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Feb 2022 10:33:19 GMT
expires: Tue, 14 Feb 2023 10:33:19 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A814 783 B
534 B 36ms
17ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

68124c6fde5add470cb672878882bf8f8f79daf0bbdcb86374f06128e2e0b00c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3IMJtCj+/wwXznlcfOi2NQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 14 Feb 2022 10:39:18 GMT
date: Mon, 14 Feb 2022 10:39:18 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-3IMJtCj+/wwXznlcfOi2NQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 3he9SSTPTzffGJDQBOTZcvp_zoO7E8v038ekVtZ_6Vg.js Show response
pagead2.googlesyndication.com/bg/ Frame 546D 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3he9SSTPTzffGJDQBOTZcvp_zoO7E8v038ekVtZ_6Vg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de17bd4924cf4f37df1890d004e4d972fa7fce83bb13cbf4dfc7a456d67fe958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 19:36:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13552
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Feb 2023 19:36:56 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A814 0
0 71ms
71ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220209&jk=1146860076840336&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 546D 0
9 B 9ms
9ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?g9lmkQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 10:39:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 99BF 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssPr0ylzslIRgjO0xUcvO2Qszx2EYpyDumx6OazVU_i6Y1n7KxGMIDMeqt8XFyl9ZF0l-ATLYowmQAWupJWCdcGyZmUUyTukHyhKquVmo4dmQwIq-x8yw&sai=AMfl-YSdgy-vGqFkXWJMgEfTfG32dsr34bUBil45ZsEceW_15SB_l08yLwSwpkjowAvm8SKmknsgxmuYykkz&sig=Cg0ArKJSzKuU_m2qexwHEAE&cid=CAASBORokOc&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=373,869,1000,1000,1000&tos=373,496,131,0,0&v=20220209&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644835157245&rpt=204&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220209&jk=1146860076840336&bg=!ZWalZiLNAAbAtJCDwLQ7ACkAdvg8Wg-eHJlDTnA67bq47Gj-zbGSG61j_1-FDE3P-Pa2_JxIOJ6SDQIAAABcUgAAAANoAQcKAQlHtQvNP8Uz06N5iEIJRErGh61l9oUgH43cbSeXxbqtY5ffy4B_W3aBZT_qSkWwTVGE6acMkmBIje3Dq-b9lmgrcFBGIta2u30Ej9Rt3IkBOTcjLTK9eeRvmFcCw29mI2sudTGAvvn8XlwJYN8PxoTo1oCWQxmzr45sTCUoS4AXeZOSlMIfmZQ1tyK-iRh0MN4W3TQc-8yv_MEjyPqcWDB_BuZAeAEVIpQMh0pTNWr4DMarvZMqO5LY0W6-JxBZRbz0C4o-eHJRYxk45Au8Yz0eHpwSJqHRbG_PqpOkhgRdzEYHd6Ku73_qHWUyyyBODZg4z1HY9Lu1_aEDjLELUvP74sILGyku4dMOmQKJB1zCOShy995NVWD9BQprpt4EkC3GZJvyYSwVfN2hbMWpwvcSmlyjL85MoVnPnZRbAz9H6jeP5q6Qe-hQbZe2v846r5wkZZHX9hzJfQPAylEDTZROKRBbcosMSuFhM4SRF5oeJQyyq0xriHYxuprIgp-MwzRpRNstPmSPmn-WZvA-33Khl5iCBKFV-DeV1FtLctCKaL7eTAs6vcgG_nG02nDbyQYaSSJYIw-WBk28XSKAdSw9BVhzxLHMh6eaiGehM1p1y5Y-beAzZfAfHZPc6h-q0lcB0HI017n4IVqrfVW-0MU5yeGpY2YYTdRb8KGjLmj-6FsE0-JDnCzIcYdTP0khJie5PhXrgHm9s1_GqK6qo2cXscocMBZcMsQk7SFg1j05uawO6POcVyufInigzVE84tNKWk-LSVR7kcPSvYIEC6CjT__WvWUFTxZDrtFiQO9cdDnjBdN7PTNaYfbk8YmA0mh-CC_A4pyjAKd6MvZoPadTQIboCD8rp_azWhUPn_po4Wo-Yixl4v7U-TDa8WVwa98YcgI-ejO_qnSJFUUqzT8V6iEc853SCwQEOXmpHv-7KrAWATCfWqaUaV5fGY5dKrpFKvMuUSqXc2PtpzNdLUtqS6Mw7KPiV9EFQXJ-qO0205Ze1IZC3h9yhdUVAXzngsBW7CfE8C8WCq2wmiYXN3ENfzFn9Mb48QTWc-mYtiSDP2wwPoMpfWp1Wz29y7y4PGqnUtF6AmdsySTjpZcyjtT_3NoIyDy0fUEVSuZp1Ohrn2SNaJA0Ynq60YL6gkG5v83u_q7n50j2akrzscY_nZ0KxgsLUTh7wVetvIq44A1InpPLjzAkNDhicqrHpDQJxh8FmatsiQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Feb 2022 10:39:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame A506 43 B
301 B 89ms
88ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=901669&asId=803749ea-2b99-5498-83ff-30f0515b3107&tv=%7Bc:4bS4Ok,pingTime:1,time:2115,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D,%7Bpiv:100,vs:i,r:,t:1114%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1114,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1106~0,0~100%5D,as:%5B1106~728.90%5D%7D%7D,%7Bsl:i,t:1114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:91,fm:sXpuH2l+11%7C12%7C13*.901669-60420920%7C131%7C1321%7C133%7C14%7C15%7C16,idMap:13*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:19 GMT
X-Server-Name: dt37.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame A506 43 B
301 B 87ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=901669&asId=803749ea-2b99-5498-83ff-30f0515b3107&tv=%7Bc:4bS4Ok,pingTime:1,time:2115,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D,%7Bpiv:100,vs:i,r:,t:1114%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1114,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1106~0,0~100%5D,as:%5B1106~728.90%5D%7D%7D,%7Bsl:i,t:1114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:91,fm:sXpuH2l+11%7C12%7C13*.901669-60420920%7C131%7C1321%7C133%7C14%7C15%7C16,idMap:13*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:19 GMT
X-Server-Name: dt47.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame A506 43 B
301 B 88ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=901669&asId=803749ea-2b99-5498-83ff-30f0515b3107&tv=%7Bc:4bS4Ok,pingTime:1,time:2115,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D,%7Bpiv:100,vs:i,r:,t:1114%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1114,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1106~0,0~100%5D,as:%5B1106~728.90%5D%7D%7D,%7Bsl:i,t:1114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:91,fm:sXpuH2l+11%7C12%7C13*.901669-60420920%7C131%7C1321%7C133%7C14%7C15%7C16,idMap:13*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,metricId:publ1,cmr:t%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Feb 2022 10:39:19 GMT
X-Server-Name: dt37.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reurl.cc/	1970-01-20 18:25:07	Name: _ga Value: GA1.2.2114483540.1644835156
.reurl.cc/	1970-01-20 00:55:21	Name: _gid Value: GA1.2.1181667001.1644835156
.reurl.cc/	1970-01-20 00:53:55	Name: _gat Value: 1
.reurl.cc/	1970-01-20 03:03:31	Name: _fbp Value: fb.1.1644835156037.2124376071
.facebook.com/	1970-01-20 03:03:31	Name: fr Value: 0Zb2qRXG6COpjcikX..BiCjFU...1.0.BiCjFU.
.reurl.cc/	1970-01-20 10:15:31	Name: __gads Value: ID=887af00897d2bc1a-229678823ecd008b:T=1644835156:RT=1644835156:S=ALNI_MY6pM41xKyR43qNTiOq2cGfne4sag
.doubleclick.net/	1970-01-20 10:15:31	Name: IDE Value: AHWqTUkyL9VWYer2J18lQ8CqbeiDxPWozE46bIEh2R9SLnHsfAwC0qSFIjDPeQ2cGgo
.adnxs.com/	1970-01-20 03:03:31	Name: uuid2 Value: 3176479136583978003
.casalemedia.com/	1970-01-20 03:03:31	Name: CMPS Value: 5198
.casalemedia.com/	1970-01-20 09:39:31	Name: CMID Value: YgoxVPjbR-zI2rhDq.Pw1AAA
.casalemedia.com/	1970-01-20 03:03:31	Name: CMPRO Value: 1153
.casalemedia.com/	1970-01-20 00:55:21	Name: CMST Value: YgoxVGIKMVUA
.casalemedia.com/	1970-01-20 09:39:31	Name: CMRUM3 Value: 2d620a31552760CAESEE-itQ6EQEV4eK51qIsL8cA
.adnxs.com/	1970-01-20 03:03:31	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVIpk!bk!]tcF8i_iqf!oN/@E'zz<Z0QN(ii+o36!o_Kbe#NrxEBt%l5i=69aJS(jvcTD._PlZ[C[-kX-7s)7g

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdn.jsdelivr.net
cm.g.doubleclick.net
connect.facebook.net
creditcards.com.tw
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
img.gbyhn.com.tw
img.racingcharger.tw
pagead2.googlesyndication.com
partner.googleadservices.com
re-news.tw
reurl.cc
s0.2mdn.net
static.adsafeprotected.com
static.wixstatic.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
104.244.36.20
142.250.184.226
142.250.185.98
192.0.78.135
2.18.234.21
2600:9000:224a:aa00:8:48e:53c0:93a1
2606:4700:3032::6815:43a6
2606:4700::6810:5914
2a00:1450:4001:808::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80f::200a
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:827::2003
2a00:1450:4001:829::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2004
2a00:1450:400c:c07::9c
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a06:98c1:3120::7
34.102.176.152
35.185.130.121
35.185.136.122
37.252.172.45
52.51.212.11
096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0befda268290526c1eee7a894d4b630bec436952b483109e89661b69f2923845
0f339cf9e117cb1612e7079c0a02fcc2ef26d9ffc19c93d0370d10bf81bb714f
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11456f86d15e663a9a583f77f6af27aba6ccf7fa24b4808f4ccb7470b37285d5
11861d7a9f3a93e5bab30b26a38dec607d5ad82988d30e25b0bcfd86eccdcda3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
18ed8262b6d0f2ef8700a462d4e67ebc0e97cef7aebd5fba6566bdc853bdc53a
1d5df4c08cc664b1096a7a4529a430d5881e3403603cf9987dcedfedc2f498e9
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
25355805f44af99037c6b951f9afd762f5fd74eb126aba4b2f82cafa563c0f90
259e42f5ee438954e07066e3ddd1ea722d64ea4a4da486ed0c4ff05810c76510
274892f0fb184c42092311f950da5209ce13a1075a24569aeae4ea10f6de0925
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2b70bc004d14621909f788a72c8c619293ded3e0458268933d52c2ab16608328
2c61363e9fdfb0a5195aba270cda7a621d51fe6aaa2c45b1f38111d165863f47
2eb6b8c3bcd2e94b7aa0434887e9c06f68def607b9144030bf4c0c10ba18f826
36f69faa3cbb30040e72ac3354367ded937084b50496c10609361f65856f5f7e
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
3a7b5f2e7e3fd51102d05b2706291210864e7890361d932311a18048073374ae
3df23b7494fb4954da70fedec0362c3083e8712d2f6a6cf2560fc79ef2ed8abc
406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5
460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff
46213a0adc56f9be456e4918e8d9e5f81e61736b47ae1befcc7d35ac3f491a58
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cfa14d3e84dcaa2f6be75f26fd62aa98b26560d80fa5500a1d9a34b63c6aaae
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55c9d64deb33d2861f3c2e5cc0c2e5035b52fcb9e5ffcf83a9ed28bc69f73cbe
592a30b3f5ffdaf659d0d5df2e5599afbe976c904c2a9a23b291cbf9cc48ed9c
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6424a276777843e184cd58a866136adec17697b54ed595a2d1a1990555c73c28
68124c6fde5add470cb672878882bf8f8f79daf0bbdcb86374f06128e2e0b00c
69f00feac75be895ae91d6640d8ef6b9c4458e26c1df034c6b448be424c838cc
6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037
714fdc8f45f2cffbe310f8437d1ee626a200c0814313f075afc8bca5ee093da6
7dca558b219d38f8feb7021e31466b26fccc157cbe9d94e9ac4f3ebd442617af
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
90296978da322c8d9f6770768f22ace58468ea72e4a115b21541de6eb6d00bce
9d64bf0c540a370613f5f26c55378245d606e4eefa43317280cb130941529b26
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a18aebfb22e1f1fa300b5094295fc551e8fc22c41e5171b6ae788eacedd9e62d
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b02a00d94c31613ccbcade7ddb4887b8d311e1f3b92a1b14ce8cca110931708d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b754b5fddee423c03eb5152a7557c9bf96cc9512f70282d98ebe0177cd907b5a
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bfc9e9f008087d660e704703f6588e40ab13d0c50ccdc549b4fe962d019fc0ad
c307135e5c747cb1f9fe99795b141ac66a54a3ddb642d9ca889701b71774a7b1
c4c865fbe662dd710dae3d06b8ab98adf88f9e6314d4e6a3771e42151b30b640
c66f2b53c6c0b3f177fcaea281313121c2ffa5710af46d82b97ae5c74b864062
cf43a103c37182df103a89f8d269e54be39dc2ff6d3b181dd4e5387f45a44fdc
d2e478e9fca1340650c89fc81c000a3ee36eeee8f361184668fd629ece6dd89b
d603d035c56b82d53625f5f04dfb7aad91e1c9f3fab5817d9e99214e66adf9fc
d62938006853ff9c2212be629591ca8d9afd1b4d5fc84db34dbe591e98457261
dbc581dee67efe316b8b8d22e4564470c979dbcf32f65b4439fc7e806d3aed74
de17bd4924cf4f37df1890d004e4d972fa7fce83bb13cbf4dfc7a456d67fe958
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c3dbbe7fd7e66ce1456d0a500996b3fe3fd4785ff1734c1b99032016055e8a
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

reurl.cc Open in urlscan Pro 35.185.130.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

119 Requests

92 %HTTPS

63 %IPv6

22 Domains

30 Subdomains

28 IPs

5 Countries

2711 kBTransfer

4778 kBSize

14 Cookies

18 Outgoing links

Page URL History

Redirected requests

119 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Screenshot
Live screenshot

Full Image

119
Requests

92 %
HTTPS

63 %
IPv6

22
Domains

30
Subdomains

28
IPs

5
Countries

2711 kB
Transfer

4778 kB
Size

14
Cookies

119 HTTP transactions
2 data transactions