reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reurl.cc/E44nYm
Submission: On January 22 via manual (January 22nd 2024, 9:45:24 pm UTC) from VE — Scanned from DE

Summary HTTP 306 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 67 IPs in 10 countries across 48 domains to perform 306 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 113735.
TLS certificate: Issued by R3 on January 17th 2024. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	35.185.130.121 35.185.130.121	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	34.149.98.30 34.149.98.30	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	203.66.35.74 203.66.35.74	3462 (HINET Dat...) (HINET Data Communication Business Group)
29	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 5	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	104.18.35.167 104.18.35.167	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.155.129.21 18.155.129.21	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.170.29.7 54.170.29.7	16509 (AMAZON-02) (AMAZON-02)
3	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
7	2600:9000:225... 2600:9000:2250:aa00:0:e06c:e940:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
42	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
9 15	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
4 8	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 8	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
1	116.50.36.71 116.50.36.71	18046 (DONGFONG-...) (DONGFONG-TW DongFong Technology Co. Ltd.)
2	35.79.48.13 35.79.48.13	16509 (AMAZON-02) (AMAZON-02)
1	34.95.67.231 34.95.67.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.73.17.154 35.73.17.154	16509 (AMAZON-02) (AMAZON-02)
10	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
1 2	35.201.76.93 35.201.76.93	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.227.249.156 35.227.249.156	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	52.69.87.178 52.69.87.178	16509 (AMAZON-02) (AMAZON-02)
2 6	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
4	167.235.11.39 167.235.11.39	24940 (HETZNER-AS) (HETZNER-AS)
23	192.229.233.6 192.229.233.6	15133 (EDGECAST) (EDGECAST)
8	65.21.233.17 65.21.233.17	24940 (HETZNER-AS) (HETZNER-AS)
2 4	35.190.36.98 35.190.36.98	15169 (GOOGLE) (GOOGLE)
2 2	172.105.221.29 172.105.221.29	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
8	2600:9000:215... 2600:9000:2156:0:15:157b:ff80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	23.35.237.56 23.35.237.56	16625 (AKAMAI-AS) (AKAMAI-AS)
17	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
1	35.244.196.223 35.244.196.223	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
2 2	18.197.162.124 18.197.162.124	16509 (AMAZON-02) (AMAZON-02)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
1	89.149.192.197 89.149.192.197	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
3	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	35.185.136.122 35.185.136.122	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:eec2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	61.216.47.122 61.216.47.122	3462 (HINET Dat...) (HINET Data Communication Business Group)
1	192.0.78.24 192.0.78.24	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.149.36.179 34.149.36.179	15169 (GOOGLE) (GOOGLE)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2600:9000:205... 2600:9000:2057:fc00:1e:5c56:d400:93a1	16509 (AMAZON-02) (AMAZON-02)
1	192.0.78.236 192.0.78.236	2635 (AUTOMATTIC) (AUTOMATTIC)
306	67

1 35.185.130.121 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.149.98.30 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 30.98.149.34.bc.googleusercontent.com

storage.reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 203.66.35.74 (Kaohsiung City, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-66-35-74.hinet-ip.hinet.net

ad-specs.guoshipartners.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scontent.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.35.167 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.129.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-129-21.cdg52.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.170.29.7 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-29-7.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:2250:aa00:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 142.250.184.194 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.64.151.101 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.173.215 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.50.36.71 (Taiwan)

ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW)

cm.lndata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.79.48.13 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-79-48-13.ap-northeast-1.compute.amazonaws.com

cm-dev-poc.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.67.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.67.95.34.bc.googleusercontent.com

fcm.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.73.17.154 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-73-17-154.ap-northeast-1.compute.amazonaws.com

fcm2.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
46db9d8e-8cd9-4642-83da-1262a2a053d7.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.76.93 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 93.76.201.35.bc.googleusercontent.com

c.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.249.156 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 156.249.227.35.bc.googleusercontent.com

m.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.69.87.178 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-69-87-178.ap-northeast-1.compute.amazonaws.com

ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.70 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 167.235.11.39 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.39.11.235.167.clients.your-server.de

ads.revjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 192.229.233.6 (United States)

ASN15133 (EDGECAST, US)

cdn.revjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 65.21.233.17 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.17.233.21.65.clients.your-server.de

pix.revjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.36.98 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 98.36.190.35.bc.googleusercontent.com

ad2.apx.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.105.221.29 (Tokyo, Japan) 2 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1875-29.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2156:0:15:157b:ff80:93a1 (United States)

ASN16509 (AMAZON-02, US)

img01.ztat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.237.56 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-56.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.196.223 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 223.196.244.35.bc.googleusercontent.com

storage.re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.162.124 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-162-124.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Loerrach, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.38.120.206 (Hessen, Germany) 1 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.149.192.197 (Bunschoten, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.185.136.122 (Taipei, Taiwan)

ASN15169 (GOOGLE, US)
PTR: 122.136.185.35.bc.googleusercontent.com

re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eec2 (United States)

ASN13335 (CLOUDFLARENET, US)

mma.prnasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 61.216.47.122 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 61-216-47-122.hinet-ip.hinet.net

img.racingcharger.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.24 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.36.179 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 179.36.149.34.bc.googleusercontent.com

www.rayskyinvest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:fc00:1e:5c56:d400:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.236 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

blog.alphaloan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	googlesyndication.com 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 157 pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com ade.googlesyndication.com — Cisco Umbrella Rank: 356	464 KB
43	doubleclick.net 11 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 stats.g.doubleclick.net — Cisco Umbrella Rank: 79 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 ad.doubleclick.net — Cisco Umbrella Rank: 163 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594	462 KB
35	revjet.com ads.revjet.com — Cisco Umbrella Rank: 6930 cdn.revjet.com — Cisco Umbrella Rank: 6513 pix.revjet.com — Cisco Umbrella Rank: 5747	1 MB
26	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 955 scontent.xx.fbcdn.net — Cisco Umbrella Rank: 480	579 KB
17	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	265 KB
16	holmesmind.com 1 redirects cdn.holmesmind.com — Cisco Umbrella Rank: 116829 cm-dev-poc.holmesmind.com — Cisco Umbrella Rank: 158186 fcm.holmesmind.com — Cisco Umbrella Rank: 202430 fcm2.holmesmind.com — Cisco Umbrella Rank: 126218 c.holmesmind.com — Cisco Umbrella Rank: 93644 m.holmesmind.com — Cisco Umbrella Rank: 183036 ad.holmesmind.com — Cisco Umbrella Rank: 90011	89 KB
10	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 83248 46db9d8e-8cd9-4642-83da-1262a2a053d7.t.ssp.hinet.net	7 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 410	207 KB
8	ztat.net img01.ztat.net — Cisco Umbrella Rank: 33615	99 KB
8	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	9 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	4 KB
8	google.com 2 redirects region1.analytics.google.com — Cisco Umbrella Rank: 2616 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	appier.net 4 redirects ad2.apx.appier.net — Cisco Umbrella Rank: 80987 gocm.c.appier.net — Cisco Umbrella Rank: 2934	2 KB
6	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1736 google-bidout-d.openx.net — Cisco Umbrella Rank: 1735 us-u.openx.net — Cisco Umbrella Rank: 524 rtb.openx.net — Cisco Umbrella Rank: 625	1 KB
6	reurl.cc reurl.cc — Cisco Umbrella Rank: 113735 storage.reurl.cc — Cisco Umbrella Rank: 413422	7 KB
5	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	27 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	260 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 423 mug.criteo.com — Cisco Umbrella Rank: 3123	7 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	147 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 875	2 KB
2	re-news.tw storage.re-news.tw re-news.tw	31 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1376	326 B
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1005 bcp.crwdcntrl.net — Cisco Umbrella Rank: 898	12 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6518	515 B
2	guoshipartners.com ad-specs.guoshipartners.com — Cisco Umbrella Rank: 155917	85 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 324	57 KB
1	alphaloan.co blog.alphaloan.co	181 KB
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 5688	248 KB
1	wp.com i0.wp.com — Cisco Umbrella Rank: 3696	46 KB
1	rayskyinvest.com www.rayskyinvest.com	749 KB
1	gbyhn.com.tw img.gbyhn.com.tw	108 KB
1	creditcards.com.tw creditcards.com.tw	124 KB
1	racingcharger.tw img.racingcharger.tw	132 KB
1	prnasia.com mma.prnasia.com — Cisco Umbrella Rank: 631159	88 KB
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 742	45 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 707	385 B
1	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 805	166 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1552	586 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 764	463 B
1	lndata.com cm.lndata.com — Cisco Umbrella Rank: 149167	470 B
1	gstatic.com fonts.gstatic.com	34 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	2 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2253	1 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1833	8 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1299	5 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 657	13 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	92 KB
306	48

	Domain	Requested by
42	pagead2.googlesyndication.com	39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com reurl.cc www.googletagservices.com securepubads.g.doubleclick.net 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com s0.2mdn.net
27	tpc.googlesyndication.com	reurl.cc 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com cdn.ampproject.org googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com s0.2mdn.net
24	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
23	cdn.revjet.com	ads.revjet.com srcdoc reurl.cc cdn.revjet.com
17	s0.2mdn.net	reurl.cc s0.2mdn.net
15	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
10	securepubads.g.doubleclick.net	reurl.cc securepubads.g.doubleclick.net www.googletagservices.com
8	img01.ztat.net	reurl.cc
8	pix.revjet.com	srcdoc 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com cdn.revjet.com
8	t.ssp.hinet.net	cdn.holmesmind.com t.ssp.hinet.net
8	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com reurl.cc pagead2.googlesyndication.com 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
7	cdn.holmesmind.com	securepubads.g.doubleclick.net cdn.holmesmind.com ad.holmesmind.com
6	ad.doubleclick.net	2 redirects 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com srcdoc
5	www.google.com	2 redirects reurl.cc tpc.googlesyndication.com
5	www.facebook.com	reurl.cc static.xx.fbcdn.net
5	storage.reurl.cc	reurl.cc
4	ad2.apx.appier.net	2 redirects reurl.cc
4	ads.revjet.com	39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com ads.revjet.com
4	www.googletagservices.com	securepubads.g.doubleclick.net 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
3	ade.googlesyndication.com	reurl.cc
3	39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	region1.analytics.google.com	www.googletagmanager.com
3	www.google-analytics.com	storage.reurl.cc www.google-analytics.com reurl.cc
3	connect.facebook.net	storage.reurl.cc connect.facebook.net fcm2.holmesmind.com
2	googleads4.g.doubleclick.net	reurl.cc
2	pm.w55c.net	2 redirects
2	scontent.xx.fbcdn.net	www.facebook.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	46db9d8e-8cd9-4642-83da-1262a2a053d7.t.ssp.hinet.net	reurl.cc
2	gocm.c.appier.net	2 redirects
2	ad.holmesmind.com	cdn.holmesmind.com
2	c.holmesmind.com	1 redirects cdn.holmesmind.com
2	cm-dev-poc.holmesmind.com	cdn.holmesmind.com
2	oajs.openx.net	1 redirects reurl.cc
2	gum.criteo.com	1 redirects static.criteo.net
2	www.google.de	reurl.cc
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	ad-specs.guoshipartners.com	reurl.cc
2	cdn.jsdelivr.net	reurl.cc
1	blog.alphaloan.co
1	static.wixstatic.com
1	i0.wp.com
1	www.rayskyinvest.com
1	img.gbyhn.com.tw
1	creditcards.com.tw
1	img.racingcharger.tw
1	mma.prnasia.com
1	re-news.tw
1	ssbsync.smartadserver.com	549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
1	onetag-sys.com	1 redirects
1	image6.pubmatic.com	549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
1	rtb.openx.net	549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
1	dsp.adfarm1.adition.com	1 redirects
1	cms.quantserve.com	549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
1	storage.re-news.tw	storage.reurl.cc
1	m.holmesmind.com	cdn.holmesmind.com
1	fcm2.holmesmind.com	cdn.holmesmind.com
1	fcm.holmesmind.com	cdn.holmesmind.com
1	cm.lndata.com	cdn.holmesmind.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	securepubads.g.doubleclick.net
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	reurl.cc
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	www.googletagmanager.com	reurl.cc
1	reurl.cc
306	76

This site contains links to these domains. Also see Links.

Domain
t.me
re-news.tw
youtils.cc
www.comptw.com
stockinfo.tw

Subject Issuer	Validity	Valid
reurl.cc R3	`2024-01-17` - `2024-04-16`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
storage.reurl.cc GTS CA 1D4	`2023-12-10` - `2024-03-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
ad-specs.guoshipartners.com Go Daddy Secure Certificate Authority - G2	`2024-01-02` - `2025-01-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-11-01` - `2024-01-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-15` - `2024-03-10`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-09-30`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-11-24` - `2024-02-22`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-12-23` - `2024-03-22`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2023-05-19` - `2024-06-19`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.lndata.com GeoTrust G5 TLS RSA4096 SHA384 2022 CA1	`2023-12-04` - `2024-12-07`	a year	crt.sh
*.t.ssp.hinet.net	`2023-04-06` - `2024-04-06`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.revjet.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-04-11`	a year	crt.sh
cdn.revjet.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-03-11`	a year	crt.sh
img01.ztat.net Amazon RSA 2048 M01	`2023-05-24` - `2024-06-21`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
teads.tv R3	`2024-01-22` - `2024-04-21`	3 months	crt.sh
storage.re-news.tw GTS CA 1D4	`2023-12-07` - `2024-03-06`	3 months	crt.sh
quantserve.com R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.smartadserver.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-01-17` - `2025-01-16`	a year	crt.sh
re-news.tw R3	`2023-12-28` - `2024-03-27`	3 months	crt.sh
*.prnasia.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-25` - `2024-11-24`	a year	crt.sh
img.racingcharger.tw cPanel, Inc. Certification Authority	`2024-01-07` - `2024-04-06`	3 months	crt.sh
tls.automattic.com R3	`2023-12-08` - `2024-03-07`	3 months	crt.sh
gbyhn.com.tw GTS CA 1P5	`2024-01-18` - `2024-04-17`	3 months	crt.sh
*.rayskyinvest.com R3	`2024-01-03` - `2024-04-02`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
*.wixstatic.com Sectigo RSA Domain Validation Secure Server CA	`2024-01-01` - `2024-06-29`	6 months	crt.sh

This page contains 34 frames:

Primary Page: https://reurl.cc/E44nYm
Frame ID: 19FB00430DCED68D3AB067FA3751E522
Requests: 48 HTTP requests in this frame

Frame: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E01FDC4E7817A01ECEF56B64376D3DCB
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc
Frame ID: A08DF6C516730BB4B9D1E732B8D48787
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: C746DF38E4EC6C23ED75FFFE4B712189
Requests: 1 HTTP requests in this frame

Frame: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4BE1EEF541A5A877F445D607599BD9E0
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012312191621000/amp4ads-v0.mjs
Frame ID: C83FE764BAFE6CDE43C9721C2174860D
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012312191621000/amp4ads-v0.mjs
Frame ID: 73D45EBC01051994839B04C1B646EDFC
Requests: 15 HTTP requests in this frame

Frame: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9724CB0270E85301A5B0F2D72A86A66E
Requests: 18 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssXwCIvGk_NThQfKeVjRaSspQzKlD-kGEKTgtl0t0LGMaVaTRolV85JT-EKAh-jTNFOsdP3DStgtFO1_9doS0igN9eG8wWUtYoRR1v5gKOXgVMHjo1k0GOxenRaftubREbiRVyrHGHfWr6ODy0tb4I7qo3O9tHz5Rm8ukonOzaViQE_6Iz2NLmj0N6QV1fmnXnKJBrG8x4JDjmpCmjOxQTewEksfU3GR7gvrD3G-qqolMT9rpKPdivXwGXrRRmh71BfeK4RnmB0-NT3mWKwQK_t9xBaq9Ukse15icbMgVyqDq8s0tFEbPsLfIPWIVkiD2O2ojipGXWSoXKdfCvxakVRhYrRUcGAJcDPFOAzYTr1THYU6-ztMVhzskTQG7SAzQClopmRDEbAyt8&sai=AMfl-YSNz0JfLAFHkS7jsRZErGDHzHFjnCD34BEVn3hQUkUeR_Iwnz9dqCsZySdR_BNDq-l23uCGa4W5rD1ePctnoF-iTPjXIQUPiPevgvl4FtZCcW3gjDHq-74McHWB14y-7-D7gtjxyBmfkP_vZJkuCXq6&sig=Cg0ArKJSzBG_M044sW4dEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 828442B53B7A8F3D6768698D2FA0931B
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGPCevYUCMAE&v=APEucNVZZ0qJ9sRc8213j8giQQ161CZ7gq5QNKYPmJNCjpJJP00y1scZ-OSkjIz6Zz2IopWHHclxwkP2O7k18dWRetpm5JWMxCK9zRpTs6ikKTozop5n0EVNPiuh0dYIbPaic-oXtEhuLpWTWGjxtYcQK405c5EnnZ7UB2OmbMCvwbyaEGrnOu4
Frame ID: 7CB1C041AC30B0C32EFF4C572795F1C6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGMDjvYUCMAE&v=APEucNUHCCzCYMojIjhM2zbfqualUchtZvJ_UiWaGyMC3b2DB1CMJbTjxRiuFLT7taQTjTu1xWXB3bGW_xx-29gaRBCisIiTKE_lqxmXsL9oIMGbIHlK8wLOSFyGNpWbdz95WbPdHH0O_O9xrrDLTFdBJNE-k-GN0mudkJWszaxne-b-sOe_-n4
Frame ID: 19388DFFCBCB1B4E41B0A8812FDF91F7
Requests: 5 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 7C5EC25EDE16E02951E6E9E27349C63D
Requests: 12 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: FE847E1C8F98ED92D12EA35D5EBF3881
Requests: 14 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 51A7C488F2567ED44AE5829FB8669FD5
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: AB7CA623E16122997255218D5DA8F136
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 77C7A74235CE7F6F1340092C5740B88B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 2714A3A5C6F84D86169B0D6852962784
Requests: 3 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
Frame ID: 9073B9C14D6287C7E71275D3F65D3AFB
Requests: 1 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
Frame ID: 1693AF094D81D9D97D33C51E4B9F2F69
Requests: 1 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Frame ID: D9401F7044434BB67C643E28F7E87631
Requests: 21 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Frame ID: F3B5B65FB8E1BC31CE511DFFFC9C35E9
Requests: 18 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 48DC14D0C07C7D99E17E273FFEBDE595
Requests: 6 HTTP requests in this frame

Frame: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Frame ID: E6A92311166C4DDB9FC3EE55643EA749
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B0699496845FBA3183F1049525E176A2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 615AEEE9E0A98DF5DA441026B593A22B
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FCreditCards.com.tw%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId
Frame ID: AEA704EFDC40AA9A67C953A272B42B67
Requests: 33 HTTP requests in this frame

Frame: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Frame ID: 3CDCC362C8D7D3BA25D76D2C921609FA
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYx-ziwAEwAQ&v=APEucNVgIiGip4dzSIGzHuqvUCTylfo0y6db3mYUs0MjPfVWfZ25_B8nlFqSKMn6VULfOHMYNPNYqaONHISuhen4h85zP-4LoiiwgnrOk_gtkNRWt8bVlL8XenmdXx9Wsz-BS4Vg0WVeM6TKgfkwCtpIe3Err3FZD65ICuZrOiVdgfmD_YewkRo
Frame ID: 5F365F5B07BBE08AAB8618B9764858D2
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3CDF9EE79300806EBA86CC9CEC624799
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 3E2FDEE6F66D3F88DBD4E2BCECD84AB8
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
Frame ID: 9B1E15343D72A9DBC186CC1DD081A1B8
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Frame ID: 599214BB9D4F4A1CB5B2388EB7493983
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 446A2E9EC6888926C2FFC584AF8E3C7F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7CD42CBD621B62275252A46AC52AABEF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

service Customer

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

306
Requests

92 %
HTTPS

39 %
IPv6

48
Domains

76
Subdomains

67
IPs

10
Countries

5987 kB
Transfer

12544 kB
Size

45
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://t.me/kf8801
Title: 是，保持前往

Search URL Search Domain Scan URL

URL: https://re-news.tw/renews/168

Search URL Search Domain Scan URL

URL: https://re-news.tw/prnasia/4317210_XG17210_2

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/46573

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/5311

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/53960

Search URL Search Domain Scan URL

URL: https://re-news.tw/rayskyinvest/101043

Search URL Search Domain Scan URL

URL: https://re-news.tw/golike/22073

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/6529021929c8b98fa9eb5390

Search URL Search Domain Scan URL

URL: https://re-news.tw/alphaloan/20451

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: 表情符號(emoji)

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: IP查詢

Search URL Search Domain Scan URL

URL: https://youtils.cc/big5gb
Title: 繁簡轉換

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QRCode

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: 身高/長度換算

Search URL Search Domain Scan URL

URL: https://www.comptw.com/
Title: 台灣公司查詢網

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: 台股資訊網

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: 字數統計

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: 日期計算機

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: 農曆轉國曆

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: UTM網址

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 31

https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FE44nYm&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FE44nYm&rid=esp&cc=1

Request Chain 33

https://gum.criteo.com/sid/json?origin=publishertagids&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=QseC0Hw0UC90d0FlYnlMQmlhOFlPUjNBN0QxMWoyaEloTE5Xc2xYUlBZMVBjaEJwN0NoQ2VsdDFuSjNLTXpOd243eEFQa1Y1cHlxVm9xUStYNE15L2VaKzZGOTB6OVBGL0hXcVJOb1Y3Zm1CVGdIRnZxNmtVN2dvYjlieDZUYmpVeDJpN3l6dU56UkR4b2IyN25YbldSdHRBQ3A1aEJxdTdZRDN5bkNEU3FmL1Z6dC80NUl6SmVXeExiUnN0MTRySGNQZFBqdy9lQkJQRVo0Uk8vNjBXU1NCSWcrTTBwVzF0Rzd1aUIzSm1jdjYvVGhTajRGaHQ3RVd0SnREMXJpN0R5cFNNa0M4VXhQZXFJUmk2aHVtRUdaWUVCQT09fA&cppv=2

Request Chain 73

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 74

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 77

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1

Request Chain 78

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za7h6pIDEu9jQTqYFJlyrgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1

Request Chain 79

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAXMjMa-qkbosubUXkKsCtA&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAXMjMa-qkbosubUXkKsCtA%26google_cver%3D1

Request Chain 80

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI4MDM4OTIzMzg3ODQxOTc0Mw%3D%3D

Request Chain 81

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1

Request Chain 82

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za7h6pIDEu9jQTqYFJlyrgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAXMjMa-qkbosubUXkKsCtA&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAXMjMa-qkbosubUXkKsCtA%26google_cver%3D1

Request Chain 84

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI4MDM4OTIzMzg3ODQxOTc0Mw%3D%3D

Request Chain 100

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEJi-z3Sey7T66MYm3TNVMOA&google_cver=1

Request Chain 129

https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359244711;dc_trk_aid=577601050;dc_trk_cid=208797659;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915076 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359244711;dc_pre=CNn7-_X78YMDFUeS_QcdX_MD6A;dc_trk_aid=577601050;dc_trk_cid=208797659;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915076

Request Chain 133

https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359132725;dc_trk_aid=577462376;dc_trk_cid=208799639;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915075 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359132725;dc_pre=CJm___X78YMDFd2k_QcdAvIBEg;dc_trk_aid=577462376;dc_trk_cid=208799639;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915075

Request Chain 159

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=yTOiXL1kDXyXR9F67OGuZQ

Request Chain 160

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=ihqAPOesBh28eqZ77OGuZQ

Request Chain 205

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEmqkqpoFKmO0lcQImcSj_c&google_cver=1

Request Chain 207

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDEhZL-8lrRMUS3ikBFgUMQ&google_cver=1

Request Chain 250

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEMY5RhPeQtx_0zYdO-ycAg4&google_cver=1&google_push=AXcoOmTLn0kI0CxTbn5Yxtu1lYxafiKpYLH2We5dtcojVmYYUKeypKJJ0mb5c1Rsei1nK2C169P8G2TCWAhh7jqbRpOQWBvR41Q2Wg HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEMY5RhPeQtx_0zYdO-ycAg4&google_cver=1&google_push=AXcoOmTLn0kI0CxTbn5Yxtu1lYxafiKpYLH2We5dtcojVmYYUKeypKJJ0mb5c1Rsei1nK2C169P8G2TCWAhh7jqbRpOQWBvR41Q2Wg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHNLeE1ZQ1MxUnMyNng1&google_gid=CAESEMY5RhPeQtx_0zYdO-ycAg4&google_cver=1&google_push=AXcoOmTLn0kI0CxTbn5Yxtu1lYxafiKpYLH2We5dtcojVmYYUKeypKJJ0mb5c1Rsei1nK2C169P8G2TCWAhh7jqbRpOQWBvR41Q2Wg

Request Chain 251

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEDBLMeU3SfFJPTyD6K5WXkM&google_cver=1&google_push=AXcoOmRhBbyLXq9o8AYOPAvqUyyTRAX1PGZOC_CsEIFRT1PRDu_gN676pwvN0GP7grie--KetmZOLkp2msYWz4hZXWghjkDiNN8WuQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyNzA0MjA1MTgxNzk5NDM4MA%3D%3D&google_push=AXcoOmRhBbyLXq9o8AYOPAvqUyyTRAX1PGZOC_CsEIFRT1PRDu_gN676pwvN0GP7grie--KetmZOLkp2msYWz4hZXWghjkDiNN8WuQ

Request Chain 254

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEclzPeDpQodca-RjBRL5pE&google_cver=1&google_push=AXcoOmSdF5TA_R5kPTbcpe_Vyk8DOq4DVvEv38fmSE5jrFQJk-wZNxHAA4Akz4O_x-DBhXEOCPnQKcqLfvrsNVo-RESzXjvDDdhC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSdF5TA_R5kPTbcpe_Vyk8DOq4DVvEv38fmSE5jrFQJk-wZNxHAA4Akz4O_x-DBhXEOCPnQKcqLfvrsNVo-RESzXjvDDdhC

306 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request E44nYm Show response
reurl.cc/ 17 KB
4 KB 615ms
201ms Document
text/html 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: ffd5ab38e5eb365c61b8cf48354ebf18bb8a517544289583baa8e5d03788a3f6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 22 Jan 2024 21:45:12 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx/1.18.0 (Ubuntu)
target: https://t.me/kf8801
vary: Accept-Encoding Origin
x-request-id: 290a017d-96df-433e-998f-d3b008c838d1

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
25 KB 49ms
20ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4815645
x-jsd-version: 4.3.1
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230044-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FNwQrKwJqqxnz5YgNQlrUrBwfpisLX%2F39k0A3G7vRz1ATHNHTH4iz2NR7vh7fCR%2FJkbbRI9oDcqcNEoZ8VmzFaYe%2Bs6TFeIefuCd3PBlpV2TAa%2BkBZ6oUo%2BdD3V0UNwOQd27gpVJAZ%2BpstOW5Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 849afb90bbb12bdc-FRA

GET
H2 200 style.css
storage.reurl.cc/stylesheets/rwd/ 2 KB
1013 B 82ms
24ms Stylesheet
text/css 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/stylesheets/rwd/style.css?v=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 16:01:23 GMT
content-encoding: gzip
via: 1.1 google
age: 20630
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 904
x-request-id: 8d9b6888-801f-48bd-a6d7-852eed1094b3
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 pixel.js Show response
storage.reurl.cc/javascripts/ 429 B
529 B 16ms
14ms Script
text/javascript 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/javascripts/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:48:29 GMT
via: 1.1 google
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
age: 10604
vary: Origin
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
access-control-allow-credentials: true
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 429
x-request-id: 01e2086c-15da-4a8e-8a8f-60289d33ea05

GET
H2 200 ga2.js Show response
storage.reurl.cc/javascripts/ 536 B
631 B 16ms
15ms Script
text/javascript 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/javascripts/ga2.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 15:34:06 GMT
via: 1.1 google
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
age: 22267
vary: Origin
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
access-control-allow-credentials: true
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 536
x-request-id: 94c93b91-3ea3-4c22-9f55-1999b4f1a5fb

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 280 KB
92 KB 49ms
25ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

446fc7d126ed25e3ccf4a8619ced94dc10e4b41154bb0fea672b8100ff77e739

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94152
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Jan 2024 21:45:13 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 98 KB
30 KB 135ms
100ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5d09e4a2f975bd3b1d2467607c33d0c3ab7c493498d2e21c751f25fadd9746a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29749
x-xss-protection: 0
server: cafe
etag: 706 / 19744 / m202401180101 / config-hash: 7236807561734687694
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:45:13 GMT

GET
H2 200 onead-lib.min.js Show response
ad-specs.guoshipartners.com/static/js/ 155 KB
43 KB 3823ms
470ms Script
application/javascript 203.66.35.74
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 203.66.35.74 Kaohsiung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-66-35-74.hinet-ip.hinet.net
Software: HiNetCDN/2310 / OneAD
Resource Hash: aee1b6c4bde47d675127a7e2d8ba6beee16eb24fdaf6aa66ae6f0dd667e2c916

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
via: 1.1 google
content-encoding: br
age: 0
x-powered-by: OneAD
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
last-modified: Tue, 16 Jan 2024 09:14:43 GMT
server: HiNetCDN/2310
etag: W/"65a64903-26b54"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-varnish: 15851965
cache-control: public, max-age=360
access-control-allow-credentials: true

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 84 KB
32 KB 49ms
24ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4651471
x-jsd-version: 2.5.16
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230021-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T2Irb1KBQK0FT%2FcPem6h7oz%2Bu5CnLLB6SNLtE3NSa%2Bj9Fv%2B7jprbkiiNRxTmXvSKiECao2tN%2BvdRzMEgq0iTCm0EzGCXmy88GheX1%2B%2FqgSwOdJJ4SC9uEy4qpXmCFlC0n0VfH4%2B2xXHcfcgdTrw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 849afb90bbb62bdc-FRA

GET
H2 200 renews.js Show response
storage.reurl.cc/javascripts/ 412 B
381 B 344ms
289ms Script
text/javascript 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/javascripts/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 52bb2d07b65ec544edeb2a33f4103397a28f036f0d100090f3e17e4364aea1fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:42:59 GMT
content-encoding: gzip
via: 1.1 google
age: 10934
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 286
x-request-id: 2fa23095-02c7-4203-84ea-384028500bea
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 loading.js Show response
storage.reurl.cc/javascripts/ 134 B
484 B 70ms
15ms Script
text/javascript 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/javascripts/loading.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 16:01:23 GMT
content-encoding: gzip
via: 1.1 google
age: 20630
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134
x-request-id: da992e9b-4f07-4343-b17b-1832013ffe42
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 213 KB
57 KB 25ms
8ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/pixel.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d7800992c70337710a800628bad888bebad0a275102de46a3370179e373c034b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 22 Jan 2024 21:45:13 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57022
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 2JwQzBj79pCJBya7kfBB4TP9SF9kh0+0cNoaLf5HOxp3yCBwuCN56aG1WmYeZkztmPsIZI0WpT0lzDGLdMSaMA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/ga2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 19:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 7024
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 22 Jan 2024 21:48:09 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
142 B 17ms
16ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=129541847&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FE44nYm&ul=en-us&de=UTF-8&dt=service%20Customer&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=617325691&gjid=259144536&cid=1982044936.1705959913&tid=UA-102456694-1&_gid=439255793.1705959913&_r=1&_slc=1&z=984390675

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/E44nYm
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 8ms
7ms Image
image/gif 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=129541847&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FE44nYm&ul=en-us&de=UTF-8&dt=service%20Customer&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=5&el=MTc4LjE2Mi4yMDkuMTM0&ev=1&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1982044936.1705959913&tid=UA-102456694-1&_gid=439255793.1705959913&z=435582298

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 18:43:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 10917
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 130 KB
34 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.142&r=stable&domain=reurl.cc

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0e3979b319c1ce95b982c3887be47e9fe05f2e8e18020cbda37bc1fa71e37472

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 22 Jan 2024 21:45:13 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 34486
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 7OdRz2vuYG8qzrfGIefHrxi+ANglZe+e62Mv0eJhq4kg+cgrGhDFWxWTXMqFpC9MdrXfTpo/X8KdNzmakvCxkw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
344 B 52ms
17ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-102456694-1&cid=1982044936.1705959913&jid=617325691&gjid=259144536&_gid=439255793.1705959913&_u=IEBAAEAAAAAAACAAI~&z=689539077

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/E44nYm
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 22 Jan 2024 21:45:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
249 B 37ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je41h0v897965293&_p=1705959913141&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1982044936.1705959913&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1705959913&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FE44nYm&dt=service%20Customer&en=page_view&_fv=1&_ss=1&_ee=1&tfd=849
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 19ms
18ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N394QBRGC0&cid=1982044936.1705959913&gtm=45je41h0v897965293&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 62ms
19ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-N394QBRGC0&cid=1982044936.1705959913&gtm=45je41h0v897965293&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=2030523016

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 27ms
9ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1705959913290&sw=1600&sh=1200&v=2.9.142&r=stable&ec=0&o=4124&fbp=fb.1.1705959913288.795790920&cs_est=true&pm=1&hrl=28f543&ler=empty&it=1705959913230&coo=false&cs_cc=1&exp=d2&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 22 Jan 2024 21:45:13 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 75ms
30ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102456694-1&cid=1982044936.1705959913&jid=617325691&_u=IEBAAEAAAAAAACAAI~&z=319923051

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 41ms
19ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102456694-1&cid=1982044936.1705959913&jid=617325691&_u=IEBAAEAAAAAAACAAI~&z=319923051

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/ 430 KB
135 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dd0b5724f4bbac4bd58de274236fce36135ce302364b3b8ff5c4c3631e81139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 13:04:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31237
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138095
x-xss-protection: 0
server: cafe
etag: 16105826302836755247
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 21 Jan 2025 13:04:36 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 41 KB
13 KB 62ms
21ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

885cb38c43b35c7ff9befe60f6c96f653d15befa0770f5f2ea0ea5cbc5d03a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 18 Jan 2024 07:12:05 GMT
server: nginx
etag: W/"65a8cf45-a585"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 23 Jan 2024 21:45:13 GMT

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 11 KB
5 KB 56ms
20ms Script
application/javascript 104.18.35.167
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.35.167 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:13 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 20 Dec 2023 19:21:40 GMT
server: cloudflare
age: 437986
etag: W/"65833ec4-2d18"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 849afb92eaff3662-FRA
expires: Thu, 25 Jan 2024 21:45:13 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 63ms
16ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 02:52:30 GMT
content-encoding: gzip
age: 845563
x-guploader-uploadid: ABPtcPrfDLHYW-2je5TO8TgEVSN69n34PB-wROqR35J4UhqwbiNuRlE14A2E8AkYCR67tARn77U
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Sun, 12 Jan 2025 02:52:30 GMT

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 76ms
26ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:13 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 941d3a25c0207bae5832d54b0f54f17f
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 63ms
19ms Script
text/javascript 18.155.129.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.129.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-129-21.cdg52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 05:37:13 GMT
content-encoding: gzip
via: 1.1 6bbb2da0f4f203dadcd8f0ae1073d674.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: CDG52-P4
age: 58081
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: x6_HtHOOR25HyrWKl6oROfDM5FDNGfA0KMQQWIUKQa6dXlePxR7cAQ==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 185 KB
40 KB 894ms
894ms Fetch
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1612628472538128&correlator=1738168432560727&eid=31080587%2C31079724&output=ldjh&gdfp_req=1&vrg=202401180101&ptt=17&impl=fifs&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C13847%2C13848%2C13856%2C14210%2C14209&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6&prev_iu_szs=728x90%7C970x90%2C300x250%2C300x250%2C300x250%2C1x1%7C320x50%7C300x100%7C320x100&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1705959913377&lmt=1705959913&adxs=245%2C1005%2C245%2C625%2C245&adys=687%2C108%2C108%2C108%2C358&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C0%7C0&ucis=1%7C2%7C3%7C4%7C5&oid=2&tos=~~~~&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FE44nYm&vis=1&psz=1140x90%7C380x250%7C380x250%7C380x250%7C1140x50&msz=1110x90%7C350x250%7C350x250%7C350x250%7C1110x50&fws=0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0&ga_vid=1982044936.1705959913&ga_sid=1705959913&ga_hid=129541847&ga_fc=true&dlt=1705959913045&idt=299&adks=81851380%2C1451399479%2C827794272%2C3242553145%2C3271617715&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d85c2a791bc239832bdd2f1b17db4308cfde1a4c8980e023b24f1fc00f3d382a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41331
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,6297899953
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-1,138432362607
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E01F 6 KB
3 KB 76ms
15ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:13 GMT
expires: Tue, 21 Jan 2025 21:45:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame A08D 14 KB
6 KB 42ms
14ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ff9ce35d5fae856bab207c9f8d8eb3dff6354f007ea9f9b9a32f5cc018d52876

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:12 GMT
server: Kestrel
server-processing-duration-in-ticks: 377859
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FE44nYm&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FE44nYm&rid=esp&cc=1

85 B
192 B

124ms
121ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Freurl.cc%2FE44nYm&rid=esp&cc=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: cf5de34ab663c557d25b498f7b00b2236bff9e01ac6333e40afe537625c9635e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:13 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-gA2asiDGha123MV0XzJ90QTP0FQ"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Mon, 22 Jan 2024 21:45:13 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://reurl.cc
location: /esp?url=https%3A%2F%2Freurl.cc%2FE44nYm&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
330 B 104ms
32ms XHR
application/json 54.170.29.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.29.7 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-29-7.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 8271b841e73750bcf9a779c03f54f06281398d46633b247813d5fe3421b95021

Request headers

Referer: https://reurl.cc/E44nYm
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:13 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://reurl.cc
cache-control: no-cache
x-server: 10.45.21.105
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame A08D
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=reurl.cc&sn=ChromeSyncframe&so=0&topUrl=reurl.cc&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=QseC0Hw0UC90d0FlYnlMQmlhOFlPUjNBN0QxMWoyaEloTE5Xc2xYUlBZMVBjaEJwN0NoQ2VsdDFuSjNLTXpOd243eEFQa1Y1cHlxVm9xUStYNE15L2VaKzZGOTB6OVBGL0hXcVJOb1Y3Zm1CVGdIRnZxNmtVN2dvYjlieD...

436 B
658 B

15ms
14ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=QseC0Hw0UC90d0FlYnlMQmlhOFlPUjNBN0QxMWoyaEloTE5Xc2xYUlBZMVBjaEJwN0NoQ2VsdDFuSjNLTXpOd243eEFQa1Y1cHlxVm9xUStYNE15L2VaKzZGOTB6OVBGL0hXcVJOb1Y3Zm1CVGdIRnZxNmtVN2dvYjlieDZUYmpVeDJpN3l6dU56UkR4b2IyN25YbldSdHRBQ3A1aEJxdTdZRDN5bkNEU3FmL1Z6dC80NUl6SmVXeExiUnN0MTRySGNQZFBqdy9lQkJQRVo0Uk8vNjBXU1NCSWcrTTBwVzF0Rzd1aUIzSm1jdjYvVGhTajRGaHQ3RVd0SnREMXJpN0R5cFNNa0M4VXhQZXFJUmk2aHVtRUdaWUVCQT09fA&cppv=2

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f34428f898fb63f420d9774acf1c03f09623569d0d764e9b76c43d4d29752326

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:12 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1586828
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:12 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=QseC0Hw0UC90d0FlYnlMQmlhOFlPUjNBN0QxMWoyaEloTE5Xc2xYUlBZMVBjaEJwN0NoQ2VsdDFuSjNLTXpOd243eEFQa1Y1cHlxVm9xUStYNE15L2VaKzZGOTB6OVBGL0hXcVJOb1Y3Zm1CVGdIRnZxNmtVN2dvYjlieDZUYmpVeDJpN3l6dU56UkR4b2IyN25YbldSdHRBQ3A1aEJxdTdZRDN5bkNEU3FmL1Z6dC80NUl6SmVXeExiUnN0MTRySGNQZFBqdy9lQkJQRVo0Uk8vNjBXU1NCSWcrTTBwVzF0Rzd1aUIzSm1jdjYvVGhTajRGaHQ3RVd0SnREMXJpN0R5cFNNa0M4VXhQZXFJUmk2aHVtRUdaWUVCQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 412965
content-length: 0
expires: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame C746 199 B
298 B 71ms
19ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 151
content-type: text/html
date: Mon, 22 Jan 2024 21:45:13 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 container.html Show response
39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4BE1 6 KB
3 KB 11ms
9ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:13 GMT
expires: Tue, 21 Jan 2025 21:45:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012312191621000/ Frame C83F 196 KB
56 KB 84ms
9ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5ef37381138e5c82aba1b09a5e9cb76a193c998e80f09e9ec9cdb8c0eac8e17

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56099
x-xss-protection: 0
server: sffe
etag: "b4f73150f1481343"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame C83F 15 KB
5 KB 107ms
33ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

291ad59350731069a43cb924ae03eba4174c9157dbb1434679298877141e1fbb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5228
x-xss-protection: 0
server: sffe
etag: "1615cf8c9658662f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame C83F 95 KB
28 KB 109ms
34ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c57e30f3e3440754bfd9c14304db0781d0d1226d5a3b093a4ed015f5007d5c62

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29030
x-xss-protection: 0
server: sffe
etag: "4993b3249a87fa76"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame C83F 5 KB
2 KB 113ms
39ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca848bb459064d2d0a527bd0840ec4cbdea5545ab07b8dc7ebb61c8d0cb1a954

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1930
x-xss-protection: 0
server: sffe
etag: "09131eec19261354"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame C83F 40 KB
13 KB 111ms
37ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

febaf4a1ace567d9e1c2a64b9721eaa47cb418db39c8869b38ecd480bdfde322

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12961
x-xss-protection: 0
server: sffe
etag: "b1091b2fa725aeb2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C83F 14 KB
2 KB 89ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Jan 2024 21:45:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 20:19:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Jan 2024 21:45:14 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012312191621000/ Frame 73D4 196 KB
55 KB 80ms
20ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5ef37381138e5c82aba1b09a5e9cb76a193c998e80f09e9ec9cdb8c0eac8e17

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56099
x-xss-protection: 0
server: sffe
etag: "b4f73150f1481343"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame 73D4 15 KB
5 KB 29ms
25ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

291ad59350731069a43cb924ae03eba4174c9157dbb1434679298877141e1fbb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5228
x-xss-protection: 0
server: sffe
etag: "1615cf8c9658662f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame 73D4 95 KB
28 KB 29ms
26ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c57e30f3e3440754bfd9c14304db0781d0d1226d5a3b093a4ed015f5007d5c62

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29030
x-xss-protection: 0
server: sffe
etag: "4993b3249a87fa76"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame 73D4 5 KB
2 KB 32ms
30ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca848bb459064d2d0a527bd0840ec4cbdea5545ab07b8dc7ebb61c8d0cb1a954

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1930
x-xss-protection: 0
server: sffe
etag: "09131eec19261354"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame 73D4 40 KB
13 KB 34ms
31ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

febaf4a1ace567d9e1c2a64b9721eaa47cb418db39c8869b38ecd480bdfde322

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 17 Jan 2024 20:11:52 GMT
age: 437602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12961
x-xss-protection: 0
server: sffe
etag: "b1091b2fa725aeb2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Jan 2025 20:11:52 GMT

GET
DATA 200
OK truncated
/ Frame 73D4 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c62a99738ed2783dac6ea4e44d47cd1402c5431a96b003ca821c35ca7169a258

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 container.html Show response
39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9724 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:13 GMT
expires: Tue, 21 Jan 2025 21:45:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8284 0
0 43ms
42ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssXwCIvGk_NThQfKeVjRaSspQzKlD-kGEKTgtl0t0LGMaVaTRolV85JT-EKAh-jTNFOsdP3DStgtFO1_9doS0igN9eG8wWUtYoRR1v5gKOXgVMHjo1k0GOxenRaftubREbiRVyrHGHfWr6ODy0tb4I7qo3O9tHz5Rm8ukonOzaViQE_6Iz2NLmj0N6QV1fmnXnKJBrG8x4JDjmpCmjOxQTewEksfU3GR7gvrD3G-qqolMT9rpKPdivXwGXrRRmh71BfeK4RnmB0-NT3mWKwQK_t9xBaq9Ukse15icbMgVyqDq8s0tFEbPsLfIPWIVkiD2O2ojipGXWSoXKdfCvxakVRhYrRUcGAJcDPFOAzYTr1THYU6-ztMVhzskTQG7SAzQClopmRDEbAyt8&sai=AMfl-YSNz0JfLAFHkS7jsRZErGDHzHFjnCD34BEVn3hQUkUeR_Iwnz9dqCsZySdR_BNDq-l23uCGa4W5rD1ePctnoF-iTPjXIQUPiPevgvl4FtZCcW3gjDHq-74McHWB14y-7-D7gtjxyBmfkP_vZJkuCXq6&sig=Cg0ArKJSzBG_M044sW4dEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 22 Jan 2024 21:45:14 GMT

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame 8284 9 KB
10 KB 106ms
24ms Script
application/javascript 2600:9000:2250:aa00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:aa00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: kqwLJ6.9f5_e_Sr69Yo8hHbOs4Gt6EPi
date: Mon, 22 Jan 2024 21:45:14 GMT
via: 1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront)
last-modified: Wed, 15 Nov 2023 00:04:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 8
x-amz-server-side-encryption: AES256
etag: "2b18447e41c64d14195cefd72eb57400"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 9645
x-amz-cf-id: DSOaegHSp_h-FE5ADP3MIEMFqZ1Z5LBKwQGpSzRuWhUbw6a23a9yEg==

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8284 206 KB
65 KB 80ms
45ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:45:14 GMT

GET
H2 200 zh_tw.png
tpc.googlesyndication.com/pagead/images/abg/ Frame C83F 3 KB
3 KB 49ms
10ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/zh_tw.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a956a6fe1ee57805393bf1781b32486b4ed9ca402a04320280e59a18bc348a87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:11:37 GMT
x-content-type-options: nosniff
server: cafe
age: 2017
etag: 7688947696963022458
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3430
x-xss-protection: 0
expires: Tue, 23 Jan 2024 21:11:37 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame C83F 344 B
714 B 47ms
9ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 21:51:44 GMT
x-content-type-options: nosniff
server: cafe
age: 86010
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Mon, 22 Jan 2024 21:51:44 GMT

GET
H2 200 6537233882389388812
tpc.googlesyndication.com/simgad/ Frame 73D4 24 KB
25 KB 51ms
12ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6537233882389388812?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkqnJMb__ljEsSfrA6dhUWYpirX5g

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e44b4d77b271b6595bfed67b604e1dbbcb99906e6eed0844efcfc3f762a2c1a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 03:32:03 GMT
x-content-type-options: nosniff
age: 238391
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24806
x-xss-protection: 0
last-modified: Fri, 10 Nov 2023 14:07:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 19 Jan 2025 03:32:03 GMT

GET
H2 200 zh_tw.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 73D4 3 KB
3 KB 50ms
11ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/zh_tw.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a956a6fe1ee57805393bf1781b32486b4ed9ca402a04320280e59a18bc348a87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:11:37 GMT
x-content-type-options: nosniff
server: cafe
age: 2017
etag: 7688947696963022458
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3430
x-xss-protection: 0
expires: Tue, 23 Jan 2024 21:11:37 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 73D4 344 B
402 B 49ms
10ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 21:51:44 GMT
x-content-type-options: nosniff
server: cafe
age: 86010
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Mon, 22 Jan 2024 21:51:44 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 17ms
16ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je41h0v897965293&_p=1705959913141&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1982044936.1705959913&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1705959913&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FE44nYm&dt=service%20Customer&en=scroll&epn.percent_scrolled=90&_et=4&tfd=1960
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C83F 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b74e5ab38a474ea9c30e80d6f3cefb0b5c5201118325b037fa032994fd7c9d40

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame C83F 33 KB
34 KB 38ms
8ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://reurl.cc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 00:19:37 GMT
x-content-type-options: nosniff
age: 595537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jan 2025 00:19:37 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7CB1 624 B
577 B 73ms
45ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGPCevYUCMAE&v=APEucNVZZ0qJ9sRc8213j8giQQ161CZ7gq5QNKYPmJNCjpJJP00y1scZ-OSkjIz6Zz2IopWHHclxwkP2O7k18dWRetpm5JWMxCK9zRpTs6ikKTozop5n0EVNPiuh0dYIbPaic-oXtEhuLpWTWGjxtYcQK405c5EnnZ7UB2OmbMCvwbyaEGrnOu4

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4BE1 89 KB
31 KB 164ms
130ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:45:14 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4BE1 42 B
401 B 73ms
39ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CU89nViRIisZfSoCpvgizkEmBoQmpZcv-ZxbcXB7X7NuTe1Uey8jKnNvhrqQwcksXu0Dyt373aJFWgwq9eu3sOkTKPQHUAuZ_kNdQB_n3SuDWnN3U

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 4BE1 3 KB
1 KB 10ms
5ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:41:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43429
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 09:41:25 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 4BE1 20 KB
8 KB 8ms
4ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11757
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4BE1 206 KB
65 KB 47ms
43ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:45:14 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1938 624 B
285 B 70ms
45ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGMDjvYUCMAE&v=APEucNUHCCzCYMojIjhM2zbfqualUchtZvJ_UiWaGyMC3b2DB1CMJbTjxRiuFLT7taQTjTu1xWXB3bGW_xx-29gaRBCisIiTKE_lqxmXsL9oIMGbIHlK8wLOSFyGNpWbdz95WbPdHH0O_O9xrrDLTFdBJNE-k-GN0mudkJWszaxne-b-sOe_-n4

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9724 89 KB
31 KB 117ms
87ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:45:14 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9724 42 B
107 B 69ms
40ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DOecYH9pi82iIr7SFTM84D1qBdfB82tuHbxjXEIDVgQzvM7K6I9zmTdQWCy5Ec_sMHB313qvxn8a2I9fjGj3LA11bB9uhL5DLYBTwyuk3LTVfTRMg

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 9724 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:41:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43429
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 09:41:25 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 9724 20 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11757
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9724 206 KB
65 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:45:14 GMT

GET
DATA 200
OK truncated
/ Frame 8284 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69528e3dfd2b91eedc2bf69f141a51cd73e1e28ed16f8bfc5f10de0e7a3c5200

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame C83F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

16ms
16ms

Image
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Redirect headers

date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 73D4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

25ms
24ms

Image
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Redirect headers

date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 7C5E 10 KB
10 KB 15ms
15ms Document
text/html 2600:9000:2250:aa00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:aa00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 569cde2a2d9c46b8a90a8c4296aa45d9f52a146d7b075f9e5dba7fcc2f03ce2c

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17
content-length: 9921
content-type: text/html
date: Mon, 22 Jan 2024 21:44:58 GMT
etag: "d9100a146ee339f43d0752ef9c998a0d"
last-modified: Tue, 17 Oct 2023 03:41:19 GMT
server: AmazonS3
via: 1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront)
x-amz-cf-id: LBsYPIx8HTuhb0UCXgm32RSSdeqQ9ZWDJMuJUSM4vOz7ITznjml01g==
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: TarNhskOd4wxrR7dgXgmC4vTJkUNVmiW
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame FE84 11 KB
11 KB 15ms
14ms Script
application/javascript 2600:9000:2250:aa00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:aa00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 40e339b39ab5229aa56624c7df0f88a60ceb6ddce68f0b98b968d8644892af38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: sUewYZ164bQu5qk_dMgvLFORn.sMjJoF
date: Mon, 22 Jan 2024 21:45:14 GMT
via: 1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront)
last-modified: Mon, 04 Dec 2023 05:41:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 7
x-amz-server-side-encryption: AES256
etag: "f4a52d8d8c27ce73cc789edbfef51e62"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 10828
x-amz-cf-id: E2JtP51ULBDv-h8d-jIJwnoAYwBvLzl9Ea8VSZrKKoNuArpgm501Zg==

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 7CB1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1

43 B
326 B

26ms
25ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGPCevYUCMAE&v=APEucNVZZ0qJ9sRc8213j8giQQ161CZ7gq5QNKYPmJNCjpJJP00y1scZ-OSkjIz6Zz2IopWHHclxwkP2O7k18dWRetpm5JWMxCK9zRpTs6ikKTozop5n0EVNPiuh0dYIbPaic-oXtEhuLpWTWGjxtYcQK405c5EnnZ7UB2OmbMCvwbyaEGrnOu4
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ufYjbLLMnU39POmpTD4DDMZJuJO4SqDUNQZihGyHS7Y1pseYlNHaBIT0xKzmrGeNo88EDvzWJIpKVFP5%2B981C3Btx8KB7vHjdGs20k4Asjzsm5yruO2sTwPVb%2FJSwcKot%2BslHHys8Fmbuw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 849afb9afe3c1c07-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7CB1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za7h6pIDEu9jQTqYFJlyrgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1

43 B
734 B

27ms
27ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGPCevYUCMAE&v=APEucNVZZ0qJ9sRc8213j8giQQ161CZ7gq5QNKYPmJNCjpJJP00y1scZ-OSkjIz6Zz2IopWHHclxwkP2O7k18dWRetpm5JWMxCK9zRpTs6ikKTozop5n0EVNPiuh0dYIbPaic-oXtEhuLpWTWGjxtYcQK405c5EnnZ7UB2OmbMCvwbyaEGrnOu4
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7vVuH8RL0DRtzS5VrnPbwrwjDDK1BcG14R8JNHDPL8RT2qicZkKcBrHVX3okGEL88isN3Lhj%2BfcTQR1kPb4KorRiCspE9H5%2FxSgb93mCx%2Fwdflr8eOdpm%2F8OpfTGKgNHHLEIYiy8o7Yqg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 849afb9b3b4203d0-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 7CB1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAXMjMa-qkbosubUXkKsCtA&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAXMjMa-qkbosubUXkKsCtA%26google_cver%3D1

43 B
1 KB

170ms
169ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAXMjMa-qkbosubUXkKsCtA%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGPCevYUCMAE&v=APEucNVZZ0qJ9sRc8213j8giQQ161CZ7gq5QNKYPmJNCjpJJP00y1scZ-OSkjIz6Zz2IopWHHclxwkP2O7k18dWRetpm5JWMxCK9zRpTs6ikKTozop5n0EVNPiuh0dYIbPaic-oXtEhuLpWTWGjxtYcQK405c5EnnZ7UB2OmbMCvwbyaEGrnOu4

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
an-x-request-uuid: 4f399951-850f-4269-8f44-dde4e0ed8f95
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 178.162.209.134; 178.162.209.134; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
an-x-request-uuid: 3248626e-3c65-4ef1-bfc8-4fab5e02efb7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAXMjMa-qkbosubUXkKsCtA%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.209.134; 178.162.209.134; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7CB1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI4MDM4OTIzMzg3ODQxOTc0Mw%3D%3D

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI4MDM4OTIzMzg3ODQxOTc0Mw%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
an-x-request-uuid: 83f1ce83-bc2b-4b46-855c-700196e2902a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI4MDM4OTIzMzg3ODQxOTc0Mw%3D%3D
x-proxy-origin: 178.162.209.134; 178.162.209.134; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 1938
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1

43 B
333 B

20ms
19ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGMDjvYUCMAE&v=APEucNUHCCzCYMojIjhM2zbfqualUchtZvJ_UiWaGyMC3b2DB1CMJbTjxRiuFLT7taQTjTu1xWXB3bGW_xx-29gaRBCisIiTKE_lqxmXsL9oIMGbIHlK8wLOSFyGNpWbdz95WbPdHH0O_O9xrrDLTFdBJNE-k-GN0mudkJWszaxne-b-sOe_-n4
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6tz0WbULPaaHN0QXz6VQFVPyYeuHMjGTklo13rnFq3xFDtvli1acyySJH3jKeOCTRa0xx97C0hUWs9FB080IoNJ6z37DV4oc4%2FSvaHuMp325XWa8VpRS4KpSJrTikpSZJ9T7HQc7DcLQrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 849afb9afe3d1c07-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1938
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za7h6pIDEu9jQTqYFJlyrgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1

43 B
768 B

25ms
24ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGMDjvYUCMAE&v=APEucNUHCCzCYMojIjhM2zbfqualUchtZvJ_UiWaGyMC3b2DB1CMJbTjxRiuFLT7taQTjTu1xWXB3bGW_xx-29gaRBCisIiTKE_lqxmXsL9oIMGbIHlK8wLOSFyGNpWbdz95WbPdHH0O_O9xrrDLTFdBJNE-k-GN0mudkJWszaxne-b-sOe_-n4
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tL4AABYqFnkmUlnpTGYq5eUkPw15wkmJ5CA9ettr67GGNinROclrHt7CiOXbXgwUDO79YeWqKW78R01n3MGESRegE5ndeXJCMMRmXd2DMwTnzE3j0w8Ct%2FZkhjIsfJR%2BRTGUxnjVkUBPaA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 849afb9b3b4103d0-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ995OwHDCOTw1qmDzsLxvI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 1938
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAXMjMa-qkbosubUXkKsCtA&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAXMjMa-qkbosubUXkKsCtA%26google_cver%3D1

43 B
1 KB

51ms
50ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAXMjMa-qkbosubUXkKsCtA%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGMDjvYUCMAE&v=APEucNUHCCzCYMojIjhM2zbfqualUchtZvJ_UiWaGyMC3b2DB1CMJbTjxRiuFLT7taQTjTu1xWXB3bGW_xx-29gaRBCisIiTKE_lqxmXsL9oIMGbIHlK8wLOSFyGNpWbdz95WbPdHH0O_O9xrrDLTFdBJNE-k-GN0mudkJWszaxne-b-sOe_-n4

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
an-x-request-uuid: 43bddb9a-4424-4844-878f-176db5306826
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 178.162.209.134; 178.162.209.134; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
an-x-request-uuid: c1d3e75a-1b2a-4b36-b75f-d6a956153849
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAXMjMa-qkbosubUXkKsCtA%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.209.134; 178.162.209.134; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1938
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI4MDM4OTIzMzg3ODQxOTc0Mw%3D%3D

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI4MDM4OTIzMzg3ODQxOTc0Mw%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
an-x-request-uuid: 932cd283-049f-4160-9551-b456ebf9b771
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI4MDM4OTIzMzg3ODQxOTc0Mw%3D%3D
x-proxy-origin: 178.162.209.134; 178.162.209.134; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 6537233882389388812
tpc.googlesyndication.com/simgad/ Frame 73D4 24 KB
24 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6537233882389388812?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkqnJMb__ljEsSfrA6dhUWYpirX5g

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012312191621000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e44b4d77b271b6595bfed67b604e1dbbcb99906e6eed0844efcfc3f762a2c1a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 03:32:03 GMT
x-content-type-options: nosniff
age: 238391
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24806
x-xss-protection: 0
last-modified: Fri, 10 Nov 2023 14:07:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 19 Jan 2025 03:32:03 GMT

GET
H3 200 zh_tw.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 73D4 3 KB
3 KB 12ms
11ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/zh_tw.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012312191621000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a956a6fe1ee57805393bf1781b32486b4ed9ca402a04320280e59a18bc348a87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:11:37 GMT
x-content-type-options: nosniff
server: cafe
age: 2017
etag: 7688947696963022458
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3430
x-xss-protection: 0
expires: Tue, 23 Jan 2024 21:11:37 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 73D4 344 B
368 B 11ms
10ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012312191621000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 21:51:44 GMT
x-content-type-options: nosniff
server: cafe
age: 86010
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Mon, 22 Jan 2024 21:51:44 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9724 0
58 B 40ms
39ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6276946130177&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9724 0
56 B 39ms
39ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6276946130177&version=m202309260101&ct=77&x=1&cor=12887091187515790000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9724 33 KB
19 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Drc5RtTqcwsOJxtIitjuL624s9F1r7-d3v1JCZkYybGGPYwOu2aBqhsR5lquydG519QEAd-YHwMrHGpZxPY86qZAzTwRmMp9ZfLVRroLh6Wa8BFnJhU2dCXaQh8yCjOicv2a5rjk6u89_EBdQaTIV3N07j14RWHA9ddS0TmN6-oRaRi18&cry=1&dbm_d=AKAmf-CiK7mc8Bj8mUWj3Zy3NUMEdCWtSFvYWXCAuxUMMTCuSz-fnc1OvHtj8wmVMJIdOqjpY7Hr1awoEO_5FZHJEtU9sh_3HyEMcanSfslqsOuyFgEojCVGar2cW9X9I6bNFLnQIhiUJrGKyS2a2T8dKWCgJzkCpND48thOmn8cFvd5nqwV2Rkyp2F-Oq9Bo-yiJFgwKUrI8hNHTq9XnVJaKyqSC1anfGOFREUii4rFFBj_07J93DoZpxg06EzJMy8cZFQBgWzRabbfxC3txYiMDQg_FvYEd8-X28DolGwHWozIFTiXp0Hw6C7V0WDzdoGzWKKyAEXoHFURFrHCVEosEZRCvab2AVqwAZ9L5o82yei6V4ZNBZEbe59-_IcFKFX1g5Vx7QzlxsAdKqTxivUsnCUugNeoA-ncocMQ_EBkNHK43o0QfCK73tuyLhaOnCi-86J9nGh8NR3h3ghE95wwTb3ygRNsXvyt1Lx1quH_Njh_uAzVBkiUI-7vOL4yphIqpKoKWsvfn_a33VOrr7nBr1Jh8aH-jddcON2OqSK_mvEKJIhtjN8sB90f-n7C8HzUXybcOH9O2-ORepUa-14E9pkNn9TfwScy5MBf_o3akpzBr6djbx4qxLDPIakUitT7EUN7lG3ipVRTVWdbD7wXLxbHaeIA2QUBKY0Rax_bV71yxCTB8v_ROpOqYVbsvzvObHY2Jv0a25KgqAmKA17mX9Tde8Xyv-LUps7PJteY3tTOT9i1cUOMwnRkcyUKEOsRf75vNRt74-iP9tXVXDxcdarpOxJdyYzAGDIpAld7P6cTsMaKXiMy1n3m-97amYy5QmvJp23mIC5ZqC7a5NPpS-utZc2NaINTv_u3O_Ws1arD-AmsNvGZY9BWXKg74_O9iWnB04zP2fuBa1Qn28WEaqQEVhMa5N0xiQQfCOu92ydcC_B3bgJwECytkTWzOL7WnbamYGMcGhHK9gCcJAA01phXWGxJ9cxc7pmHM5x4_xGJQ74E2H78EsiRTUVn-OjLWc4xHb4AuqKv1d7P1lDPybbBP0YN29T7ZPSaj_r-unagODec1ZraFMUvSc6J7-_nY65dKosYBnHfG5XdPZa3Ei8tMJEI_BcbwMLzB3iB9K-K53fXW8ycoLlttLCaGDBo2rjHiwc-DANEJOy7etJn5BacG1eNqT64mQynX0vSTWJKY3QGzULTsu083AwBxJWBUrUnrUpVO3_7pZ8GKvv8nfwn6PbGHJ7SEGO3TuJfDJezksahfa9GkXNl6-60wGoIPjppjan_IZy6EUOeoAAcaCxozctlkURUle6xfBbI63Wcpt4uWZdC5otmZWTCmSWruYxCVjbOB63e--sFnvoNK2WGthf-XBs5KfYzdyG0Vhss1frTjgmoqHOGCEEA_uP-DohtS5Zt6JjmdROZ6P9RlrLh6IGr6Er9uInSqhMvVc58TFuA9KpYr9A3l-lKJGYGTnWLSfEcUuOtQFl7UgB1KOBXzpHw4tPZfKwQMIDk4KRoeJvg30d0b9xIAZ_l1-g_rtlw6sUDQqhAKe7LCXWinu4PydQjmU10aywplGBN2I5YSbSC8S2DvlDLTW_ZwybrMoghmT2fD5qnk4cnXpKH9tmxrZpGcpf4BeKgSKoawuu2gNr1EoB2QrfBrNLtClWk-2NOPBknpAWb3GX5f2khVtSaDAXs_Zks7Yd5iNcF4Gaq4TftJ96tT5fSiBFDWlDZgLwtbRYxipXn6KyJ9rXgvBlbrVKhsyAjUXwqmtsWkT6iSTPNf5n9F2IMBCDmvlpBeUdcNjEgQ_RyXxA1J6EYpK6Z5u7r7I-ymwkJ3Aidhi1AlNmh8EAIkt4amPi4K7i6aOD5r43topKM-zsH1bf2fCnc__fp0ncXDEmHOA3s-zB9ErnKycNu0Kw88osYXTV2IWbgz00pghJ5uaC5hkr28Dw-3pN7EE_dgoRBUVTaYWXQw187_5AI_xdCijh7Y-b8BpjvGVhyynsFwI2RHHv6wiscraatA08fLoRxhvj-DWcQFjoW38zo0KIEw0xQUmPxkKdpfyZAqxNnUXRatMqkRIo7Y0Iomzro6sXFS1DYGsP3gOf4spvq7pu9BhwJe4dsoQds-2qow7aqEKNHvPbM1nuB7MGPj3SwXF2nASpcRo6EjS3Ph-QigWumH6igB8NqiZecDCPMyoVPM8z4xE3nD1xEP0P_pUoIfYkpnvkMUIQbEoxn03wuQp4Uhn6lovfP7W7JF42aGif0uob6G7pmC0dcoVJzq7bdNDQtCz28kdVSykgY0JfL6ctOcITibY5PzjmR7qILQO56goAVhoQj1cA61anBNxwvDclFU3PvLtaLNLHYY19NWSqWcTaAjwmVJMOHZKUnCdwEpuFw24BRA8cw3aLVzHtx286_JcTqRlYK0mmew1ojHWUl73rNTTnRDec5HVGFwDaNkgDLzidq_gF8X3FkG1E8M14oD0EVFsnpzUx01xJahNo0lsZiqlUMFeNGG1eyIhm47rD4AUNaDFAV36gq3bpbTiBJI2JtwL3crujFcaRF2HwiSHwvU-8PUWl5IBPngFUJvjh60RSQDZr13JCSVEqNDlWuf-7DQPCElLq4hvfceYt_EFNbWAs1UwhWATzzA0hdp_zxUS8UPQ7_yt2Z8EtPUlI3ysG7ISQQRlhRjvSKKLsDqB6u1AH0MytsR_I3YILKkUJWlrd350SAfZlXf7b1Dv4G78oEPjvX4Vk-Yi3lkwKF1TMB-jJ6bHplHo1NIXbYHyNCtyEZbnbO7ggoqqMUo_wpUhUJB-x2MmbNbuuWoU_Yka1lLD94jaPzbluIjJmVgCMA3nhY_uTs3nd7FEJ9do85JAErpGCU4yQxzmH3B-zpprPRiTsVH_LYiBDi4VreCcYbwGH3x-D5h6MZrYHmDMVHCz42IJvS-00NfjsTNQZlsPMxS4Ea8hiJBX_IoDgMBsI3-EJW6-PqD2P1kLSjK30r3olZLwVT6qiXgVfSDHqbMWRU7wztb4L-7Y4st0Hd6uhLilTsShPgxh8IHKWYLWpUSr80yvm2VdrAQ5v8vqod9zG_ZuFLP94oROb1MKHNsEK_dMW7n9TQq9vJrQvmKgf0WJpB77jfcvMjzcucPzuvUdndZLKfjsySWr3HTKPMWJfkETgjDvVChUjgGwJIntaFX4bAaJPa-xZsiwWmZvrsnNPpHHmmmrI3ABHq2QE3Wze-tIjZyp9xqtnBnLxjFFGcW_wjJcBcZDzZhStfmTy-0_yOk6WfhU6LUxt9pRSo_qJuTOYECh7oJ6iw362tGpQXU6bjpVmDVzyIGiDBg_NyAW5RTRuEbSR_u1kURaDu79IWxx2fObwE73c7oQ8b3f7NzR42gM9HbM-9PzKY2pcATkJ5k6LeVDtCtzJkW5POmoDaKOgQl7lePlFjmofErLdyZVSKet1N7DLGRlwxvFE9OHbv0xxDl24iYqqXF8vLaVSIHHFNaPE08wojrrOItZ236lFhFzTaNermc_EssqhVbqUEseanYxLqq-RdxEipE8qN1MUIuO2XcV6zErNIh1f58ghQNaWBMPGFEeEBwfqzosry7SwHxMRmZxFDQQSH7aj3HsSgRk3vzeEX9JiFuGYh3B_Jeo5jc_njErXN-OqylPQXiZPdBP8Q9v1y&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Freurl.cc%2FE44nYm&ds=l&xdt=1&iif=1&cor=12887091187515790000&adk=3047537734&idt=122&cac=0&dtd=26

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ee2af0367db9a24c31f395274f2dc2f8d3ca3ff98c909b5ebd8c24024972460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19614
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4BE1 0
20 B 38ms
38ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2901100299979&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4BE1 0
20 B 40ms
39ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2901100299979&version=m202309260101&ct=77&x=1&cor=2846228381508573700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4BE1 33 KB
19 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFtmfNTlbkjMWPwtL1z5GY4z262BGAVdTxA7dW6u3pW3zBEFbwgm9mR-eMyeqWkUP0qNVr4PlLYjnkocl2Ciz47Xn4f4oSzOCpUFQq575SM7dgAEBj24D4IIjzoY715nm1l65YhEQHMeFLxP3G0Tcb4iFW6S5he65KNxkAQvBHOb5LKfE&cry=1&dbm_d=AKAmf-BvQjqX7ItARihLOScROoNoJYikSvQwvWZdzN1P7n-7yWPF1WzDpXbHn8wYdhq3Pjnef39HPVcXhAJiTRLp-O_vW5fh13e0RT8sUy-zCto8syN7pS9R92Kl_lgpfybiKBudooJbVw_v6OhGSYn8gPlhAdV6XhWc-toet4E9nRyd7xAEMV4_AvzzlU85h5OYCf2pwVdIYC_5kUtlCldFZ4t3OtG-26sPoGa-CL9nX0dh50laYzukZ07-oe1dYROdPXS7IhVc1SoqIP_clMJLDJqrjbERP1ZTp357RiUEmzGu96BQVjgjdDziO6DLSx0tP_ZLfzB93QLwmbbA40g1Rm9jh95d9UGecLW5-OXzYv4D0qFW8CckBzLkPyqmbwuGmp-oUSCmfPSVOA0MTOFe02Z7FI759mXbKoOtMGwPk6dKxGR0qyMnxfQ75r42Q7DW5POytnzQyM5ih9DJfTabKtb4o2C1QtX3HSKo8LOw4UDN4SrY02hFwp5YFpn-6-xYh3S_Qk6axWOmQD-mXFCTiETL-zYoQ7qdymmMIJszksrcY3K9A6_TICvGFjs20zVnJwAVc3R1fHNfNzPuSlqJcnp79_INrxaUPrhvYaIoo9wGOLxzCk_fqpr9qUiRnaBlca10SYuIO1scecY5AwVvza6Y6g0_NM14i_I2X7KlpsZQPkfmYvd2lwHVwg6oWDwhcv-LGlFJEY5upqB0eDqMIi98lJaKgPGUulKjU9hZbQzB9SaNHr41RSbpcOv1I2ihqk518g_sBu5kBS61duqEtedS_azPlyrawrPbKKP2jkAWCKp_ONQL0gb9s-c2wcSQajTxu1KlywPjVck74l-Q2R1zpSFVQJeZVahDRpxlSyFIU5IDAaKwGgqDG2GDJ3luor26Osp-eAScKDlDpOXbjhBjdUxUHTOBG1yTU-ccXwAGa4m2zW7BjkiETxrRtOf2pa7JqX4O3ieG2drubXfRKtEJPkg7IA01P7SaFUbc5fqXAdJDQeg1pIx3uxqPGW7tYxZFVdv3o_azbBEk-cuJ8KS0sS0MllRAd1_byvBBoqpSIwf2eADm1_Q2boA6Qpw7wGn2eHm3XYa8t5M5TaM9r3jLfUmaYXnffdathMAM9ntXVfvzn3piWyQ7tpoLp-VCdALI8c6i0qPJr8DgJSd1CuGtm_cQH9SaYIMxJaKdSbW1eSl69WRbj7JPrTwicQ65SeaHXMe2Rq-vijopa51YzM6Ura3A-eVParn9AHwRlj9h8IZifMkzQ-AXmqtuertbUDhme8Jo6TzyCjkrtZ8PreN6ppFqb8OH-cUY2JNEq9XIB49gqYXZbXSXJuCe8cU_6gxP5yrY7z-4JfbYaBr3PjEDV9Cz4rGS2vkhQMqXpQutaIXjcLIReQzTNHvVoOnaHvrW8XPr360GXfAyBAT0UfOuqT8QESEa-VDld2IvPmlLNGQpbaMwNvrZm1vaNzyll_7PkT1uxezNZwLTh5JnWrxS2tIibqJGNZL9Ng8Na-UA4JAgV7bbMUCiMLHMLfLM_WXuZiFHZ9lE6Yeyy-wh_Zzzxk4GQsaghHhmmkrDuBjGQcmn8Z0t4DVxdr-OZhMR1Tjd9kr4KwTPMurm_y1VdlJcQr8QyxXNdAxui1zlRcNfVd1OAqJ-v8xbz8JZ72GpDq93ANHE-cxgmTr8uWulizGxlNQ36kffTjXuXiqBd5KBU_B3AyMKvJWFFD8yAExeILOyiomiZ_VVqxbnAgBspfMz5Urzk_ijvqgwlIYDIvAEz2D1bdqj5K3EcjGA1YSzgj1URDkelpS8yXkLw985mejFJyVDLgVwcmeucUdqOOEFyHLjMnpMMg8lC2Go_x_QZGihnYemQdeGJGhQIcW7XBYhC6oXG9nxMshoxIcrfB_HfWriYVFTmS_-X-FqpzLQ3nUqMPKsqXtl-uM3Iau13pZXNtrSia6tT6Yp_j3FBOlGOII4EiANCpKH81VT9U1KPTFWLUPpv_K4lPV5dsNZJL_4u-xmq4cvOBSp4g6-6PC2ZQ13F-3h400pekOcCSi8tfMNhgw6reEKYhTTRfzddbsA42BN6SmKWrNLxFpL8fmdWhTeUQFr3zOxbGpatLOvWyTZAGeZHBrf0l3bcwp4YLj1JwYHrcpCa6M_SGp5TcaBSO1PQPu4rKnsPoAyHdZljPhPIeSvmcbvoUccLyQNP56hKyJUI0yViD07oLzoV1MAGYvqLNQ5PW533wZJeTCfhvSJq77dpfwgsJi0qrIuGENgMLFnhn-3Eb7P_89PVm7mzwEPdnZYpxm-CGotqto9AaXK1q3WA9GjgWIg0AFI0zd5pD9l7kZcF4sPCVhi7MEQW3lJh9RwvU8rFlhs8B2voLz3wPXNMi43gvgs0A-tBXK6pdGTe7hxaCHsv4tK00ZmjBwGSsC2lf2KAva9SbwZRQRC0q6gPJCsSNt3NesJVx-5Ub2T5nXpvC6FIyfDqfZ9ML5XdCLthQDqQ517zBvSibJ6ifS92aTOiWg59yIjQ4-XnUnLTI8jXyi8rWW-nKEvxHY9FjkShmHTSmdxQeEH6Wc45mOxmfx8RL5oy5Fh5eJy3sQWSmze0taw3jD9sxJpzw1IR3HYvSZlF3CVBGu-mCz0n5snWoToq0XOtqNUTIjve-5t7_WRGsNtdx880Nwjz4yiNOou2jdUtPa0ATQbz7Ud1WIOnd9KsG0sDTY-1JqbeCU_6ji8Cdg4PLnLkEcbMaOZje_YKWf-unW9WJNNt6-Tf7BKv4obTyyLLvRsgauQHzY6N4dJBZ4ZI6eBLbEXoA0CixGlBtxhoidk8WrYQY34QGJWR4RTWqodfByoa_rPFrLpNPnBYpsoKa1JhFOWqq1JyNHexqzT3gk7JEO9Qs08jIukdFkhvLv23TUVKKpz3IV1rLL1jGQ5gl5GWW_0oJu5C2vJ1I31stLB81mexwd48-5eBYck5a9C4SpIP0jeqfgkBmobR0i9yIuq0__a3mKTn9_nz2yhrd4FfdbAUl_XLNCL-_y8GMI39U-PfgDqOTpi5HxKIMqAMDGL6qvfS02n5jSd-KPYp4QmcMCCorunIIn6Iqg1KxvWh9QhbwKbICOQSmEVJR0gamwyJn-unUMFophqpwY21SvOWH8qr4xZEjIV3bVhN-u95szyVFHrHyMOTrXzfBBnK34khi3VvQ62AXyoVve9ev9HHDp69x18_VTnAcUrdYwgintnw_jUGnDYP9x-UNr6hgaE9j4ylHMLsEbl7LwyeknoJCm7pHoKCBKXyJ6AXR6O_myqikmTLAjmdMP_ObmlFherRFzB4R-qXLtFlxJdU4ekUeekfjpdQK26CKxe8BL3yyWiUZcGRRghRN7TLm9o8fCq7PjktMKLBlr5dFlbacSKs0OwFwZSFsN_Miid865wegh3rcGNtWM6AkIsDG8STNfmXLSJGIqwnEtUvTZYIyaJfQIt5yrXEOlhz7tFe8d7q-WQKeOqzRGueTTFrST9ITiy9uGRjebFcqJ2ZdNJv3LiLFkTyEppuF-ofYdbdT__lCg_fChH0DCPl_NbgnvXMr_oYDNdrw1b1oziAnfzLUj6VS2yCBAKFfdUjm9-wi3nyHz9kxTAqYFr-2xIK8mzmHIMmeX_eC1JuU0&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Freurl.cc%2FE44nYm&ds=l&xdt=1&iif=1&cor=2846228381508573700&adk=250412561&idt=168&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74c6d9117673ef0056d0cf6f8b401a2c3677434fc873f2054b89d551f0d237a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19404
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 7C5E 35 B
470 B 1047ms
207ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/gif
Date: Mon, 22 Jan 2024 21:45:15 GMT
Server: TornadoServer/1.2.1
Connection: keep-alive
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 51A7 0
217 B 893ms
256ms Document
text/html 35.79.48.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.79.48.13 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-79-48-13.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 22 Jan 2024 21:45:15 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 cm.php Show response
fcm.holmesmind.com/ Frame AB7C 39 B
182 B 149ms
111ms Document
text/html 34.95.67.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.67.95.34.bc.googleusercontent.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39
content-type: text/html; charset=UTF-8
date: Mon, 22 Jan 2024 21:45:14 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 google

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 7C5E 409 B
632 B 889ms
254ms Script
application/javascript 35.73.17.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.73.17.154 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-73-17-154.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Jan 2024 21:45:15 GMT
server: nginx/1.18.0 (Ubuntu)
content-type: application/javascript; charset=utf-8

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 7C5E 5 KB
3 KB 953ms
217ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

aea329c8fc42e4454ef62e1fbca6c04aac43220994f688869210598a66228f53

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
strict-transport-security: max-age=0
content-encoding: gzip
last-modified: Thu, 11 Jan 2024 05:45:05 GMT
server: nginx
etag: W/"659f8061-1428"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
expires: Mon, 22 Jan 2024 21:55:15 GMT

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 7C5E 0
218 B 891ms
255ms Image
text/html 35.79.48.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.79.48.13 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-79-48-13.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
content-type: text/html; charset=UTF-8

GET
H2

200

cm
c.holmesmind.com/ Frame 7C5E
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
499 B

127ms
126ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

date: Mon, 22 Jan 2024 21:45:14 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
content-type: text/html; charset=UTF-8
location: https://c.holmesmind.com/cm?tc=getIn&
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

google
m.holmesmind.com/ml/ Frame 7C5E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEJi-z3Sey7T66MYm3TNVMOA&google_cver=1

0
451 B

1081ms
1035ms

Image
image/png

35.227.249.156
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEJi-z3Sey7T66MYm3TNVMOA&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
x-guploader-uploadid: ABPtcPrIBBkp77MyGZu0K7gPj_G-UmJIlH5S5xHZPGWm7eWwaH3KeaqGggyy6C7T83iRpc_OU4M
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation: 1519198601160228
content-type: image/png
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
expires: Mon, 22 Jan 2024 22:45:15 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEJi-z3Sey7T66MYm3TNVMOA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 328
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame FE84 7 KB
1 KB 844ms
255ms Script
text/html 52.69.87.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14209
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.69.87.178 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-69-87-178.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ae42780a45b51519108c5652ede4a30cbf2dd2d4417f11e1f29f6a0361e947f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame FE84 30 KB
30 KB 19ms
19ms Script
application/javascript 2600:9000:2250:aa00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:aa00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
date: Mon, 22 Jan 2024 21:45:14 GMT
via: 1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront)
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 6
x-amz-server-side-encryption: AES256
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 30621
x-amz-cf-id: A0r3coj_NANWPdTkucLIT6731tz2JZOikaSspZRd5IdTf_Qk4fT4Jg==

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C83F 0
0 47ms
47ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cok6o6eGuZc_AGu60juwPypSDwA-4q_aZdcrEs_qDEc6--JZxEAEg0syBGmCVgqCCsAegAf-Ere0DyAEB4AIAqAMByAMKqgSPAk_QQmUoC1xC2vHl7vv2TkkxUYfF0FWg7EezYh5-E7jTc3w4hubYMPYBbH7f_QOSEnVw2MxSXb4vv5fEX271o63BJ3dRSqRS_q7SP62c6VXTNanXCdxmxMTTUIHHkzuntFMlnsDCcXi4TGUu3B_vbwy459uRagJI4T2nA1CLhKwjwoZMGwXvkyR0ZdKSIm7C-sPSOx_VkiHkz8wQMToWLCYx1nJbLfR8M7rqsAlnODoJe39i9zLRQK9o0uSVKq111aPjtNMa2eK3t0cq5nc75aeoZ6EbL4DpNUjMVP3HifXxmwNKgLVaf6uF5DBUtY91TVzI9JistZmDFbcVARhuInhqNcRytitwu90jhhZlSsHABNz_xsL4AuAEAYgF0o3zryWSBQQIBBgBkgUECAUYBIAHkvuaHagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEENCKC9IIHwiA4YAQEAEYHTICqgI6AoBASL39wTpYtdaO9fvxgwOaCRhodHRwczovL3d3dy5wbHVzNTAwLmNvbS-ACgPICwHiDRMImZaP9fvxgwMVbpqDBx1KygD42BMMiBQD0BUBgBcBshceChwIABIUcHViLTQxMjY1NTQ3NzkzOTM5ODYY4swZshgEEgLvTg&sigh=7nqpTnKC_RA&uach_m=%5B%5D&ase=2&nis=5&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&cbvp=2
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 73D4 0
0 50ms
49ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CKvWS6eGuZdDAGu60juwPypSDwA-usvODda-JjJCfEqzQgLP-DhABINLMgRpglYKggrAHoAHZ3YnGA8gBAqkCNsTwkR9Hsj7gAgCoAwHIAwiqBJICT9BGDkzxgKm_9Fm2775yOLAGVlW8aHqCmlmf_IF73z-uoZV3Knb4T5jb7bSI59GvkXUC9qRZG1aEDXOq8ncA_VZQyDQGSEDZAudhRK9woig5q1rJtw0tbNjQMkiSNTqZCOZN8dMo8Bp6mjYhSzv6WqxYQD7CJ-mFIorIv6N1-fjf3TWzeshjxKB7eo4L7_vgjIKcLltivvviEyL1JE7Q-1YRnHwd4EfkYvWz8IG5zABymL6q3G9hptwVJLCaxe0ThLwIMabwaZi7Bogdh92OBsD-z-1rl4dalIG_PnR02oqFm9e0y8Jjic4lpnLViBbcWF66-tcAiccmGpaNiakojyaaAJGM4DkOOLxZc5Aw3W_pqsAEi5n7nsEE4AQBiAXSlofWL5IFBAgEGAGSBQQIBRgEoAYCgAePovY5qAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQzZkL0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOli11o71-_GDA5oJQ2h0dHBzOi8vd3d3LmhhdXNmcmFnZS5kZS9hcnRpa2VsL2RldXRzY2hlcy1zdGFydHVwLWhpbGZ0LWJlaS1zb2xhci-ACgPICwHiDRMImpaP9fvxgwMVbpqDBx1KygD42BMM0BUBgBcBshceChwIABIUcHViLTQxMjY1NTQ3NzkzOTM5ODYY4swZshgEEgLOXg&sigh=fqfmjXs-JJc&uach_m=%5B%5D&ase=2&nis=5&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&cbvp=2
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 9724 31 KB
12 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Drc5RtTqcwsOJxtIitjuL624s9F1r7-d3v1JCZkYybGGPYwOu2aBqhsR5lquydG519QEAd-YHwMrHGpZxPY86qZAzTwRmMp9ZfLVRroLh6Wa8BFnJhU2dCXaQh8yCjOicv2a5rjk6u89_EBdQaTIV3N07j14RWHA9ddS0TmN6-oRaRi18&cry=1&dbm_d=AKAmf-CiK7mc8Bj8mUWj3Zy3NUMEdCWtSFvYWXCAuxUMMTCuSz-fnc1OvHtj8wmVMJIdOqjpY7Hr1awoEO_5FZHJEtU9sh_3HyEMcanSfslqsOuyFgEojCVGar2cW9X9I6bNFLnQIhiUJrGKyS2a2T8dKWCgJzkCpND48thOmn8cFvd5nqwV2Rkyp2F-Oq9Bo-yiJFgwKUrI8hNHTq9XnVJaKyqSC1anfGOFREUii4rFFBj_07J93DoZpxg06EzJMy8cZFQBgWzRabbfxC3txYiMDQg_FvYEd8-X28DolGwHWozIFTiXp0Hw6C7V0WDzdoGzWKKyAEXoHFURFrHCVEosEZRCvab2AVqwAZ9L5o82yei6V4ZNBZEbe59-_IcFKFX1g5Vx7QzlxsAdKqTxivUsnCUugNeoA-ncocMQ_EBkNHK43o0QfCK73tuyLhaOnCi-86J9nGh8NR3h3ghE95wwTb3ygRNsXvyt1Lx1quH_Njh_uAzVBkiUI-7vOL4yphIqpKoKWsvfn_a33VOrr7nBr1Jh8aH-jddcON2OqSK_mvEKJIhtjN8sB90f-n7C8HzUXybcOH9O2-ORepUa-14E9pkNn9TfwScy5MBf_o3akpzBr6djbx4qxLDPIakUitT7EUN7lG3ipVRTVWdbD7wXLxbHaeIA2QUBKY0Rax_bV71yxCTB8v_ROpOqYVbsvzvObHY2Jv0a25KgqAmKA17mX9Tde8Xyv-LUps7PJteY3tTOT9i1cUOMwnRkcyUKEOsRf75vNRt74-iP9tXVXDxcdarpOxJdyYzAGDIpAld7P6cTsMaKXiMy1n3m-97amYy5QmvJp23mIC5ZqC7a5NPpS-utZc2NaINTv_u3O_Ws1arD-AmsNvGZY9BWXKg74_O9iWnB04zP2fuBa1Qn28WEaqQEVhMa5N0xiQQfCOu92ydcC_B3bgJwECytkTWzOL7WnbamYGMcGhHK9gCcJAA01phXWGxJ9cxc7pmHM5x4_xGJQ74E2H78EsiRTUVn-OjLWc4xHb4AuqKv1d7P1lDPybbBP0YN29T7ZPSaj_r-unagODec1ZraFMUvSc6J7-_nY65dKosYBnHfG5XdPZa3Ei8tMJEI_BcbwMLzB3iB9K-K53fXW8ycoLlttLCaGDBo2rjHiwc-DANEJOy7etJn5BacG1eNqT64mQynX0vSTWJKY3QGzULTsu083AwBxJWBUrUnrUpVO3_7pZ8GKvv8nfwn6PbGHJ7SEGO3TuJfDJezksahfa9GkXNl6-60wGoIPjppjan_IZy6EUOeoAAcaCxozctlkURUle6xfBbI63Wcpt4uWZdC5otmZWTCmSWruYxCVjbOB63e--sFnvoNK2WGthf-XBs5KfYzdyG0Vhss1frTjgmoqHOGCEEA_uP-DohtS5Zt6JjmdROZ6P9RlrLh6IGr6Er9uInSqhMvVc58TFuA9KpYr9A3l-lKJGYGTnWLSfEcUuOtQFl7UgB1KOBXzpHw4tPZfKwQMIDk4KRoeJvg30d0b9xIAZ_l1-g_rtlw6sUDQqhAKe7LCXWinu4PydQjmU10aywplGBN2I5YSbSC8S2DvlDLTW_ZwybrMoghmT2fD5qnk4cnXpKH9tmxrZpGcpf4BeKgSKoawuu2gNr1EoB2QrfBrNLtClWk-2NOPBknpAWb3GX5f2khVtSaDAXs_Zks7Yd5iNcF4Gaq4TftJ96tT5fSiBFDWlDZgLwtbRYxipXn6KyJ9rXgvBlbrVKhsyAjUXwqmtsWkT6iSTPNf5n9F2IMBCDmvlpBeUdcNjEgQ_RyXxA1J6EYpK6Z5u7r7I-ymwkJ3Aidhi1AlNmh8EAIkt4amPi4K7i6aOD5r43topKM-zsH1bf2fCnc__fp0ncXDEmHOA3s-zB9ErnKycNu0Kw88osYXTV2IWbgz00pghJ5uaC5hkr28Dw-3pN7EE_dgoRBUVTaYWXQw187_5AI_xdCijh7Y-b8BpjvGVhyynsFwI2RHHv6wiscraatA08fLoRxhvj-DWcQFjoW38zo0KIEw0xQUmPxkKdpfyZAqxNnUXRatMqkRIo7Y0Iomzro6sXFS1DYGsP3gOf4spvq7pu9BhwJe4dsoQds-2qow7aqEKNHvPbM1nuB7MGPj3SwXF2nASpcRo6EjS3Ph-QigWumH6igB8NqiZecDCPMyoVPM8z4xE3nD1xEP0P_pUoIfYkpnvkMUIQbEoxn03wuQp4Uhn6lovfP7W7JF42aGif0uob6G7pmC0dcoVJzq7bdNDQtCz28kdVSykgY0JfL6ctOcITibY5PzjmR7qILQO56goAVhoQj1cA61anBNxwvDclFU3PvLtaLNLHYY19NWSqWcTaAjwmVJMOHZKUnCdwEpuFw24BRA8cw3aLVzHtx286_JcTqRlYK0mmew1ojHWUl73rNTTnRDec5HVGFwDaNkgDLzidq_gF8X3FkG1E8M14oD0EVFsnpzUx01xJahNo0lsZiqlUMFeNGG1eyIhm47rD4AUNaDFAV36gq3bpbTiBJI2JtwL3crujFcaRF2HwiSHwvU-8PUWl5IBPngFUJvjh60RSQDZr13JCSVEqNDlWuf-7DQPCElLq4hvfceYt_EFNbWAs1UwhWATzzA0hdp_zxUS8UPQ7_yt2Z8EtPUlI3ysG7ISQQRlhRjvSKKLsDqB6u1AH0MytsR_I3YILKkUJWlrd350SAfZlXf7b1Dv4G78oEPjvX4Vk-Yi3lkwKF1TMB-jJ6bHplHo1NIXbYHyNCtyEZbnbO7ggoqqMUo_wpUhUJB-x2MmbNbuuWoU_Yka1lLD94jaPzbluIjJmVgCMA3nhY_uTs3nd7FEJ9do85JAErpGCU4yQxzmH3B-zpprPRiTsVH_LYiBDi4VreCcYbwGH3x-D5h6MZrYHmDMVHCz42IJvS-00NfjsTNQZlsPMxS4Ea8hiJBX_IoDgMBsI3-EJW6-PqD2P1kLSjK30r3olZLwVT6qiXgVfSDHqbMWRU7wztb4L-7Y4st0Hd6uhLilTsShPgxh8IHKWYLWpUSr80yvm2VdrAQ5v8vqod9zG_ZuFLP94oROb1MKHNsEK_dMW7n9TQq9vJrQvmKgf0WJpB77jfcvMjzcucPzuvUdndZLKfjsySWr3HTKPMWJfkETgjDvVChUjgGwJIntaFX4bAaJPa-xZsiwWmZvrsnNPpHHmmmrI3ABHq2QE3Wze-tIjZyp9xqtnBnLxjFFGcW_wjJcBcZDzZhStfmTy-0_yOk6WfhU6LUxt9pRSo_qJuTOYECh7oJ6iw362tGpQXU6bjpVmDVzyIGiDBg_NyAW5RTRuEbSR_u1kURaDu79IWxx2fObwE73c7oQ8b3f7NzR42gM9HbM-9PzKY2pcATkJ5k6LeVDtCtzJkW5POmoDaKOgQl7lePlFjmofErLdyZVSKet1N7DLGRlwxvFE9OHbv0xxDl24iYqqXF8vLaVSIHHFNaPE08wojrrOItZ236lFhFzTaNermc_EssqhVbqUEseanYxLqq-RdxEipE8qN1MUIuO2XcV6zErNIh1f58ghQNaWBMPGFEeEBwfqzosry7SwHxMRmZxFDQQSH7aj3HsSgRk3vzeEX9JiFuGYh3B_Jeo5jc_njErXN-OqylPQXiZPdBP8Q9v1y&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Freurl.cc%2FE44nYm&ds=l&xdt=1&iif=1&cor=12887091187515790000&adk=3047537734&idt=122&cac=0&dtd=26

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:34:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11461
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:34:13 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 9724 41 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 448226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 17:14:48 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTk1OTkxNDcyOTkxOQogIHNlcnZlcl9pcDogMTI2MDY5MDgyCiAgcHJvY2Vzc19pZDogMzk2MDA1NDgxMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzMjc2ODE3...
ad.doubleclick.net/ddm/activity/ Frame 9724 0
835 B 80ms
40ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTk1OTkxNDcyOTkxOQogIHNlcnZlcl9pcDogMTI2MDY5MDgyCiAgcHJvY2Vzc19pZDogMzk2MDA1NDgxMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzMjc2ODE3CmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly96YWxhbmRvLmRlIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDIKZXZlbnRfaW1wcmVzc2lvbl9pZDogMTI5MzM5OTkyNjI0NTM5MTAyMjkKZGVidWdfa2V5OiA0MjU2OTQzMDYzOTIwNjE5NDE3CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0wMS0yMiIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMyNzY4MTcKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzODY0NTg5MDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExMTE3OTk3NDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMjAzMTMxNTc5MTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA1NDgzNjg4MzIKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vemFsYW5kby5kZSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3phbGFuZG8uZnIiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly96YWxhbmRvLnBsIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xe35eedb85717d90c0000000000000000","13":"0xd133edb174e1ca230000000000000000","14":"0x3168c0a4414fd21b0000000000000000","15":"0x33200d4fa72e3b180000000000000000"},"debug_key":"4256943063920619417","debug_reporting":true,"destination":"https://zalando.de","expiry":"172800","filter_data":{"14":[],"21":[],"8":["3276817"]},"priority":"0","source_event_id":"12933999262453910229"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 4BE1 31 KB
12 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFtmfNTlbkjMWPwtL1z5GY4z262BGAVdTxA7dW6u3pW3zBEFbwgm9mR-eMyeqWkUP0qNVr4PlLYjnkocl2Ciz47Xn4f4oSzOCpUFQq575SM7dgAEBj24D4IIjzoY715nm1l65YhEQHMeFLxP3G0Tcb4iFW6S5he65KNxkAQvBHOb5LKfE&cry=1&dbm_d=AKAmf-BvQjqX7ItARihLOScROoNoJYikSvQwvWZdzN1P7n-7yWPF1WzDpXbHn8wYdhq3Pjnef39HPVcXhAJiTRLp-O_vW5fh13e0RT8sUy-zCto8syN7pS9R92Kl_lgpfybiKBudooJbVw_v6OhGSYn8gPlhAdV6XhWc-toet4E9nRyd7xAEMV4_AvzzlU85h5OYCf2pwVdIYC_5kUtlCldFZ4t3OtG-26sPoGa-CL9nX0dh50laYzukZ07-oe1dYROdPXS7IhVc1SoqIP_clMJLDJqrjbERP1ZTp357RiUEmzGu96BQVjgjdDziO6DLSx0tP_ZLfzB93QLwmbbA40g1Rm9jh95d9UGecLW5-OXzYv4D0qFW8CckBzLkPyqmbwuGmp-oUSCmfPSVOA0MTOFe02Z7FI759mXbKoOtMGwPk6dKxGR0qyMnxfQ75r42Q7DW5POytnzQyM5ih9DJfTabKtb4o2C1QtX3HSKo8LOw4UDN4SrY02hFwp5YFpn-6-xYh3S_Qk6axWOmQD-mXFCTiETL-zYoQ7qdymmMIJszksrcY3K9A6_TICvGFjs20zVnJwAVc3R1fHNfNzPuSlqJcnp79_INrxaUPrhvYaIoo9wGOLxzCk_fqpr9qUiRnaBlca10SYuIO1scecY5AwVvza6Y6g0_NM14i_I2X7KlpsZQPkfmYvd2lwHVwg6oWDwhcv-LGlFJEY5upqB0eDqMIi98lJaKgPGUulKjU9hZbQzB9SaNHr41RSbpcOv1I2ihqk518g_sBu5kBS61duqEtedS_azPlyrawrPbKKP2jkAWCKp_ONQL0gb9s-c2wcSQajTxu1KlywPjVck74l-Q2R1zpSFVQJeZVahDRpxlSyFIU5IDAaKwGgqDG2GDJ3luor26Osp-eAScKDlDpOXbjhBjdUxUHTOBG1yTU-ccXwAGa4m2zW7BjkiETxrRtOf2pa7JqX4O3ieG2drubXfRKtEJPkg7IA01P7SaFUbc5fqXAdJDQeg1pIx3uxqPGW7tYxZFVdv3o_azbBEk-cuJ8KS0sS0MllRAd1_byvBBoqpSIwf2eADm1_Q2boA6Qpw7wGn2eHm3XYa8t5M5TaM9r3jLfUmaYXnffdathMAM9ntXVfvzn3piWyQ7tpoLp-VCdALI8c6i0qPJr8DgJSd1CuGtm_cQH9SaYIMxJaKdSbW1eSl69WRbj7JPrTwicQ65SeaHXMe2Rq-vijopa51YzM6Ura3A-eVParn9AHwRlj9h8IZifMkzQ-AXmqtuertbUDhme8Jo6TzyCjkrtZ8PreN6ppFqb8OH-cUY2JNEq9XIB49gqYXZbXSXJuCe8cU_6gxP5yrY7z-4JfbYaBr3PjEDV9Cz4rGS2vkhQMqXpQutaIXjcLIReQzTNHvVoOnaHvrW8XPr360GXfAyBAT0UfOuqT8QESEa-VDld2IvPmlLNGQpbaMwNvrZm1vaNzyll_7PkT1uxezNZwLTh5JnWrxS2tIibqJGNZL9Ng8Na-UA4JAgV7bbMUCiMLHMLfLM_WXuZiFHZ9lE6Yeyy-wh_Zzzxk4GQsaghHhmmkrDuBjGQcmn8Z0t4DVxdr-OZhMR1Tjd9kr4KwTPMurm_y1VdlJcQr8QyxXNdAxui1zlRcNfVd1OAqJ-v8xbz8JZ72GpDq93ANHE-cxgmTr8uWulizGxlNQ36kffTjXuXiqBd5KBU_B3AyMKvJWFFD8yAExeILOyiomiZ_VVqxbnAgBspfMz5Urzk_ijvqgwlIYDIvAEz2D1bdqj5K3EcjGA1YSzgj1URDkelpS8yXkLw985mejFJyVDLgVwcmeucUdqOOEFyHLjMnpMMg8lC2Go_x_QZGihnYemQdeGJGhQIcW7XBYhC6oXG9nxMshoxIcrfB_HfWriYVFTmS_-X-FqpzLQ3nUqMPKsqXtl-uM3Iau13pZXNtrSia6tT6Yp_j3FBOlGOII4EiANCpKH81VT9U1KPTFWLUPpv_K4lPV5dsNZJL_4u-xmq4cvOBSp4g6-6PC2ZQ13F-3h400pekOcCSi8tfMNhgw6reEKYhTTRfzddbsA42BN6SmKWrNLxFpL8fmdWhTeUQFr3zOxbGpatLOvWyTZAGeZHBrf0l3bcwp4YLj1JwYHrcpCa6M_SGp5TcaBSO1PQPu4rKnsPoAyHdZljPhPIeSvmcbvoUccLyQNP56hKyJUI0yViD07oLzoV1MAGYvqLNQ5PW533wZJeTCfhvSJq77dpfwgsJi0qrIuGENgMLFnhn-3Eb7P_89PVm7mzwEPdnZYpxm-CGotqto9AaXK1q3WA9GjgWIg0AFI0zd5pD9l7kZcF4sPCVhi7MEQW3lJh9RwvU8rFlhs8B2voLz3wPXNMi43gvgs0A-tBXK6pdGTe7hxaCHsv4tK00ZmjBwGSsC2lf2KAva9SbwZRQRC0q6gPJCsSNt3NesJVx-5Ub2T5nXpvC6FIyfDqfZ9ML5XdCLthQDqQ517zBvSibJ6ifS92aTOiWg59yIjQ4-XnUnLTI8jXyi8rWW-nKEvxHY9FjkShmHTSmdxQeEH6Wc45mOxmfx8RL5oy5Fh5eJy3sQWSmze0taw3jD9sxJpzw1IR3HYvSZlF3CVBGu-mCz0n5snWoToq0XOtqNUTIjve-5t7_WRGsNtdx880Nwjz4yiNOou2jdUtPa0ATQbz7Ud1WIOnd9KsG0sDTY-1JqbeCU_6ji8Cdg4PLnLkEcbMaOZje_YKWf-unW9WJNNt6-Tf7BKv4obTyyLLvRsgauQHzY6N4dJBZ4ZI6eBLbEXoA0CixGlBtxhoidk8WrYQY34QGJWR4RTWqodfByoa_rPFrLpNPnBYpsoKa1JhFOWqq1JyNHexqzT3gk7JEO9Qs08jIukdFkhvLv23TUVKKpz3IV1rLL1jGQ5gl5GWW_0oJu5C2vJ1I31stLB81mexwd48-5eBYck5a9C4SpIP0jeqfgkBmobR0i9yIuq0__a3mKTn9_nz2yhrd4FfdbAUl_XLNCL-_y8GMI39U-PfgDqOTpi5HxKIMqAMDGL6qvfS02n5jSd-KPYp4QmcMCCorunIIn6Iqg1KxvWh9QhbwKbICOQSmEVJR0gamwyJn-unUMFophqpwY21SvOWH8qr4xZEjIV3bVhN-u95szyVFHrHyMOTrXzfBBnK34khi3VvQ62AXyoVve9ev9HHDp69x18_VTnAcUrdYwgintnw_jUGnDYP9x-UNr6hgaE9j4ylHMLsEbl7LwyeknoJCm7pHoKCBKXyJ6AXR6O_myqikmTLAjmdMP_ObmlFherRFzB4R-qXLtFlxJdU4ekUeekfjpdQK26CKxe8BL3yyWiUZcGRRghRN7TLm9o8fCq7PjktMKLBlr5dFlbacSKs0OwFwZSFsN_Miid865wegh3rcGNtWM6AkIsDG8STNfmXLSJGIqwnEtUvTZYIyaJfQIt5yrXEOlhz7tFe8d7q-WQKeOqzRGueTTFrST9ITiy9uGRjebFcqJ2ZdNJv3LiLFkTyEppuF-ofYdbdT__lCg_fChH0DCPl_NbgnvXMr_oYDNdrw1b1oziAnfzLUj6VS2yCBAKFfdUjm9-wi3nyHz9kxTAqYFr-2xIK8mzmHIMmeX_eC1JuU0&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Freurl.cc%2FE44nYm&ds=l&xdt=1&iif=1&cor=2846228381508573700&adk=250412561&idt=168&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:34:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11461
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:34:13 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 4BE1 41 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 448226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 17:14:48 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTk1OTkxNDc1NjQzNgogIHNlcnZlcl9pcDogMTQ2NTIzOTQ2CiAgcHJvY2Vzc19pZDogMTY4MDg5ODA2Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDMyNzY4MTcK...
ad.doubleclick.net/ddm/activity/ Frame 4BE1 0
474 B 78ms
42ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTk1OTkxNDc1NjQzNgogIHNlcnZlcl9pcDogMTQ2NTIzOTQ2CiAgcHJvY2Vzc19pZDogMTY4MDg5ODA2Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDMyNzY4MTcKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3phbGFuZG8uZGUiCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMgpldmVudF9pbXByZXNzaW9uX2lkOiA0MjA0NzYzMjkxMDk1NjMxMDAwCmRlYnVnX2tleTogMTUyMDUwNDUwODk2MDc3NjQ2NgppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMDEtMjIiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMjc2ODE3CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzg2MzYyOTgyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTExNzk5NzQwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIwMzEzMTU3OTE2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNTQ4MzYwMDQ4CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3phbGFuZG8uZGUiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly96YWxhbmRvLmZyIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vemFsYW5kby5wbCIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:14 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xe35eedb85717d90c0000000000000000","13":"0xd133edb174e1ca230000000000000000","14":"0x3168c0a4414fd21b0000000000000000","15":"0x109ddd7b415e73540000000000000000"},"debug_key":"1520504508960776466","debug_reporting":true,"destination":"https://zalando.de","expiry":"172800","filter_data":{"14":[],"21":[],"8":["3276817"]},"priority":"0","source_event_id":"4204763291095631000"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bg Show response
ads.revjet.com/ Frame 9724 43 KB
18 KB 58ms
23ms Script
application/javascript 167.235.11.39
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.revjet.com/bg
Requested by: Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 167.235.11.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.39.11.235.167.clients.your-server.de
Software: nginx /
Resource Hash: 1b16a5af84666feb9f8f195d3a8b74042f80439ca327b61f1c598f58072911ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

p3p: CP="CAO PSA OUR"
date: Mon, 22 Jan 2024 21:45:14 GMT
cache-control: max-age=10800
content-encoding: gzip
content-type: application/javascript
server: nginx
expires: Tue, 23 Jan 2024 00:45:14 GMT

GET
DATA 200
OK truncated
/ Frame 9724 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f85a81bd4c2cfec0ebb2719c72cc4092862ee40b0a7822b174a79857ba82fa6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bg Show response
ads.revjet.com/ Frame 4BE1 43 KB
18 KB 25ms
24ms Script
application/javascript 167.235.11.39
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.revjet.com/bg
Requested by: Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 167.235.11.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.39.11.235.167.clients.your-server.de
Software: nginx /
Resource Hash: 1b16a5af84666feb9f8f195d3a8b74042f80439ca327b61f1c598f58072911ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

p3p: CP="CAO PSA OUR"
date: Mon, 22 Jan 2024 21:45:14 GMT
cache-control: max-age=10800
content-encoding: gzip
content-type: application/javascript
server: nginx
expires: Tue, 23 Jan 2024 00:45:14 GMT

GET
DATA 200
OK truncated
/ Frame 4BE1 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 915b4482630044aa18e9ee03669b89e221dcae195a879c12346c6ab47a2500f4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 77C7 38 KB
13 KB 8ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 448226
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:14:48 GMT
expires: Thu, 16 Jan 2025 17:14:48 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 2714 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 448226
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:14:48 GMT
expires: Thu, 16 Jan 2025 17:14:48 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 rectangle.js Show response
cdn.revjet.com/~cdn/JS/03/3.5.2/modules/ Frame 9724 20 KB
7 KB 88ms
18ms Script
application/javascript 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/~cdn/JS/03/3.5.2/modules/rectangle.js
Requested by: Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA2) /
Resource Hash: dce3111ede9ead68dbb0c6343255a1cc111060d98da86a7e96e0fa8510bb1a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
last-modified: Mon, 21 Aug 2023 15:25:31 GMT
server: ECS (amb/6BA2)
age: 531
etag: "64e381eb-4ee4+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
content-length: 7263
expires: Mon, 22 Jan 2024 21:55:15 GMT

GET
H2 200 sync.html Show response
cdn.revjet.com/~cdn/JS/03/ Frame 9073 2 KB
1001 B 81ms
17ms Document
text/html 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
Requested by: Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B83) /
Resource Hash: 71afeaa2f8371d9b3f97e6a91b94b72b2eec42d37886a88207943877051187b7

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 60
cache-control: max-age=600
content-encoding: gzip
content-length: 942
content-type: text/html
date: Mon, 22 Jan 2024 21:45:15 GMT
etag: "64e382fe-744+gzip"
expires: Mon, 22 Jan 2024 21:55:15 GMT
last-modified: Mon, 21 Aug 2023 15:30:06 GMT
server: ECS (amb/6B83)
vary: Accept-Encoding
x-cache: HIT

GET
H2 200 rectangle.js Show response
cdn.revjet.com/~cdn/JS/03/3.5.2/modules/ Frame 4BE1 20 KB
7 KB 80ms
19ms Script
application/javascript 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/~cdn/JS/03/3.5.2/modules/rectangle.js
Requested by: Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA2) /
Resource Hash: dce3111ede9ead68dbb0c6343255a1cc111060d98da86a7e96e0fa8510bb1a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
last-modified: Mon, 21 Aug 2023 15:25:31 GMT
server: ECS (amb/6BA2)
age: 531
etag: "64e381eb-4ee4+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
content-length: 7263
expires: Mon, 22 Jan 2024 21:55:15 GMT

GET
H2 200 sync.html Show response
cdn.revjet.com/~cdn/JS/03/ Frame 1693 2 KB
1 KB 73ms
14ms Document
text/html 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
Requested by: Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B83) /
Resource Hash: 71afeaa2f8371d9b3f97e6a91b94b72b2eec42d37886a88207943877051187b7

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 60
cache-control: max-age=600
content-encoding: gzip
content-length: 942
content-type: text/html
date: Mon, 22 Jan 2024 21:45:15 GMT
etag: "64e382fe-744+gzip"
expires: Mon, 22 Jan 2024 21:55:15 GMT
last-modified: Mon, 21 Aug 2023 15:30:06 GMT
server: ECS (amb/6B83)
vary: Accept-Encoding
x-cache: HIT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 77C7 39 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42635
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Jan 2025 09:54:39 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 2714 39 KB
15 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42635
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Jan 2025 09:54:39 GMT

GET
H2 200 tag285496 Show response
ads.revjet.com/ Frame 4BE1 245 KB
40 KB 29ms
29ms Script
text/javascript 167.235.11.39
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.revjet.com/tag285496?_plc_id=173670343&_key=603&ct_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2stC6eGuZc7AGu60juwPypSDwA_N2o2IdZz18cG2Ep7V3ITqPBABINLMgRpglYKggrAHoAG5rJCLKcgBCakCNsTwkR9Hsj6oAwHIA5uEgIAEqgTmAU_QHmGfzRl01L_Hrw_M6DR0ifmNUlWWpISxF6D6agp-omGsstql8wJZOiZZRVhn1aSJIHChOkLfTw-K-_REfA87mkBrDci5DIORbWv55sqpmpOOSSehD29z1QQOR6Stg6EnPp8KD7G56v9T7uUuemO130X5uFo0cYj6f0IqEm7hpapUf0KncQLY8ZaFYN4GftWJcK-Bz8uScxWxsHR19KLeuqgo99M07LK3Rla4x-42SDbJyM00NeNt_48_h1qb07DLxdBt4po84YDcJmfNbGLPKQoUI7U0meAwHuSZalRxFyLENeOOwAT42IGnxgTgBAOIBZziiNZLkAYBoAZNgAe55ODqA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB0yAqoCOgKAQEi9_cE6WLXWjvX78YMDgAoDmAsByAsBgAwBqg0CREXiDRMImJaP9fvxgwMVbpqDBx1KygD4sBOSvpcW2BMN2BQB0BUB-BYBgBcBshgEEgLATw%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ%26sig%3DAOD64_09qYeuCdkESYq6Rn7ItI5j1E2xeg%26client%3Dca-pub-4485239425924787%26dbm_c%3DAKAmf-AcUGBo-I1hwJrqfvAnRfXHWHgGkOWCglZgMNhiPR92RgHt5_vTYiCFbSYHGyHQyiykXAAFpgil-bDQCdPV07TuQccREAx3eFX6RsbOvZ1E33PsJaJwkrqoL6KrQZPsG4a7L0kGF1_RHiWx1xxF4VinK1NzIOS4PcIMkNuldPqpRUfaF9Y%26cry%3D1%26dbm_d%3DAKAmf-Cegt15xcIDQnRRK1pABzbxp_WjXJT0zlMlKpAYP_gi4NDclAnad7GM2Z9crLn5nTX86IakE2FYAkZz-fX0zQW7n3UdtUJu5m_5vpXyarjnSyiKBnPlkRQMzpAGfzHQDvU8LfqoI_YLLSU2PylLmFg_CE6caNBJVx_N5Wd_q0a-4IkO8gaKI0zhsAn4fXzzK61g1B0stm4djZGsgyRSD0-7PKTesrbCAsY8BJKxeWM6ch2_nXw9UkdqN8pFbQQLLB_uRtjNeA-xAn5G8_nUAi7lip9quYMIQ8zrbSjWyq6aLLg_gReKaNK2ilNtwz3CTsdHYWpNvbT3P6pWhQKLHkYBbyCtjTgagY_B9kiD6_vUhXHJRyPu-ZJUxt2RQTqnASGbZ17UTlLt6lUPWTse1FWAzoJRPN-LLx6nEMVvTLkFgvTQZVzasS1Rf7Cs0l8DhMSj_pxFNvzsMr6bvmLCxkPFLwXfdzzd_9xg0CZgbGDg26Y0knfS1bdVQLT7fdsGmVKygKQxZiK8wFJX-6S-lAWVbCiVarhvuxIFn4GmTeudq4XyypA01TjzLgWlmq5sRkUuMt1F%26adurl%3D&dv360_cmp_id=20313157916&dv360_li_id=1013234048&dv360_crv_id=548360048&jsonp=REVJET_TagObj_1.onLoad&_js_site_page=https%3A%2F%2F39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&_js_site_ref=https%3A%2F%2Freurl.cc%2FE44nYm&_js_device_w=1600&_js_device_h=1200&_js_gtx_id=150371db18832b3b4148_1705959915042&_js_tag_freq=1&_js_vis_type=8&_js_measurable=1&_js_imp_banner_number=1&_js_imp_offsetx=0&_js_imp_offsety=0&_js_imp_vis=1&_js_sf=0&_js_fif=0&_js_imp_banner_topframe=1&_js_embd_tag_id=revjet-tag-0&_js_ao=https%3A%2F%2Freurl.cc&_js_imp_banner_creative_attr=banner&_js_imp_tsver=3.5.2&_js_tstamp=1705959915052
Requested by: Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 167.235.11.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.39.11.235.167.clients.your-server.de
Software: nginx /
Resource Hash: 05a7fccd3b6d253392f9aae878a8343fb153761f0a66a6a0e669d1823a75118d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
server: nginx
p3p: CP="CAO PSA OUR"
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: no-transform
x-server: ip56788
expires: Sat, 01 Jan 2000 12:00:00 GMT

GET
H2 200 tag285489 Show response
ads.revjet.com/ Frame 9724 252 KB
41 KB 29ms
29ms Script
text/javascript 167.235.11.39
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.revjet.com/tag285489?_plc_id=173670331&_key=6c7&ct_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCk3bY6eGuZdHAGu60juwPypSDwA_N2o2IddTz8cG2Ep7V3ITqPBABINLMgRpglYKggrAHoAG5rJCLKcgBCakCNsTwkR9Hsj6oAwHIA5uEgIAEqgTtAU_QN8hQhtEscrHXqC03JyFk3PKI2QUolCzRVaQLoYM1vWATLXdrDgMg4GCYJXwq2gvBFurcYHiFxaLhkOODjpeW-DEusBBbEQQIsKvS0FIEE0FwI1XScHRWQD8DdChCMLm8ZvkY_FbZjQUhvfhw_DlqLnrjrWTHgBgj5SyamYuXqJj78kav3tlZ6F6UTaTBVjKSBaeqTlmoCywJVToUS-BovgnAqpHfF_8BHjtqrUtIoCO05xLQGDZoqiC3qtLJ3cWPzXmLNFf1kp8Cw9UkX_edpmscbgVK8KBR53S22gY-WpgFITHcVYotCWS_1MAE-NiBp8YE4AQDiAWc4ojWS5AGAaAGTYAHueTg6gOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOli11o71-_GDA4AKA5gLAcgLAYAMAaoNAkRF4g0TCJuWj_X78YMDFW6agwcdSsoA-LATkr6XFtgTDdgUAdAVAfgWAYAXAbIYBBICwE8%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ%26sig%3DAOD64_3cMAzKC_sqz5NkPTrPvmwqBCw6dA%26client%3Dca-pub-4485239425924787%26dbm_c%3DAKAmf-CcmOMoR8e9QyL2Ty7gR1ndiqZdIydPH4WvoKysbjhkndX-mnTNci6uLfl7l9hBp0NDHDopHO4wfnVOv2AU0MOOOWK5HUROZj6qQa20v_tlIi3wvxvtDG-JKHCgqmDQllwc8a-jqkzkKULFwPOUSrSpsiWZ4F49vAbrmiD0iiI0Q2YcwaY%26cry%3D1%26dbm_d%3DAKAmf-Da1hHtJwzn8NjBhmyOU5V_1u2GOT99qSNTBUsU7prtKisryQDGZR3Qka6CWmo693ibofG2aiSRghChyPFvJtdh0ruR9-EVNcKlHMgHA6bRWVsfec6SfbPZlKrjjpQCZPICSlmufX4wuJ6njDUMvm3KedUh-5pEj1trHf5ZdVQmuWT4MUBn5P-LZAUa_lT_WMZ8Nf71kq2g4qvh3ubO-DUm-aCNG6pmV4k59vlKLkzGUZgmb7Q2sW6_qa9vUIjYb_LspCMhPDw0cWsv0szSc4_P9OSdT9IZHwqhxgfTG5Tpfuw2TYHzYnnfpom1pubNZrX9yu2OhlPkIiw4OqRHAX3d1RIW1TdENFgd4Th9acxOqco9aPXIbjaEFL4-1_ku8QjZH6UlFTHDgXb2Fee3pSntN3gpCARkwly6mRMmQ-G-Ugs_eUn_47UGX7-bYFUUL-ExVPiviSkg9VJotQFOk_Y3pb9CK9xFns9n9xEthV7Z7J2pp9dT1tGoOZeSWRjNwXOXe3vD51BdAWCnaa1rXEhqfDaysyyY5ZNmAIHKQXEKHhrWEBWpOfcZ3DABQkjd3HIOATeL%26adurl%3D&dv360_cmp_id=20313157916&dv360_li_id=1013234048&dv360_crv_id=548368832&jsonp=REVJET_TagObj_1.onLoad&_js_site_page=https%3A%2F%2F39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&_js_site_ref=https%3A%2F%2Freurl.cc%2FE44nYm&_js_device_w=1600&_js_device_h=1200&_js_gtx_id=150371db18832b3b4148_1705959915042&_js_tag_freq=1&_js_vis_type=8&_js_measurable=1&_js_imp_banner_number=1&_js_imp_offsetx=0&_js_imp_offsety=0&_js_imp_vis=1&_js_sf=0&_js_fif=0&_js_imp_banner_topframe=1&_js_embd_tag_id=revjet-tag-0&_js_ao=https%3A%2F%2Freurl.cc&_js_imp_banner_creative_attr=banner&_js_imp_tsver=3.5.2&_js_tstamp=1705959915054
Requested by: Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 167.235.11.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.39.11.235.167.clients.your-server.de
Software: nginx /
Resource Hash: 3bfbd588006eeee4a5ad2ca97fdbe3d7bfca1c9d47e6a45cb7b69b1cee3532a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
server: nginx
p3p: CP="CAO PSA OUR"
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: no-transform
x-server: ip56853
expires: Sat, 01 Jan 2000 12:00:00 GMT

GET
H2 200 elements-2.12.0.js Show response
cdn.revjet.com/~cdn/JS/03/ Frame D940 170 KB
50 KB 55ms
13ms Script
application/javascript 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBC) /
Resource Hash: d882dff85edd5e0121959274acf5b8c5ffb6f5526b0bf2842982e2e17fbd3198

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Origin: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
last-modified: Fri, 19 Jan 2024 21:55:26 GMT
server: ECS (amb/6BBC)
age: 544
etag: "65aaefce-2a80a+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
content-length: 51367
expires: Mon, 22 Jan 2024 21:55:15 GMT

GET
H2 200 999
pix.revjet.com/interaction/ Frame D940 43 B
277 B 284ms
41ms Image
image/gif 65.21.233.17
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.revjet.com/interaction/999?__ads=0247ab31e236657728f71a58ca0572a6&__adt=8240602668035630425&__ade=1&vid=5111198605665009206
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.21.233.17 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.17.233.21.65.clients.your-server.de
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
cache-control: no-store
content-length: 43
expires: Sat, 01 Jan 2000 12:00:00 GMT

GET
H2 200 gallery-2.1.9.js Show response
cdn.revjet.com/~cdn/JS/03/ Frame D940 56 KB
15 KB 14ms
14ms Script
application/javascript 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/~cdn/JS/03/gallery-2.1.9.js
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B9B) /
Resource Hash: 4ba7441454b993f6dc09527c8a03ab527e59496d04796dec6f7189208bd315b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
last-modified: Tue, 17 May 2022 16:32:04 GMT
server: ECS (amb/6B9B)
age: 90
etag: "6283ce04-df39+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
content-length: 15443
expires: Mon, 22 Jan 2024 21:55:15 GMT

GET
H3

200

B29368992.359244711;dc_pre=CNn7-_X78YMDFUeS_QcdX_MD6A;dc_trk_aid=577601050;dc_trk_cid=208797659;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915076
ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/ Frame D940
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359244711;dc_trk_aid=577601050;dc_trk_cid=208797659;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=17059599...
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359244711;dc_pre=CNn7-_X78YMDFUeS_QcdX_MD6A;dc_trk_aid=577601050;dc_trk_cid=208797659;dc_lat=;dc_rdid=;tag_for_chil...

42 B
63 B

31ms
31ms

Image
image/gif

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359244711;dc_pre=CNn7-_X78YMDFUeS_QcdX_MD6A;dc_trk_aid=577601050;dc_trk_cid=208797659;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915076

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359244711;dc_pre=CNn7-_X78YMDFUeS_QcdX_MD6A;dc_trk_aid=577601050;dc_trk_cid=208797659;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915076
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 elements-2.12.0.js Show response
cdn.revjet.com/~cdn/JS/03/ Frame F3B5 170 KB
50 KB 15ms
14ms Script
application/javascript 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBC) /
Resource Hash: d882dff85edd5e0121959274acf5b8c5ffb6f5526b0bf2842982e2e17fbd3198

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Origin: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
last-modified: Fri, 19 Jan 2024 21:55:26 GMT
server: ECS (amb/6BBC)
age: 544
etag: "65aaefce-2a80a+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
content-length: 51367
expires: Mon, 22 Jan 2024 21:55:15 GMT

GET
H2 200 999
pix.revjet.com/interaction/ Frame F3B5 43 B
169 B 201ms
42ms Image
image/gif 65.21.233.17
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.revjet.com/interaction/999?__ads=52726f33ef581f0da6f4439202bfe42b&__adt=8240603791821795851&__ade=1&vid=5111770317351714359
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.21.233.17 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.17.233.21.65.clients.your-server.de
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
cache-control: no-store
content-length: 43
expires: Sat, 01 Jan 2000 12:00:00 GMT

GET
H2 200 gallery-2.1.9.js Show response
cdn.revjet.com/~cdn/JS/03/ Frame F3B5 56 KB
15 KB 15ms
15ms Script
application/javascript 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/~cdn/JS/03/gallery-2.1.9.js
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B9B) /
Resource Hash: 4ba7441454b993f6dc09527c8a03ab527e59496d04796dec6f7189208bd315b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
last-modified: Tue, 17 May 2022 16:32:04 GMT
server: ECS (amb/6B9B)
age: 90
etag: "6283ce04-df39+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
content-length: 15443
expires: Mon, 22 Jan 2024 21:55:15 GMT

GET
H3

200

B29368992.359132725;dc_pre=CJm___X78YMDFd2k_QcdAvIBEg;dc_trk_aid=577462376;dc_trk_cid=208799639;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915075
ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/ Frame F3B5
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359132725;dc_trk_aid=577462376;dc_trk_cid=208799639;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=17059599...
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359132725;dc_pre=CJm___X78YMDFd2k_QcdAvIBEg;dc_trk_aid=577462376;dc_trk_cid=208799639;dc_lat=;dc_rdid=;tag_for_chil...

42 B
63 B

30ms
30ms

Image
image/gif

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359132725;dc_pre=CJm___X78YMDFd2k_QcdAvIBEg;dc_trk_aid=577462376;dc_trk_cid=208799639;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915075

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29368992.359132725;dc_pre=CJm___X78YMDFd2k_QcdAvIBEg;dc_trk_aid=577462376;dc_trk_cid=208799639;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1705959915075
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame D940 49 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame F3B5 49 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame D940 470 KB
470 KB 14ms
13ms Font
application/octet-stream 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BB1) /
Resource Hash: 6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Origin: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
x-amz-version-id: kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age: 21022
x-amz-request-id: M7EFCDAEA5Y6S4E5
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 480984
x-amz-id-2: hl6g/VivtIHnwbMto3JN50cBdYKSqP/v8TEh0/SDX78fyUDSNMPeyCV8F11WV0XhbKE8pkfj9/c=
last-modified: Thu, 16 Nov 2023 19:47:31 GMT
server: ECS (amb/6BB1)
etag: "a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 GeorgiaW01Regular.woff2
cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/ Frame D940 33 KB
33 KB 15ms
15ms Font
font/woff2 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/GeorgiaW01Regular.woff2
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BB1) /
Resource Hash: ec0252ba8694b474f3b887ffe91c07341280451a177944d79ff2a94d877a07d5

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Origin: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
last-modified: Fri, 04 Mar 2022 15:24:09 GMT
server: ECS (amb/6BB1)
age: 327
etag: "62222f19-842c"
x-cache: HIT
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 33836
expires: Mon, 22 Jan 2024 21:55:15 GMT

GET
H2 200 162453298.woff
cdn.revjet.com/s3/fonts/162453298/ Frame D940 13 KB
13 KB 16ms
15ms Font
application/octet-stream 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/s3/fonts/162453298/162453298.woff
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B88) /
Resource Hash: 489c8bd821038a9ce8f643de824f6a507c68e3a4e024fb56209d7b9464134036

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Origin: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
x-amz-version-id: .Is8JR1jYDeMhMM7ZjPhsnsyUTdaBiJa
age: 14013
x-amz-request-id: CX5ZRWR11DQ7RWRR
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 12940
x-amz-id-2: DCYiWAQ2O28JyuCdUsiZ2qQYA8y7Zq5irxd+K8cO1NljXd1I7Cl0AxFSs/DFqav+AXh+kMcR2uQ=
last-modified: Thu, 16 Nov 2023 19:31:22 GMT
server: ECS (amb/6B88)
etag: "31b663ffd91c821398bdd07236df4b22"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 arrow_grey.svg
cdn.revjet.com/s3/csp/1662732236308/ Frame D940 286 B
564 B 14ms
14ms Image
image/svg+xml 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1662732236308/arrow_grey.svg
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B9E) /
Resource Hash: d144365863e6bb29da96e647c672152326639ed4bad9f7f4092eeb3698eba532

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
x-amz-version-id: xvWQ2m3sdbfn_7tiBj4ob78SzYdaK8j7
age: 83224
x-amz-request-id: HVE1CD9ZX68EP8SE
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 237
x-amz-id-2: KwND0lGZLll/dGORg4iqUq1k4FH8Yin1TWYwl0/bVnJZ63NCk8U7GNliPXovIxJQSSF63pG6xtE=
last-modified: Fri, 09 Sep 2022 14:03:58 GMT
server: ECS (amb/6B9E)
etag: "7744a5e73070172a2534ddcbd966d020+gzip"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame D940 470 KB
470 KB 15ms
15ms Font
application/octet-stream 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BB1) /
Resource Hash: 6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Origin: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
x-amz-version-id: kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age: 21022
x-amz-request-id: M7EFCDAEA5Y6S4E5
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 480984
x-amz-id-2: hl6g/VivtIHnwbMto3JN50cBdYKSqP/v8TEh0/SDX78fyUDSNMPeyCV8F11WV0XhbKE8pkfj9/c=
last-modified: Thu, 16 Nov 2023 19:47:31 GMT
server: ECS (amb/6BB1)
etag: "a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2714 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B_ZZM6uGuZdSVLqqO7_UPzrGTUAAAAAA4AeAEAg&bg=!4uGl4a7NAAa8BdJLnAU7ADQBe5WfOBPc9ud4TSBfdI6UdzJTUxUQ_E_HhluWMBpdSIqihVZ22QpzFx31Fli6-ww609CRAgAAAOdSAAAABGgBB5kDDQ78UVD1JijdC0CcgQNotOGQKUm6RltaaTQPUKeMJcAmwigmOgCw4pLq3Ia6LXaWH4SRifGuqgYv2T35_ls5Ph9yT8zjYeOg_-e7ry-iYr2pJcZrv-_XpcF1qW8aeJrO4COcrjO2LnWmWaKLoIr_QsehcDQJU28dlxsSzbqSupyfhKRi7Q0QBkx_0Fyongw9HCeUmXeM9WWmsl-E9Rl3bTQyX42PQO_y3e620NfAS_F1WUV_2V-JcE0INQNnUyCcXi0-DjGWAqsSyw9Nc5zJanAzk3mbE4XKnrf5i9xHdzvXQOThqD3g9WdZEzWAG27ncy-gSn5lCSdmoSGDVrBddhLavrHTMQrIFqD4YlwcOYd7IGhvEj-j9q861c8Gh-YB9rbexovRsLRdnGOi7AIckkeCATEEr_kaGJHrtwIn0EWFRjg8tiIKFuHG_qWRRkdvT4FGa62eA-LJPuQQ9EOJbCByVhustsxJ6CycPwgSBY-gcf7st3M8BXHhh60MnK2dUnY36soMlmay7A-6TPR_HZ44GjuJPCcK6kUve-G6dXJp3COs5nAG61we9pxcHE2hm7ZPGDwR6VRC-8_uzamf6hAxJ8uN6T21um0sE4FVNg07mF1b4ExGjIi1il24Cv_9ddbs1eEtj9fUL3hlErtaNh5TtGn_W5SQaIVSLYRFP0CfnA1CrfKwFQ84cWcCsKgnwxPyQnyHS40LNpEo7ChLh8JFQS1lBgZ61wu00kkxiHEGmvEdzIo1NaY1Nsy7j1LzTXl9uD0FZJSL1Sp0bc4eHIIW8KTLclTEvNu7upgfM6JBqjHy2nzvA_SiEkhoNjGQ7RbzSFnpzBOiW8CfoDRTwJiira9m8Xib6BCxRxb-LYvaWgHLFjQ7PXzZsDncXj0XvR2Go8UjqheJgXhH5jT8jSm7gcrfKm0T6DE9E-Y4GrXmjC-nUO2UFZnLZifuAG0Aya2cECoCvhtW_UcOjWY1ztkMsV857oTa8-WF_FlFtMSgqUXKAiIxabnN_aJkc2hA3xFSR7k_czPQonxGmTY

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 77C7 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B5a596uGuZb_GLNrSjuwPm8im4A4AAAAAOAHgBAI&bg=!wcKlwo3NAAa8BdJLnAU7ADQBe5WfOMFT7HOofkD2Q0HD_I7SN-pv3v1fR1WI6DOMlvsQTbJz8MPGPkHeqaEWy3hiPmoUAgAAAP1SAAAABGgBB5kDAcw7B00oZ5Hz4SXMztiP-8HDYotaa4AoBNU2dxxOjP9eCHqQFI1-ttEhFNQWpjuaZE4bxJwCWzi1aTXFYP7Msz0Mx7YiFQjK30-MBkKEPGTjOmkCyBtrLBkIkxSRTeHgWXAbhRFB_gBYk45orPpg9LFhwzyU5aIlgWKpo6yFLImSXEvieS64YOmVCq6wIXoSdLK0wRoKhv6aVq1DuG8VlwrUQIBfB6Ilzd7m046KwTWM2Pf1taF6EC28diOHNkhlUkJS1b9c59arPjxaOlftfda2tR1DCCNVQghxFpciItm0ZsR9KQCzVF20h-9-SgrMbQcr04n94GxTYR6lW5U3ynFjp1pkmQPm-khVp3bBdzN2mn-tInxsR7bGbxNUe5JLxWSHTNjbZj2S3f5DMVSzrQeYvy-DOGJ7r_xXy9WzQQ0S2kpCluuMpD0m7oak2LDiciZcDJppanbULMZgXchyq7L87CfpQNCPuzECv4g63NfqtgVulMz5QFjDEIAFcTvQigY0w_pBvyFSCdXwpWBMm_jtdiIfv7UmXYQsotBZsa-e63itzPj1M7FE8yLblGdXmUSQYxanCnVQQfOgC8UcBN3RbZxJATUTOWXMktvPeIm5v1l7PtvXlVYJMGkxpvCJyeLb_l9SvK_Pmid9_URfZO10csNI-e8XWfaLBREGNFuB59suKWhSI3CyuD-nEFbe95c0uhnK-xYQvdpIQsw3dq1u50oAL8gvrh70W0frwQL7B0cY7nQwJYu19FfAdyRa44jtD0u1llUpJ0aqbvuRpiPWq-V3v9BZrqKLkP3jPI6PDgYMmXYCrVB2aZBc5Q-hHjnV93fUBeLl5W074wIOvmvi4NUfKhLXwqWE7esAPdfQITDGTXE1YEYiLfAS9hCf7NFO8uhFUQ7NuXnFpnPBA8JMbKkMSgqKDHUlp1E1Igdc09_iApyzksZq0U75sezv5U-Cq8B-JhN0G_Htk2OUi9N62b9t_nDN05-awX1XL0d3ZYxkQ4hH-2lEUNn5FlxdEqs

Requested by

Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 286050565_uc
cdn.revjet.com/s3/csp/1702543807424/ Frame D940 35 KB
35 KB 15ms
14ms Image
application/octet-stream 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1702543807424/286050565_uc
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA9) /
Resource Hash: f459bcfec9b90fb2f0ae513c92b064f6457ad813bce8f7c03f75e1261b69b513

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
x-amz-version-id: SzFjHcxp.AkHVO_XJqSkAzZL4aRHEJuL
age: 13757
x-amz-request-id: ZZ0TVW4YPA5C96BN
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 35752
x-amz-id-2: hvdbn4ILU6iW6JaGbqGEbFdOaIRDVKYst+mLlnvkX/zTfkgBL7icongxXLaWmafSXkIdrvm/5HE=
last-modified: Thu, 14 Dec 2023 08:50:09 GMT
server: ECS (amb/6BA9)
etag: "b8a3184a5e1571fbb9de3e7a31c3b6a0"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 1000
pix.revjet.com/interaction/ Frame D940 43 B
169 B 41ms
40ms Image
image/gif 65.21.233.17
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.revjet.com/interaction/1000?__ads=0247ab31e236657728f71a58ca0572a6&__adt=8240602668035630425&__ade=1&vid=5111198605665009206&__clstampdif=346&__stamp=1705959915455
Requested by: Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.21.233.17 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.17.233.21.65.clients.your-server.de
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
cache-control: no-store
content-length: 43
expires: Sat, 01 Jan 2000 12:00:00 GMT

GET
H2 200 logo_word_black.svg
cdn.revjet.com/s3/csp/1662732637080/ Frame D940 3 KB
2 KB 17ms
16ms Image
image/svg+xml 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1662732637080/logo_word_black.svg
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B89) /
Resource Hash: c2754c8058fdfdf9c8aef009eb9b3c25b93aeab0c7a0cbe5a4be020620ee4966

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
x-amz-version-id: 6dP9WoKtkjdaRlsO3V7DUipbqdCKLzpR
age: 56358
x-amz-request-id: N3QG7PC4VFEQ5FSR
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 1556
x-amz-id-2: ZbHMHVXNqQClznyJZ4RIWy+7JE8oYHiZyCJ9SySIraaZxjJKjVO8LkxBdHTPLFNfl+vPRlaOXug=
last-modified: Fri, 09 Sep 2022 14:10:39 GMT
server: ECS (amb/6B89)
etag: "4e3f110ca066e6b8dc4a9827ae6e6f50+gzip"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame D940 632 B
649 B 14ms
14ms Image
image/svg+xml 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBA) /
Resource Hash: b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
x-amz-version-id: zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age: 82135
x-amz-request-id: 2X6XC15JV3KRDBA0
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 427
x-amz-id-2: GEbk97Zo+wagPa+4mWraseP3t378JHHvtOZwc3WSJtsP98DKCDMFovtkQjwhk4Dtn9dh3E9qOCM=
last-modified: Fri, 09 Sep 2022 14:10:39 GMT
server: ECS (amb/6BBA)
etag: "e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 Logo-Wordmark-White.svg
cdn.revjet.com/s3/csp/1680256735421/ Frame D940 7 KB
4 KB 15ms
15ms Image
image/svg+xml 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1680256735421/Logo-Wordmark-White.svg
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B72) /
Resource Hash: 63f7be1d0a480f22ca23ca1a147f759d5199f5a16ad731633cd3aa81f857ec5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
x-amz-version-id: AwNg3pZ_b3UTO1Gv2fLqLaH_CNFtNLJM
age: 83225
x-amz-request-id: VSMEWRVQ6D0A49MW
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 3628
x-amz-id-2: /xEJeG8S35JiVPua+weKemZyz6rmB2d8pz6Vsvbyjx5gF4KPHiYF55PqSkG0S/+/M9VlepgVRdI=
last-modified: Fri, 31 Mar 2023 09:58:57 GMT
server: ECS (amb/6B72)
etag: "6802dc95d8e5a742e4e3e3e09650a7c7+gzip"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 162453298.woff
cdn.revjet.com/s3/fonts/162453298/ Frame F3B5 13 KB
13 KB 15ms
15ms Font
application/octet-stream 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.revjet.com/s3/fonts/162453298/162453298.woff
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B88) /
Resource Hash: 489c8bd821038a9ce8f643de824f6a507c68e3a4e024fb56209d7b9464134036

Request headers

Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
Origin: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
x-amz-version-id: .Is8JR1jYDeMhMM7ZjPhsnsyUTdaBiJa
age: 14013
x-amz-request-id: CX5ZRWR11DQ7RWRR
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 12940
x-amz-id-2: DCYiWAQ2O28JyuCdUsiZ2qQYA8y7Zq5irxd+K8cO1NljXd1I7Cl0AxFSs/DFqav+AXh+kMcR2uQ=
last-modified: Thu, 16 Nov 2023 19:31:22 GMT
server: ECS (amb/6B88)
etag: "31b663ffd91c821398bdd07236df4b22"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 arrow_grey.svg
cdn.revjet.com/s3/csp/1662732236308/ Frame F3B5 286 B
316 B 16ms
16ms Image
image/svg+xml 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1662732236308/arrow_grey.svg
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B9E) /
Resource Hash: d144365863e6bb29da96e647c672152326639ed4bad9f7f4092eeb3698eba532

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
x-amz-version-id: xvWQ2m3sdbfn_7tiBj4ob78SzYdaK8j7
age: 83224
x-amz-request-id: HVE1CD9ZX68EP8SE
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 237
x-amz-id-2: KwND0lGZLll/dGORg4iqUq1k4FH8Yin1TWYwl0/bVnJZ63NCk8U7GNliPXovIxJQSSF63pG6xtE=
last-modified: Fri, 09 Sep 2022 14:03:58 GMT
server: ECS (amb/6B9E)
etag: "7744a5e73070172a2534ddcbd966d020+gzip"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 1000
pix.revjet.com/interaction/ Frame F3B5 43 B
276 B 41ms
40ms Image
image/gif 65.21.233.17
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.revjet.com/interaction/1000?__ads=52726f33ef581f0da6f4439202bfe42b&__adt=8240603791821795851&__ade=1&vid=5111770317351714359&__clstampdif=383&__stamp=1705959915525
Requested by: Host: 39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
URL: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.21.233.17 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.17.233.21.65.clients.your-server.de
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
cache-control: no-store
content-length: 43
expires: Sat, 01 Jan 2000 12:00:00 GMT

GET
H2 200 1757116933_uc
cdn.revjet.com/s3/csp/1702543027355/ Frame F3B5 7 KB
7 KB 14ms
14ms Image
application/octet-stream 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1702543027355/1757116933_uc
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B8B) /
Resource Hash: 9e52993af61643d30e57659134617225748709b37568d944153cca2e023fb3fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
x-amz-version-id: Y4hyIzHjRYBCcJJ7XzSc.w9V8h.5EqTk
age: 14508
x-amz-request-id: 4N3QW990AMJ5Y5G2
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 6968
x-amz-id-2: REfRUiijPqZtdKl6b+RrrOtM+Vj2rxrjwkt2ZICMHvQEJcFaBYiag5XPEsrdv2/qK0syTTmKMZE=
last-modified: Thu, 14 Dec 2023 08:37:09 GMT
server: ECS (amb/6B8B)
etag: "64a7959a3798807042bb10f28bb7c640"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame F3B5 632 B
506 B 15ms
14ms Image
image/svg+xml 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by: Host: cdn.revjet.com
URL: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBA) /
Resource Hash: b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
x-amz-version-id: zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age: 82135
x-amz-request-id: 2X6XC15JV3KRDBA0
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 427
x-amz-id-2: GEbk97Zo+wagPa+4mWraseP3t378JHHvtOZwc3WSJtsP98DKCDMFovtkQjwhk4Dtn9dh3E9qOCM=
last-modified: Fri, 09 Sep 2022 14:10:39 GMT
server: ECS (amb/6BBA)
etag: "e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 Logo-Wordmark-White.svg
cdn.revjet.com/s3/csp/1680256735421/ Frame F3B5 7 KB
4 KB 15ms
14ms Image
image/svg+xml 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1680256735421/Logo-Wordmark-White.svg
Requested by: Host: cdn.revjet.com
URL: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B72) /
Resource Hash: 63f7be1d0a480f22ca23ca1a147f759d5199f5a16ad731633cd3aa81f857ec5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
x-amz-version-id: AwNg3pZ_b3UTO1Gv2fLqLaH_CNFtNLJM
age: 83225
x-amz-request-id: VSMEWRVQ6D0A49MW
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 3628
x-amz-id-2: /xEJeG8S35JiVPua+weKemZyz6rmB2d8pz6Vsvbyjx5gF4KPHiYF55PqSkG0S/+/M9VlepgVRdI=
last-modified: Fri, 31 Mar 2023 09:58:57 GMT
server: ECS (amb/6B72)
etag: "6802dc95d8e5a742e4e3e3e09650a7c7+gzip"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 Logo-Wordmark-noShadow.svg
cdn.revjet.com/s3/csp/1679927261226/ Frame F3B5 7 KB
4 KB 15ms
15ms Image
image/svg+xml 192.229.233.6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.revjet.com/s3/csp/1679927261226/Logo-Wordmark-noShadow.svg
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B83) /
Resource Hash: 27c91b042b50c145ccbe32c722d890e2e13b662302c269e1c990591348d98875

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
x-amz-version-id: _LI8vXFq5W37Tvc9LZcnQweHjqGcRfe8
age: 44970
x-amz-request-id: H3K3Q2QWPH251JMJ
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 3634
x-amz-id-2: wITSw9STz20d7vhGueMUoJ0wIIaGPWWmevjXljFY0Sca5R8VzyjcK3omSp+H2p7fH5mr3j7gCUY=
last-modified: Mon, 27 Mar 2023 14:27:43 GMT
server: ECS (amb/6B83)
etag: "66704ffec01c0a05020997e7776a8b76+gzip"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
expires: Tue, 23 Jan 2024 21:45:15 GMT

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame FE84 2 KB
1 KB 280ms
277ms Script
text/html 52.69.87.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FE44nYm&n=772&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=9115-YIQPT5L1bjsV5A7gYUPO7Ar6r1StiGlp&fp_uuid=9115-a87422f7fc12e953adaf5f8d7f576383&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.69.87.178 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-69-87-178.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 9db6eb84d3a774b0d8ac3cad8c6c899a449169877729bb4c7bc7d87505fbfb20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Mon, 22 Jan 2024 21:45:15 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame FE84 3 KB
4 KB 17ms
15ms Script
application/javascript 2600:9000:2250:aa00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:aa00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
date: Mon, 22 Jan 2024 21:45:15 GMT
via: 1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront)
last-modified: Thu, 14 Dec 2023 06:52:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 55
x-amz-server-side-encryption: AES256
etag: "21253aa5d7ee0c3b700ce5f1a4a1b4d1"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 3446
x-amz-cf-id: hvkzYJYua6dGgto6r4Ao2S9gBNZoSBithz2o_QR6eIHYwJGCy36IxQ==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame FE84 5 KB
6 KB 18ms
15ms Script
application/javascript 2600:9000:2250:aa00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:aa00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
date: Mon, 22 Jan 2024 21:44:28 GMT
via: 1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront)
last-modified: Tue, 14 Nov 2023 14:15:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 48
x-amz-server-side-encryption: AES256
etag: "ec9ddd169f5fd01f28f9b31866cd4701"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 5467
x-amz-cf-id: SrxteKRkh5NGh8z9a79lUMiYyGlW7Xh6LAQP2EVDz1h1srTXTl14jQ==

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 7C5E 213 KB
56 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d7800992c70337710a800628bad888bebad0a275102de46a3370179e373c034b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 22 Jan 2024 21:45:15 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57022
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: StejKdIKNj6i0z3rrdgjq6wzzCQRzKpKx4KV3VIlPPbMa07fTJwjZltR/QJ3l4ICbSdIrVnbsQLYGkJ0hwQxug==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame FE84
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=yTOiXL1kDXyXR9F67OGuZQ

2 B
160 B

295ms
294ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=yTOiXL1kDXyXR9F67OGuZQ
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Mon, 22 Jan 2024 21:45:16 GMT
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: nginx
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: null
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=yTOiXL1kDXyXR9F67OGuZQ
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame FE84
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=ihqAPOesBh28eqZ77OGuZQ

2 B
130 B

297ms
297ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=ihqAPOesBh28eqZ77OGuZQ
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Mon, 22 Jan 2024 21:45:16 GMT
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: nginx
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: null
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=ihqAPOesBh28eqZ77OGuZQ
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 7C5E 37 B
409 B 221ms
220ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

c0a9e937cf031edb0f9312fba2bb4554430fff4e4c4f7c91ea4075edb3e88ef9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C83F 42 B
64 B 41ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvbLYJKWWByTqwR37b2qi9GGBP4hnzcMscGiIsCE8SOMsAmsgZbeUVUADiHE1yB6_ssOtf5BHT-B9XyDSvpg5qWpL3Ieriq5iKHiTHR4oQjZCokmna-y_PJDoMj9__YECDiIBfSalA0_JtvJ8fNEfR5p0Ti&sai=AMfl-YTIhiOJCQtvcRwqe3ClbZLFB6rRH0p3cBEWpIEKTmgR_fh1eBj3yDEdcjvJL6JWXWWIxZtdTpWFm4SkBQj4Cthuc6iC59hyHLUsmefHQshaiYKEafwU6iTqQA1QBMvFb6qmsfmsJ1gWvd-trbMpyw&sig=Cg0ArKJSzFK12fRfiQL8EAE&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&id=ampim&o=1030,108&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=463&tls=1463&g=100&h=100&tt=1464&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 73D4 42 B
64 B 41ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss2SaO4AxOQblDS5RSkBHH0J85YSuR_vD33q9SsFqStFCwc-HR9vyhgDZhBMKW93pJJ_7-2Lp5GqS3rYSZueQGO_v3Ap-hkxlV-OddRkatsSNj_MRBZZQRL7jKxuBGTmcEUv-N_Ye2TT7G7xbVNDa1B9JgV&sai=AMfl-YRj5zS9YnAjXay7tZaiLuJjelBDvrUrCQmWrazLNWRHRblWv4ucuY_6sp63rYXUTtGGZAzEnW5HnHuFYKkvT4JF4VFyyiWg6YZwJjNrEZAS_OyFTclgbxpGqyIqIKw1wLCn0ZFUkpifWMO7VIeXOA&sig=Cg0ArKJSzERdiWUEa0riEAE&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&id=ampim&o=270,108&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=451&tls=1452&g=100&h=100&tt=1452&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cde4f168b4ae43ea8b53031d5ba67f84.jpg
img01.ztat.net/article/spp-media-p1/7129dad1f6e244b0a56be2874a52dce6/ Frame F3B5 23 KB
23 KB 61ms
18ms Image
image/webp 2600:9000:2156:0:15:157b:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img01.ztat.net/article/spp-media-p1/7129dad1f6e244b0a56be2874a52dce6/cde4f168b4ae43ea8b53031d5ba67f84.jpg?imwidth=350
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:15:157b:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4a46e8bd5307848d5ba66c67f43de932f37338e5172b11cd323ca013b89fe9fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 04:37:57 GMT
via: 1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
age: 1012039
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 23420
x-amz-expiration: expiry-date="Sun, 03 Mar 2024 00:00:00 GMT", rule-id="Expire after 3 months"
last-modified: Thu, 23 Nov 2023 14:45:24 GMT
server: AmazonS3
etag: "2554f301d5bd85026bc0f53f59ee2b6d"
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=7776000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: T5rGsJ__BICx2k9apbjTSeiT32GGy4453cb61CwweXzK5Kk1t7Vzrw==

GET
H2 200 cf7fbd251b3046a0b869c9d4dbc7c84a.jpg
img01.ztat.net/article/spp-media-p1/90a52cc91361430eac17a6f761f90d54/ Frame F3B5 4 KB
5 KB 56ms
13ms Image
image/webp 2600:9000:2156:0:15:157b:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img01.ztat.net/article/spp-media-p1/90a52cc91361430eac17a6f761f90d54/cf7fbd251b3046a0b869c9d4dbc7c84a.jpg?imwidth=350
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:15:157b:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3f47903ab86885cc68031c8342a3d220754100194b6248fed233e1ed278dadd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 04:17:51 GMT
via: 1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
age: 3259645
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 4122
x-amz-expiration: expiry-date="Mon, 11 Mar 2024 00:00:00 GMT", rule-id="Expire after 3 months"
last-modified: Fri, 01 Dec 2023 01:06:19 GMT
server: AmazonS3
etag: "414602cb0642bd8800fb49814f7a8e05"
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=7776000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 5k5ryHxHNNHV8Ec0amjU8V0yCofQJugIVQ5Qs1ZKo8jfkhYv7sh-YQ==

GET
H2 200 dd50bbe4ce26479e91d4ad6ad3fbb08d.jpg
img01.ztat.net/article/spp-media-p1/5e79f2a44ba74f85b659d3b0c5b3630b/ Frame F3B5 8 KB
9 KB 55ms
12ms Image
image/webp 2600:9000:2156:0:15:157b:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img01.ztat.net/article/spp-media-p1/5e79f2a44ba74f85b659d3b0c5b3630b/dd50bbe4ce26479e91d4ad6ad3fbb08d.jpg?imwidth=350
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:15:157b:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4903141af05dab837543e379f26049fdceb72ab8d7248ce3213b09b6b5b04aa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 04:45:54 GMT
via: 1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
age: 838762
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 8348
x-amz-expiration: expiry-date="Sat, 13 Apr 2024 00:00:00 GMT", rule-id="Expire after 3 months"
last-modified: Wed, 03 Jan 2024 04:07:23 GMT
server: AmazonS3
etag: "ca65294c4ff65a56528d5728605f5c48"
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=7776000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: IMvnWzLY2UpkrOgkfxlyb9TtXczsvV-pHLH5tPv0iDDcso_uOsbFSg==

GET
H2 200 5252f0d7564042559e3c2358defcc3db.jpg
img01.ztat.net/article/spp-media-p1/a0fa455476f44813bff57cda06b17e01/ Frame F3B5 11 KB
11 KB 54ms
11ms Image
image/webp 2600:9000:2156:0:15:157b:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img01.ztat.net/article/spp-media-p1/a0fa455476f44813bff57cda06b17e01/5252f0d7564042559e3c2358defcc3db.jpg?imwidth=350
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:15:157b:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Skipper /
Resource Hash: 8dc3914f441ecc859886d666df0b83135bf3be073c8838d91e3635230e641efe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 14:34:13 GMT
via: 1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
server: Skipper
age: 3913862
x-amz-cf-pop: FRA50-C1
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=7776000, immutable
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: tpC4PsimhiE1OQ9Q1N2pYjK0A5fcKqI1zv1gJYlbZjFOu357yin-aA==

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame FE84 5 KB
3 KB 218ms
218ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

aea329c8fc42e4454ef62e1fbca6c04aac43220994f688869210598a66228f53

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:15 GMT
strict-transport-security: max-age=0
content-encoding: gzip
last-modified: Thu, 11 Jan 2024 05:45:05 GMT
server: nginx
etag: W/"659f8061-1428"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
expires: Mon, 22 Jan 2024 21:55:15 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9724 42 B
64 B 57ms
41ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv941vdRt0Qvq-y2sF0VNKKBwWj1wYEVNSupn83HCv7QvlI3nho-Hk7JcxfC_6MtCMn5daEUzJo2H5qUV2ooSEHmMyuCIpuT6y0HkTJVD688WdJ_50JHiDlm3o5dsY562MsPU_gt3SZiwlYvvwXiI-z5J_V&sai=AMfl-YT3HWl0Sf9EwOiEgUi2dVFbMHF7wNpGlsWFhCSM9oPbsYbkfYRmbsurwUXGgpNNxkwsCl0KMZQf1Bb0Yxa5ZPw3RTn2FedQYyoePC5pGS28Xa7k4hDPl2uN96gvuMJAFsuXiKGcBvVosZzBQMCYtw&sig=Cg0ArKJSzEMENY_EZm1XEAE&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&id=lidar2&mcvt=1000&p=108,650,358,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3242553145&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705959914355&rpt=485&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4BE1 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsux4eCiiw7_ncOCB9OmKM-2XQV1s4K2XcO2EH1h2XHBNYYB1-W8dNmfOn7aIYFYFlQh8AmQV6e00MMii2cwnWiqsfLT4UHBDMlbBnWxCNk3gKe4RVdIqfA0ZPWXV7CsuMzsjYZPS9GQKlLnaQK-CAAv-fFg&sai=AMfl-YROnZtrYR1eXHUX0qizcdEz7vAwuCgV6Pcwp9DUtX_YLO1oL8zegCVrzv8_c9u96SRHeeVO9rMiY3rNaoPbkSj8cMl1TBPO9KCexKtOSIciKSxxugQVwbHoweNMscMTUNLPcgSyfChf23hqv_r44A&sig=Cg0ArKJSzCnYgCq1641EEAE&cid=CAQSTwAvHhf_tk9v43PE5Yk9u6SJRHnlnsa-L_plO2eTQob9bC0nR_6P_wCH_4IfjSvgur0RySmyKfOhP31m0OrSejVccNc7yJBR5n1hbU_8IT4YAQ&id=lidar2&mcvt=1000&p=687,436,777,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=81851380&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705959914301&rpt=571&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame FE84 13 KB
13 KB 13ms
12ms Script
application/javascript 2600:9000:2250:aa00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FE44nYm&n=772&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=9115-YIQPT5L1bjsV5A7gYUPO7Ar6r1StiGlp&fp_uuid=9115-a87422f7fc12e953adaf5f8d7f576383&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:aa00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
date: Mon, 22 Jan 2024 21:45:15 GMT
via: 1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront)
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 6
x-amz-server-side-encryption: AES256
etag: "dcf480340ca4b65dc9aa76bd9e677036"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 13033
x-amz-cf-id: gtZqsHF_VCNclkXJzKqkb9UTO8ceJj5DXCGIgY-XeUlBpRH97Cs0ig==

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 7C5E 30 B
278 B 222ms
222ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=46db9d8e-8cd9-4642-83da-1262a2a053d7

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame FE84 36 B
401 B 222ms
221ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

b617ae5eea990b3409db83eba2b37bcc5498abb4b02c3239af16645006ef25d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8284 0
0 91ms
52ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsteB08SUt-_0GUAXSLSxb3PFhh4-wHsdhJ3bqYAn6XSk5HgjwhNkNLLuZOKacMNn52EDeoy3f_WyXCM8Jxp1nfSIX6WjlegAAhy9QKvP7dWc4gWqogcTbOIq5P-pw5FHGW07LAVz2uTBIdruzOXrTXzfxBiF0T-SaPxGFGqZ7MbeQhp_OKao-sFq5yK3PAwbX_o6p3SZ9lmqwd8K3PyoMMT4Rs7soJTD4pKRVXxIfZgPaGCd5T0vNwLM8u2rSAUMdsiA6GGVeXg36DTisJw7dsNyNZKcln5p2gIlSj4YaLkwN-PPCQn16XU9KHW1YY6eqoO0rgIJz4b_i68MAXtGe9R6cfnSSN0ZJu7NgJ5elBvpDN4JzB8jm29Fgv8zLSokHHOIv0BPn0WdP2mjA&sai=AMfl-YS9m26i7egskPyeGHFz66G4AqRkKRA55sHsLYNTL5IKQnBd827vyajeh7jffAWqQbMub4a4-P2vQsgdz7Aq8C7I6YCBrCD2B0lLtSwHeD83MT2uAjVjBYstoHE_u8u53kDCPn294it9vO-E4MMVl_iQ&sig=Cg0ArKJSzLPt_OksHiN7EAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 22 Jan 2024 21:45:16 GMT

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 7C5E 0
194 B 222ms
220ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=undefined&mp=46db9d8e-8cd9-4642-83da-1262a2a053d7

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
strict-transport-security: max-age=0
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 pixel
46db9d8e-8cd9-4642-83da-1262a2a053d7.t.ssp.hinet.net/ Frame 7C5E 0
79 B 1212ms
217ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://46db9d8e-8cd9-4642-83da-1262a2a053d7.t.ssp.hinet.net/pixel?bd=46db9d8e-8cd9-4642-83da-1262a2a053d7&t=cf&referrer=https%3A%2F%2Freurl.cc

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
strict-transport-security: max-age=0
server: nginx
content-length: 0
content-type: image/png

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame FE84 30 B
271 B 221ms
220ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=46db9d8e-8cd9-4642-83da-1262a2a053d7

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true

POST
H2 200 900
pix.revjet.com/interaction/ Frame D940 43 B
276 B 42ms
41ms Ping
image/gif 65.21.233.17
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pix.revjet.com/interaction/900?__ads=0247ab31e236657728f71a58ca0572a6&vid=5111198605665009206&__adt=8240602668035630425&__ade=1&latent=0&vis_type=8&__stamp=1705959916442
Requested by: Host: cdn.revjet.com
URL: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.21.233.17 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.17.233.21.65.clients.your-server.de
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:16 GMT
cache-control: no-store
content-length: 43
expires: Sat, 01 Jan 2000 12:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4BE1 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2901100299979&version=m202309260101&ct=77&x=1&cor=2846228381508573700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9724 0
20 B 39ms
38ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6276946130177&version=m202309260101&ct=77&x=1&cor=12887091187515790000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 900
pix.revjet.com/interaction/ Frame F3B5 43 B
276 B 41ms
40ms Ping
image/gif 65.21.233.17
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pix.revjet.com/interaction/900?__ads=52726f33ef581f0da6f4439202bfe42b&vid=5111770317351714359&__adt=8240603791821795851&__ade=1&latent=0&vis_type=8&__stamp=1705959916575
Requested by: Host: cdn.revjet.com
URL: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.21.233.17 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.17.233.21.65.clients.your-server.de
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:16 GMT
cache-control: no-store
content-length: 43
expires: Sat, 01 Jan 2000 12:00:00 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 48DC 98 KB
29 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5be2ab464eb1f97c1087491d76ec587a5f1c537e41363fecc4bb6dc9f28e568f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29749
x-xss-protection: 0
server: cafe
etag: 86 / 19744 / m202401180101 / config-hash: 7236807561734687694
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:45:16 GMT

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame FE84 0
187 B 222ms
221ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=9115-YIQPT5L1bjsV5A7gYUPO7Ar6r1StiGlp&mp=46db9d8e-8cd9-4642-83da-1262a2a053d7

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
strict-transport-security: max-age=0
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 pixel
46db9d8e-8cd9-4642-83da-1262a2a053d7.t.ssp.hinet.net/ Frame FE84 0
79 B 827ms
218ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://46db9d8e-8cd9-4642-83da-1262a2a053d7.t.ssp.hinet.net/pixel?bd=46db9d8e-8cd9-4642-83da-1262a2a053d7&t=50ef57&referrer=

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
strict-transport-security: max-age=0
server: nginx
content-length: 0
content-type: image/png

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/ Frame 48DC 430 KB
135 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dd0b5724f4bbac4bd58de274236fce36135ce302364b3b8ff5c4c3631e81139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 13:04:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31240
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138095
x-xss-protection: 0
server: cafe
etag: 16105826302836755247
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 21 Jan 2025 13:04:36 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48DC 24 KB
11 KB 280ms
280ms Fetch
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3946149797908001&correlator=2103092622108367&eid=31079956%2C31080188%2C31080527%2C31080587%2C31079724&output=ldjh&gdfp_req=1&vrg=202401180101&ptt=17&impl=fif&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14209-2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C320x100%7C300x100&ifi=1&sfv=1-0-40&sc=1&cookie=ID%3D83d3423ff66af1c8%3AT%3D1705959913%3ART%3D1705959913%3AS%3DALNI_MZPjnuab47aUlzB90-Zy9Qr8sEcHA&gpic=UID%3D00000d47af6879c7%3AT%3D1705959913%3ART%3D1705959913%3AS%3DALNI_MY873Q8Se4Km46jpcF6xJnINTZSKw&abxe=1&dt=1705959916789&lmt=1705959916&adxs=640&adys=358&biw=1600&bih=1200&isw=320&ish=100&scr_x=0&scr_y=0&btvi=0&ucis=eakavszd0u96&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=3&url=https%3A%2F%2Freurl.cc%2FE44nYm&ref=https%3A%2F%2Freurl.cc%2FE44nYm&top=https%3A%2F%2Freurl.cc%2FE44nYm&vis=1&psz=320x100&msz=320x0&fws=256&ohw=0&ga_vid=1982044936.1705959913&ga_sid=1705959917&ga_hid=227148578&ga_fc=true&dlt=1705959916580&idt=196&adks=1212019568&frm=23

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e10c54664d1afe92a38644af769d6495400fcbf8aa5f8631a78eb55f58f3dd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11662
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 48DC 16 KB
12 KB 52ms
51ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6149e64e42f41b1d226a77eccf0b0b96892f9e3601c388ba183913c33ff639bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12211
x-xss-protection: 0

GET
H2 200 container.html Show response
549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E6A9 6 KB
3 KB 42ms
15ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:16 GMT
expires: Tue, 21 Jan 2025 21:45:16 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 48DC 17 KB
6 KB 130ms
129ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Jan 2024 21:45:16 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B069 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 43404
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 09:41:53 GMT
expires: Tue, 21 Jan 2025 09:41:53 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 615A 829 B
560 B 18ms
17ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7fcd866c187a043196ab5b083e2e9055098017e4e66fde37d354829ffcf5f3d4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-N1BbODkbml32Jf86ZMJQdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-N1BbODkbml32Jf86ZMJQdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:17 GMT
expires: Mon, 22 Jan 2024 21:45:17 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame B069 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Jan 2025 09:54:39 GMT

GET
H2 200 page.php Show response
www.facebook.com/plugins/ Frame AEA7 92 KB
26 KB 187ms
186ms Document
text/html 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f98e46c158bbde86c51826dd30c8e7a850678f5fb28df7240e767605f310c591

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:17 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), display-capture=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self)
permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), encrypted-media=()
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: /wHQXv7QiHJ6mkHgQOgF9duhRgFdF0F6BjgplK4e6pI+PoLH7KmW0pJHhePHy6uHRtrT0QSo0pYvr+Fgigv9XQ==
x-xss-protection: 0

GET
H2 200 onead-lib.min.js Show response
ad-specs.guoshipartners.com/static/js/ 155 KB
43 KB 299ms
297ms Script
application/javascript 203.66.35.74
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 203.66.35.74 Kaohsiung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-66-35-74.hinet-ip.hinet.net
Software: HiNetCDN/2310 / OneAD
Resource Hash: aee1b6c4bde47d675127a7e2d8ba6beee16eb24fdaf6aa66ae6f0dd667e2c916

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
via: 1.1 google
content-encoding: br
age: 0
x-powered-by: OneAD
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
last-modified: Tue, 16 Jan 2024 09:14:43 GMT
server: HiNetCDN/2310
etag: W/"65a64903-26b54"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-varnish: 15851965
cache-control: public, max-age=360
access-control-allow-credentials: true

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 615A 0
0 38ms
37ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401180101&jk=3946149797908001&rc=
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8284 42 B
64 B 39ms
39ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstOEpx8e0ic4JLZYL6QwD5iCLVamzs4Oa4ZIXgRRtR8Y_vzobahO21oUuCHtgUdxRGRZF3IXylD_jruO9-5_zMAa808tL1esaRc0UHdV2Rp7io6vh4DdJhdF-_4RpDSgxDFkT_sdNi9T1ndqtnyl_9B-A&sig=Cg0ArKJSzNcvGsa699szEAE&id=lidar2&mcvt=1013&p=378,799,478,1119&mtos=1013,1013,1013,1013,1013&tos=1013,0,0,0,0&v=20240117&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3271617715&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705959914362&rpt=1713&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3CDC 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:16 GMT
expires: Tue, 21 Jan 2025 21:45:16 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5F36 640 B
262 B 46ms
45ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYx-ziwAEwAQ&v=APEucNVgIiGip4dzSIGzHuqvUCTylfo0y6db3mYUs0MjPfVWfZ25_B8nlFqSKMn6VULfOHMYNPNYqaONHISuhen4h85zP-4LoiiwgnrOk_gtkNRWt8bVlL8XenmdXx9Wsz-BS4Vg0WVeM6TKgfkwCtpIe3Err3FZD65ICuZrOiVdgfmD_YewkRo

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3CDC 89 KB
31 KB 116ms
115ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:45:17 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CDC 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DENS39TDfsEGxujkc-p3Qw9E42z8R5wicAlxTwVkNI-acv2pYKzLz767P8TDuPy5DUWMxOEqufZzxDA6LzGuXFl9hntrc9FRX33Fe-i0LWA1Uc1wI

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 3CDC 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:41:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43432
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 09:41:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 3CDC 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11760
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3CDC 206 KB
65 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:45:17 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B069 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?CwOMJw
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 5F36
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEmqkqpoFKmO0lcQImcSj_c&google_cver=1

43 B
201 B

20ms
19ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEmqkqpoFKmO0lcQImcSj_c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYx-ziwAEwAQ&v=APEucNVgIiGip4dzSIGzHuqvUCTylfo0y6db3mYUs0MjPfVWfZ25_B8nlFqSKMn6VULfOHMYNPNYqaONHISuhen4h85zP-4LoiiwgnrOk_gtkNRWt8bVlL8XenmdXx9Wsz-BS4Vg0WVeM6TKgfkwCtpIe3Err3FZD65ICuZrOiVdgfmD_YewkRo
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEmqkqpoFKmO0lcQImcSj_c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 5F36 43 B
114 B 39ms
20ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYx-ziwAEwAQ&v=APEucNVgIiGip4dzSIGzHuqvUCTylfo0y6db3mYUs0MjPfVWfZ25_B8nlFqSKMn6VULfOHMYNPNYqaONHISuhen4h85zP-4LoiiwgnrOk_gtkNRWt8bVlL8XenmdXx9Wsz-BS4Vg0WVeM6TKgfkwCtpIe3Err3FZD65ICuZrOiVdgfmD_YewkRo
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 5F36
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEDEhZL-8lrRMUS3ikBFgUMQ&google_cver=1

23 B
163 B

62ms
39ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDEhZL-8lrRMUS3ikBFgUMQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYx-ziwAEwAQ&v=APEucNVgIiGip4dzSIGzHuqvUCTylfo0y6db3mYUs0MjPfVWfZ25_B8nlFqSKMn6VULfOHMYNPNYqaONHISuhen4h85zP-4LoiiwgnrOk_gtkNRWt8bVlL8XenmdXx9Wsz-BS4Vg0WVeM6TKgfkwCtpIe3Err3FZD65ICuZrOiVdgfmD_YewkRo
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Mon, 22 Jan 2024 21:45:17 GMT
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEDEhZL-8lrRMUS3ikBFgUMQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 5F36 23 B
163 B 85ms
38ms Image
image/gif 23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYx-ziwAEwAQ&v=APEucNVgIiGip4dzSIGzHuqvUCTylfo0y6db3mYUs0MjPfVWfZ25_B8nlFqSKMn6VULfOHMYNPNYqaONHISuhen4h85zP-4LoiiwgnrOk_gtkNRWt8bVlL8XenmdXx9Wsz-BS4Vg0WVeM6TKgfkwCtpIe3Err3FZD65ICuZrOiVdgfmD_YewkRo
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Mon, 22 Jan 2024 21:45:17 GMT
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

GET
H2 200 GSwcapvLrEq.css
static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/ Frame AEA7 20 KB
5 KB 38ms
11ms Stylesheet
text/css 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/GSwcapvLrEq.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

13e64e2153618f475e94e0e85fa68c9ce910cfc9b24ca9d44fa546a7d2020a24

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: xXCq6/qryia0kWXvm23HIA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5237
reporting-endpoints
x-fb-debug: IDw9LvyirNnQsfsPASY88kwQKvEt6e9nusx6CRxyNSQBSxsFPy/N4vMnLzjCeq7+eriqWDEaiuFRfQpa/qbLhQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Wed, 15 Jan 2025 12:26:45 GMT

GET
H2 200 V-GL57iHfEB.css
static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/ Frame AEA7 33 KB
7 KB 38ms
12ms Stylesheet
text/css 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/V-GL57iHfEB.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d1ea19a19ec8d6220550ff2184b4c0b90caae3b46865454cc42f803d52d2562e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: wItLblWsAEMAkZNj3Qggsw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6438
reporting-endpoints
x-fb-debug: ofF3kVEDoOm/0+a/uIPBqvIMk0+2mV90pyr4haoKAmSj1YwEvcd54RYbIeS031legNHzTmPIxkGs+m22mveZHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 09 Jan 2025 16:42:12 GMT

GET
H2 200 invMBnw_KCW.css
static.xx.fbcdn.net/rsrc.php/v3/y6/l/0,cross/ Frame AEA7 21 KB
6 KB 35ms
9ms Stylesheet
text/css 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y6/l/0,cross/invMBnw_KCW.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d9dc8b250cb1c4d2e6a78b24ee09f8a434890c3f8fa0edc0684e1bfd6a6c7c91

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: GPIUprcLuw0zIg+zuKSuOg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4834
reporting-endpoints
x-fb-debug: MZgb8P6UDZUDxLWiixjAKL8VjftaPFP5tM8zeg7CLTVkhcr6DO3WjpMr80NrqTudhSALyXQfD96JtDASJCeSNQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sun, 19 Jan 2025 16:22:39 GMT

GET
H2 200 oZB9N6h5pPF.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yh/r/ Frame AEA7 353 KB
91 KB 56ms
30ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/oZB9N6h5pPF.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

07e7fe2ae1f7a8b12a42abe3d98f965966c1b8f505d3b4b2c951ed072bc3bca7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: xo4X8+9CY4R/JniO37MSig==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 93331
reporting-endpoints
x-fb-debug: fY8dz68PliZfDQJ42m2Oh+vnfmDtioTFEtzKoOsqdE8iGU9wsmOX3iVgjyIzPA7SFBRkiZ19/rfNxNP1skvTmA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Fri, 17 Jan 2025 23:59:05 GMT

GET
H2 200 ru8zNtgW1u3.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yx/r/ Frame AEA7 94 KB
27 KB 58ms
32ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yx/r/ru8zNtgW1u3.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f0563dbb4bb81c6b1f745145ff4ca39c3d63daf31952c521dbb689dda5b26ff3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: xfgcH48ZrXyM9ExSIhREow==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27517
reporting-endpoints
x-fb-debug: S9HQ21dhWNQM47FjMqwpFhWmmSlWhR07dfzMNoiAk1oOn8kVrMTlq6Rd3I7Om1MzRgrnNFjkfChXBYl14JhNKw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 11 Jan 2025 15:34:42 GMT

GET
H2 200 Cn_OgNtBsi4.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yd/r/ Frame AEA7 7 KB
2 KB 55ms
31ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/Cn_OgNtBsi4.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

da9912d4e908e3788e753fe3583a9063c0b65049f82d366fe871f03368f7ce10

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: B9gIP5hWP1n5LlUoNnhxow==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2301
reporting-endpoints
x-fb-debug: TwtzhwOOqhABNmsBP6Tk88X0huP2tTngVQRdka/AQ5MV9iKfdbjOeahlrJbZb0B9PGLCoZIO62R7oXiglGw3iQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 18 Jan 2025 17:31:43 GMT

GET
H2 200 HunSEDgWobw.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame AEA7 51 KB
16 KB 55ms
31ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/HunSEDgWobw.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bfc0b1fd1c82937e8b73386fa545f650d7cb1d4f8482195facfd1617b881dff1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: +/koHPnH0IuKvTysDhDeDQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 16616
reporting-endpoints
x-fb-debug: xGGmkPdVniRMRRFbwk1veI9bSghQ2Nr9VCVyFsrDVRzLF6MKK36gJaimZ60/p00pqZEz7h6NO64zu3hiAAmiEA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Tue, 21 Jan 2025 17:53:48 GMT

GET
H2 200 p55HfXW__mM.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ Frame AEA7 507 B
487 B 54ms
30ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: L5E9gSgR735vyjAzTFly4g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 293
reporting-endpoints
x-fb-debug: 1wwgHfccI41fCfFfhwhoodkZ6GOA7D/BvYx3WLslCHfWm2uuhBeFkpAqy9AUxfxq7HHsz6FCJ0+0kj1aAJZG9g==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Fri, 17 Jan 2025 09:53:25 GMT

GET
H2 200 mhWtbsD6qPU.js Show response
static.xx.fbcdn.net/rsrc.php/v3iLNf4/yf/l/de_DE/ Frame AEA7 28 KB
8 KB 56ms
32ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iLNf4/yf/l/de_DE/mhWtbsD6qPU.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

913af4bac90e23b14cd4e2c38ba7807ceb25d8167392b8822004fad88c7a472d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 7DlmCcMv44cR1MRACX0OVg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7879
reporting-endpoints
x-fb-debug: ruHYDf/dJRtHm92F4N3r+GHwZyMV9m5BpBhOJliPS8kC6H96SA7IvVBs9jsRMONgLZ3yxgmJKQH6jgKyDxsHDA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 16 Jan 2025 18:48:34 GMT

GET
H2 200 Gnm9vzFr_bN.js Show response
static.xx.fbcdn.net/rsrc.php/v3iAxA4/y1/l/de_DE/ Frame AEA7 71 KB
20 KB 53ms
29ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/y1/l/de_DE/Gnm9vzFr_bN.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

87d29ebc03c2c2a2090062efabc2ab6fc5b4407ea5c43763f0a3f717d4b23312

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: UvbeZ1sxw5xmNLTmHWgDFA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 20156
reporting-endpoints
x-fb-debug: VJ5hsZaNniANd+lvz0VWlO3/i9hWuTHDnFoeqOFkDM1RDODLaMIXjNR2TZJAv8/IcAKs2aDAuK64dT03iYgSgQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 16 Jan 2025 20:22:38 GMT

GET
H2 200 JLntrBvu9sV.js Show response
static.xx.fbcdn.net/rsrc.php/v3iz3M4/yU/l/de_DE/ Frame AEA7 341 KB
81 KB 35ms
12ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iz3M4/yU/l/de_DE/JLntrBvu9sV.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fd0c747a5a0d859f124191192e8a9ba304b621480e3a1f63f70161e1b783312b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Hl/B84TkLW+M4QEATx+nTA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 83014
reporting-endpoints
x-fb-debug: ABPYCGkOPKoEvJ+ZfiJgUrlrzDgXn0Me0/dUwFRD4jWs7LW1Iccd03LvyncziVp6mpGldmzvQ09w9z9Qex/YDg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 16 Jan 2025 18:48:40 GMT

GET
H2 200 gioodurleYa.js Show response
static.xx.fbcdn.net/rsrc.php/v3iUWb4/yP/l/de_DE/ Frame AEA7 406 KB
96 KB 50ms
28ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iUWb4/yP/l/de_DE/gioodurleYa.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

90edac54a124f81059f7274b63fce20251062f1034c9c2ccc9af7413c8d1cd80

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: oJ6Sb69c2ge7ozEIla51Bw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 98008
reporting-endpoints
x-fb-debug: 2YdINTeMFgyD+JhzY6d4sd6pZouQ98HpXQfaEZeE815Ruz9JgIQIRh2zIoQvcOdlIur1WW3sbrgjlEoH16JFvg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 18 Jan 2025 21:24:39 GMT

GET
H2 200 2aTNZvh7Dni.js Show response
static.xx.fbcdn.net/rsrc.php/v3iUY_4/yS/l/de_DE/ Frame AEA7 32 KB
10 KB 51ms
29ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iUY_4/yS/l/de_DE/2aTNZvh7Dni.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a00165bad079462fb75ea06f53c5d331dd32baefd58c3f898e9dc6499d74f2f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: SXGeAllWe5bF6MQ1+IqwQQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10363
reporting-endpoints
x-fb-debug: dlslXYP86VORBp2Ptdtx/+7iGoY8bB0iDk008iyW7y1RZXvp+5UPcVcOpqdFiX7/pZqz2ciQisdxP8jqZQB7mw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 18 Jan 2025 17:43:00 GMT

GET
H2 200 HoMN5oU548h.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame AEA7 210 KB
60 KB 53ms
32ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/HoMN5oU548h.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ddcebbf00b80631b39d8dc4c2a851f64ee7697506d6f0ffe0b0987f79247059a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: NABz48nFQ34JnSEDiGvgMQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 61440
reporting-endpoints
x-fb-debug: VCSf9ZEbMon9b/RJfO2ggJZCFLsaHRAT8ailU4tfsE0pdcElYMoz7Lz15GIfi9pwAS4Wd1RLSE6eWlLaGcoCyA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 16 Jan 2025 18:19:39 GMT

GET
H2 200 uOkBg20P9Xa.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yN/r/ Frame AEA7 39 KB
10 KB 49ms
28ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yN/r/uOkBg20P9Xa.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9fb4148717aa67385596c190ef092545e134af6244bc90e7c28514fede0e1461

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: UgIPDx5WQxksvWpSZ0E0vA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10068
reporting-endpoints
x-fb-debug: ErjEngDKqEoKJl1FnvVJFb4rrwIH8BQqH+/v52295for1vqg8wYSX3DHslX9LC3lQTdHMzvBx2P3O9TfCXpg/A==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 18 Jan 2025 21:24:39 GMT

GET
H2 200 xg5NEKS2wWK.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y8/r/ Frame AEA7 28 KB
7 KB 52ms
31ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/xg5NEKS2wWK.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a75a5c50db4d5628dad52eb05139bf0677fb4d19d6915f18d267806dbdd810ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: RD8pDGr4EOhfQQPRrH9Iow==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7385
reporting-endpoints
x-fb-debug: aumMC/BuLWBApY1Ps9BPQMCEjwjBGQMCKjeym5sFZ9WWD5JEbvXtY0yUsDQ9KM66tE9dKhIx/ljb5uF5MI0UVg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Tue, 14 Jan 2025 11:15:15 GMT

GET
H2 200 50qsPPr-_ZN.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yV/r/ Frame AEA7 17 KB
6 KB 49ms
28ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/50qsPPr-_ZN.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

36ec1a683484bce1fca08f1a6831301e6e5da35baa36d8274975d7d72f5dc2a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: WX3Jnaj4s55ZOgM8Dn8X/g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6095
reporting-endpoints
x-fb-debug: k7nsTmCm/2H2VDE+OhoLUl1ozXNwYloTCFnvF4BwDbWImG6rDLslxwIpJXT1Bm33W0EBQVO3TszR+I0OKvwN0A==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 18 Jan 2025 17:41:03 GMT

GET
H2 200 HzxD9aAXSyD.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yV/r/ Frame AEA7 55 KB
15 KB 50ms
29ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/HzxD9aAXSyD.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c7d5594f3a599ccd0b1a336bb68a24d59882f394bb0b9c9a29c5200cd2b48468

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: oRcNmPqvdkv3ysBSBC5rSQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 15157
reporting-endpoints
x-fb-debug: k0bDIPatTJzU2k2ymmUvH6KqINnyYgohqa3uolNrcGm96N8xsh70CzhGcMiUiECfld3Mn6X9V9uGNhmZ7zXGKg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Fri, 17 Jan 2025 08:48:21 GMT

GET
H2 200 325141786_6140032619364934_7377705774471631398_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-6/ Frame AEA7 16 KB
17 KB 10ms
9ms Image
image/jpeg 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t39.30808-6/325141786_6140032619364934_7377705774471631398_n.jpg?stp=dst-jpg_s350x350&_nc_cat=104&ccb=1-7&_nc_sid=081abc&_nc_ohc=VqX3S9KXG0QAX_LskWS&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AfDFtvNvvG9zrZ7rtI9sI8iGbn1Tf-Q1Tu4_15j9iE_gag&oe=65B2DEC5
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 0912eb76845cca43ec976e9bc886ca3f240697afb98c9ec95ec6c34fa32a8a71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
x-storage-error-category: dfs:none;sc_p:200:WSE_NOT_SET
last-modified: Fri, 13 Jan 2023 04:15:10 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=1433450679
thrift_fmhk: GBBO4c75DiGmD57iFUG8c7FAFfDr4Z0EAA==
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 2910780274
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 16853

GET
H3 200 305964663_450890893727816_1742559653774706626_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-1/ Frame AEA7 1 KB
1 KB 8ms
8ms Image
image/jpeg 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t39.30808-1/305964663_450890893727816_1742559653774706626_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=4da83f&_nc_ohc=jnPBX16YQBcAX_GZiBd&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AfCug49EHdEAMm1qdAEimw7FPLRggEmPN2x6FauZnRoJyQ&oe=65B39895
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 4636fb9df5ae103fbad3764c9f98400be1c9384cbe77fdb6951b96adcac788b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
x-storage-error-category: dfs:none;sc_p:200:WSE_NOT_SET
last-modified: Thu, 08 Sep 2022 19:16:03 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=2540016234
thrift_fmhk: GBCIwXwYQUI2u/P6TSMrlnR1FfDr4Z0EAA==
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 88386505
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 1345
priority: u=3,i

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CDC 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3600497477451&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CDC 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3600497477451&version=m202309260101&ct=76&x=1&cor=7051291605763480000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3CDC 101 KB
39 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BBQ1_sbqmfirQDXkhF2m9hDU9qLEJsJDXJppcogMO3nSJH3d1iv_DOo39v2L8xM3CHRX0SQMovQsBev0FCxb-mXHe_q_WKVg_HlIsBszYhKNZJPsH82OkvG7pGWnlyoFv6Yyi0KLfTvS0-Dio47dxn-M_QHLkmk3C6xCdn6QiAaAvat2w&dbm_d=AKAmf-DAEkHlKz8N93LeP22Y02KI0-Jxym1pQr7R8ehM4dIoW1CDI354A0fudRUzoveYMdFrh6-UDxYwcKI8gO6U9L_4G4-pQMc56sKcATfeI_Ml_VCn_l6V4kLHvgAxf3bRqb3BYQAA2m-pu8fjyuRLaJuW7A1PFiO1ldbZtBXcY6zoiJeK121lfCJPwQMgkFnatDwqHM57f7A1xtY-9UaxFuJ48qaiYnbPkaYAKoIqzeUJDtMvDWfxLG6IMct2ND1cIOTWHSAsw0ifuvK9RFmtvV0w9Lc6pqmCpvM2wR60qpmrna3F2mxzeJPd2ngh6r1yjkwBk4_KlTL0su4Aym_RDG4QAagQYdjht6lwyJOv0-7N_rPLQV4o3FYfwuRGhVBOttiM8JYm9Y2-GsncZRXuZur-9n4TMdEQ2L-cHmpa9Gwc6V9J3os0Z4Jlicd5Og9zFGoRrNiSIKAAuQ7YlEEjFJJbIjGof0w-0m--TNo4W899D3TSY_CS76XHFNTYugAwT4wNSGuddwhSopZ7TFaVFvbYmIceN4_d4CCdtXcX0Av0AjoEljyGJ6dfE-CPJgOHGp7-5NTh4ogNcaaswll9lTTmN7f0_URC34FvfSNe6aGQXq6deuiHPgu_y9fADJRscYeruW3FYcUldiFb-cLZ6tdJdnHQ58fUZzXcVSfulGvdWZCz722ZDKGxqbxZZ8BOo5uzyu830n-OaMME5JTNIioFV68I1lIA_IwZio-6k2QpfEEVLbU7fBa0p7tP0YABHX78AMkw0mjaYKCNiubK7r1_RoidOpoPcnIoX8n-2sE8mW7Cw_PhqAIovHHBFGVamQCch81EPrQ_asilpgcgF6ilTb4a-jQyogtIspAxvowJIMTn1wSSffPiGE44MbqZLYqMpnHEG2W8KWmpOxnHOuT6lM46R40pt3MMiNKRYwOm3Rsr3YGir9y96wqXShmd9wVnFKpTQLFRj4iO8wgxE3Gkjz3u6kaEhyYrTfBj_D5v5kyi8zEnWsDEIA6cyaWFQeL-e13gg9rjdYofmaTY-OiLBtgElwwoZ0Z_ePvHvzImlQnnEekCt8fyh-f0wHIF2VMUU8zyxK_RgVJ4fTGd7XwP3Kp_9EqL7qCaUHnVriIv4qz-LMWagaWp4zkdVGMXZUzwShSAtmmyDyLOLOE7wA970vGv21ZaFeVL7HourBxu_bcC8JJgryUDEw5m60Fuo53VRykONmKuWpx-zSRyGItRIzfLJVMy5jFBxUgp4PVjcwjYiAsWH-kyD__Z2dhoYlBGKFwxHA4256-GLleaATti29bcqLE944z6s-zEpR_d_5R9nyzGjyIdl602mmE-RDDBW8r32jAz0zMCxuyBspiBRqkVFyPtKB_s1M_fDe8N-Ftjv2tkn5GzMyxmHiRdRtaa4OL4J3NvrZwmyC6GXb69fcmmSEZtzg_3Ug_nixfeqT9fVuJGMFrIk8LsjlfUxOCmzHlo80f7MDAt1dcZuElrNXZFbVB7aGtWNkLKbBfFATYYMdcuii8_dZgM9hte_A1KxTJFH9607OEXc3gDNnvX_9nA4Ha3GgrbFzv7QlFA26cAPpC9O2qPfxVlWllhTz06Yl8iXnOgk-ViDuMdn1w-Lqhhb7Wf_vocKpOZmASqTgnskxnlYGbQ6kcvh-PadHij3jpB_3yCfOFbKob53YS_cpSbHqmmw3f89ko_hBPGLkine8hnnlOu7H5FtG8x8oy4NtP7rDTLV-IlvwSN15FiYwzjzt8BdDADJed3YOnfj32kUsDixscbmSoqq091KjoIoJ7Bay7c7uQgctcaq7AFcQzBgvPG_uHNBzr49EJ7Hz_W_oup3Kpyr9tqRTocpuI7-iSVYmgCpUmdBAaZm0E3m5vQwnalEBlk27nTJBosKypWVCADaK3yOl3z3ieIdPs1qGWKorPytPy8FafFrORNZzV964-zexG7U5i_vpDEI3HDT146V74dqXji63oCNlAr6LCzl3rSkkMzStUHuSmGcUCGGwQVZley2BsZwPz3SWjvG7pQlD1_GhS34LtxGlgx0mby_HNkFyMhtdkjsNWphNlI94xL3LHF2mWFdRgCNH6H3vbPbwPMkFIKpPdEk9zdEh6fqSdQ__c-OXQS5ZodalXFDIz3jwhSorlP2ddrzoAOiK_5uxvz0OsEUrGAeGOlpZMMAUrxjrIcvLcy3rN26RPOtmdq-WtHhKuJV10kpVvDOZvAZsBSssXr8tB4oY8WSUDUQNjdE5wa5bhAnohM_OGuMnVKRfONLNAjdQB8BKRuRWKgYRpdkWK4tXDCEsBjNRadOsBc77k5GU-ai9FWrpbYQo4Yz3U9tl0SJ2MJ2KK-MkbFUPgPSR_0flv3lZveveoxWp4TizV61OT_cD0ixwr1mi1iFCyYph4bGYd7Afx8ovj8yYK4BiwOsWmuolr1Kqyt_gTTGsf7Bg9xm2oxitsLILaD6HaHu6xSVLYsFpLVWmqla_yF1ZDFQvPonHN4c-ZgA8Tc94IqezecA657677BbYtOgOy0n72rkgK6x_Bp2iSpXHY4uAWyZtX0krHdSlJFSEbx41j4ovA42QenDX4Yzrr8TBtUaK__gq7U08p_wofzQJ9mkG_fWipvyX-c9n1nUvJovQQTdjXKDjjEO7zhpD3oQh7SOPJmqVJxzujnueCSDIJYMU2H9l3IDHZuMlMyf9VJK5wIzppnrjppVyhXVkUbXld0v-NnHlPVodfch-jW-XabwCyaHSZ1W18s1fteb-dQwmQojiwnezUc0BYNunrL1Qleb_ZflCFQJjkSTxJVkYu1ehL01hjpxmuveN5URwC6Gt9KKmis5By7WeioJtfo-dvU2kjG1Wiq9GIRra49i8eZgk7vHtzv_wTmdhSE8roUQ48zMWpe5tXGX1DFEPyao4hEV7IheBNTDZNydpkLUtsdEtjYKvazVnzfeoqQCJ4wSi-M7Oc6IKRsfWN4c3x9ii0rx_gZ__iV0OKyrKqcx8w-zlYgR9DLDmOmTaEaL1FB5TcoLGqjye4oJkNEAxUu-GXGpa6VoCN97px-_FSIhRFiKdtkFv-RtBxep-ZJ1vS6uJiMm0xRqyPhJUmTDJSSt-XwA5Hns2DyUYZBlWe3-dqRyEFBhzf1SfVjytL23qxcfQjSOaON5AOfe5e_AkuBFHyNrkdEK5zacqwvdWSVIgC2n04G0ISdk2MobIDdoy0ECd-BqnXnRNt1wT3nuGWOKeEzcFWq6FHMSQR0VNJmf41tA3nFOX1x7Yxab19q0TxWy3mKWK0qAcek6Q-7Qb0G3AkGebcEKYXHo2vVbv39jTUjAlBKZ6oRBCFWDECPn09BfCEWHcnKCsjPIUXG2C8mRnHBnNJDkgad29i6PKLg8L21zSVPQmgbYErS4jt7OPWHQOq8_5eWmgybkzGs-J-nHEnHIQefjbfdjjnt6d2xQZjzwyaR9YkBsWgkoZ0jvkPS-QBFAEiaT3VO--DrLlnUjwqZyYyFuwHaZsrOlRZ7dhd1qMtgOGdSVXMEVIqozKv--TLNdBHfcg6T7Uu17rKRHFf-fKmrRkdor_BUZN39yL69CVQBbYrL95wQoTRU4g54VVkOkN9e1JKWxn26Kv8HtINXxUlEYKgUTcZr_Gw&cid=CAQSPAAvHhf_iKfqWUz5GN1UES0kIuj-x66Ea6RDL9cfOSCJDDsnsBVkFgkZYKyXLx6YlOAaMzhmnbU33q-6-BgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Freurl.cc&ds=l&xdt=1&iif=1&cor=7051291605763480000&adk=2419447976&idt=121&cac=0&dtd=15

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09561a8c2ee576756fe3eb9db7323dfe42fff9f3fa0104104f61f3c973533874

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39789
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UXtr_j2Fwe-.png
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ Frame AEA7 573 B
710 B 8ms
8ms Image
image/png 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/GSwcapvLrEq.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/GSwcapvLrEq.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 573
reporting-endpoints
x-fb-debug: drCW06JTX9LDzPRAF/Wnb71N1p/voPp6Q2siN77UygKFNDVUfd3KqJoiJuykhnjF6xgEHpPVdi8zkBN3SWtBsw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 17 Jan 2025 05:05:04 GMT

GET /
www.facebook.com/platform/plugin/tab/renderer/ Frame AEA7 0
0

POST
H3 200 / Show response
www.facebook.com/platform/plugin/page/logging/ Frame AEA7 1 KB
694 B 115ms
114ms XHR
application/x-javascript 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/platform/plugin/page/logging/

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/y1/l/de_DE/Gnm9vzFr_bN.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

feb3062249f4d471eb76ae13f6924abbd143680fba63c07e54cd301aba0119dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

X-FB-LSD: LmIcTD81NArbZjBMN4Ou87
Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
X-ASBD-ID: 129477
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), encrypted-media=()
strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 21:45:17 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
pragma: no-cache
x-fb-debug: kCFtl6jVWnvxD4rulxsWsf8qKucr38iEDr0x/6NOOM18BuD6bcpX4QEOA5sGOOIAvEV+Pwsr9bMkKbRA692i1A==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-methods: OPTIONS
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self)
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
priority: u=1,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/pages/call_to_action/fetch_dialog_data/ Frame AEA7 1 KB
686 B 156ms
156ms XHR
application/x-javascript 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/pages/call_to_action/fetch_dialog_data/?id=136500184423162&surface=pagePlugin&unit_type=VIEWER

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/y1/l/de_DE/Gnm9vzFr_bN.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a194e711b7cfda7ee27f0e59ff111c43a413210210089c082c3524c503456dd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

X-FB-LSD: LmIcTD81NArbZjBMN4Ou87
Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
X-ASBD-ID: 129477
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), encrypted-media=()
strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 21:45:17 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
pragma: no-cache
x-fb-debug: aI/GCMe4nYjhg2hilO3+dHkKjAp8sVGyqqY5EsvuUeYzy3g58WLynNQuBax5gIf+4i8O2xQY6KB4bklyRJpkOQ==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-methods: OPTIONS
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self)
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
priority: u=1,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 3CDC 172 KB
61 KB 51ms
7ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
Origin: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 23:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78973
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 23:49:04 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame 3CDC 12 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BBQ1_sbqmfirQDXkhF2m9hDU9qLEJsJDXJppcogMO3nSJH3d1iv_DOo39v2L8xM3CHRX0SQMovQsBev0FCxb-mXHe_q_WKVg_HlIsBszYhKNZJPsH82OkvG7pGWnlyoFv6Yyi0KLfTvS0-Dio47dxn-M_QHLkmk3C6xCdn6QiAaAvat2w&dbm_d=AKAmf-DAEkHlKz8N93LeP22Y02KI0-Jxym1pQr7R8ehM4dIoW1CDI354A0fudRUzoveYMdFrh6-UDxYwcKI8gO6U9L_4G4-pQMc56sKcATfeI_Ml_VCn_l6V4kLHvgAxf3bRqb3BYQAA2m-pu8fjyuRLaJuW7A1PFiO1ldbZtBXcY6zoiJeK121lfCJPwQMgkFnatDwqHM57f7A1xtY-9UaxFuJ48qaiYnbPkaYAKoIqzeUJDtMvDWfxLG6IMct2ND1cIOTWHSAsw0ifuvK9RFmtvV0w9Lc6pqmCpvM2wR60qpmrna3F2mxzeJPd2ngh6r1yjkwBk4_KlTL0su4Aym_RDG4QAagQYdjht6lwyJOv0-7N_rPLQV4o3FYfwuRGhVBOttiM8JYm9Y2-GsncZRXuZur-9n4TMdEQ2L-cHmpa9Gwc6V9J3os0Z4Jlicd5Og9zFGoRrNiSIKAAuQ7YlEEjFJJbIjGof0w-0m--TNo4W899D3TSY_CS76XHFNTYugAwT4wNSGuddwhSopZ7TFaVFvbYmIceN4_d4CCdtXcX0Av0AjoEljyGJ6dfE-CPJgOHGp7-5NTh4ogNcaaswll9lTTmN7f0_URC34FvfSNe6aGQXq6deuiHPgu_y9fADJRscYeruW3FYcUldiFb-cLZ6tdJdnHQ58fUZzXcVSfulGvdWZCz722ZDKGxqbxZZ8BOo5uzyu830n-OaMME5JTNIioFV68I1lIA_IwZio-6k2QpfEEVLbU7fBa0p7tP0YABHX78AMkw0mjaYKCNiubK7r1_RoidOpoPcnIoX8n-2sE8mW7Cw_PhqAIovHHBFGVamQCch81EPrQ_asilpgcgF6ilTb4a-jQyogtIspAxvowJIMTn1wSSffPiGE44MbqZLYqMpnHEG2W8KWmpOxnHOuT6lM46R40pt3MMiNKRYwOm3Rsr3YGir9y96wqXShmd9wVnFKpTQLFRj4iO8wgxE3Gkjz3u6kaEhyYrTfBj_D5v5kyi8zEnWsDEIA6cyaWFQeL-e13gg9rjdYofmaTY-OiLBtgElwwoZ0Z_ePvHvzImlQnnEekCt8fyh-f0wHIF2VMUU8zyxK_RgVJ4fTGd7XwP3Kp_9EqL7qCaUHnVriIv4qz-LMWagaWp4zkdVGMXZUzwShSAtmmyDyLOLOE7wA970vGv21ZaFeVL7HourBxu_bcC8JJgryUDEw5m60Fuo53VRykONmKuWpx-zSRyGItRIzfLJVMy5jFBxUgp4PVjcwjYiAsWH-kyD__Z2dhoYlBGKFwxHA4256-GLleaATti29bcqLE944z6s-zEpR_d_5R9nyzGjyIdl602mmE-RDDBW8r32jAz0zMCxuyBspiBRqkVFyPtKB_s1M_fDe8N-Ftjv2tkn5GzMyxmHiRdRtaa4OL4J3NvrZwmyC6GXb69fcmmSEZtzg_3Ug_nixfeqT9fVuJGMFrIk8LsjlfUxOCmzHlo80f7MDAt1dcZuElrNXZFbVB7aGtWNkLKbBfFATYYMdcuii8_dZgM9hte_A1KxTJFH9607OEXc3gDNnvX_9nA4Ha3GgrbFzv7QlFA26cAPpC9O2qPfxVlWllhTz06Yl8iXnOgk-ViDuMdn1w-Lqhhb7Wf_vocKpOZmASqTgnskxnlYGbQ6kcvh-PadHij3jpB_3yCfOFbKob53YS_cpSbHqmmw3f89ko_hBPGLkine8hnnlOu7H5FtG8x8oy4NtP7rDTLV-IlvwSN15FiYwzjzt8BdDADJed3YOnfj32kUsDixscbmSoqq091KjoIoJ7Bay7c7uQgctcaq7AFcQzBgvPG_uHNBzr49EJ7Hz_W_oup3Kpyr9tqRTocpuI7-iSVYmgCpUmdBAaZm0E3m5vQwnalEBlk27nTJBosKypWVCADaK3yOl3z3ieIdPs1qGWKorPytPy8FafFrORNZzV964-zexG7U5i_vpDEI3HDT146V74dqXji63oCNlAr6LCzl3rSkkMzStUHuSmGcUCGGwQVZley2BsZwPz3SWjvG7pQlD1_GhS34LtxGlgx0mby_HNkFyMhtdkjsNWphNlI94xL3LHF2mWFdRgCNH6H3vbPbwPMkFIKpPdEk9zdEh6fqSdQ__c-OXQS5ZodalXFDIz3jwhSorlP2ddrzoAOiK_5uxvz0OsEUrGAeGOlpZMMAUrxjrIcvLcy3rN26RPOtmdq-WtHhKuJV10kpVvDOZvAZsBSssXr8tB4oY8WSUDUQNjdE5wa5bhAnohM_OGuMnVKRfONLNAjdQB8BKRuRWKgYRpdkWK4tXDCEsBjNRadOsBc77k5GU-ai9FWrpbYQo4Yz3U9tl0SJ2MJ2KK-MkbFUPgPSR_0flv3lZveveoxWp4TizV61OT_cD0ixwr1mi1iFCyYph4bGYd7Afx8ovj8yYK4BiwOsWmuolr1Kqyt_gTTGsf7Bg9xm2oxitsLILaD6HaHu6xSVLYsFpLVWmqla_yF1ZDFQvPonHN4c-ZgA8Tc94IqezecA657677BbYtOgOy0n72rkgK6x_Bp2iSpXHY4uAWyZtX0krHdSlJFSEbx41j4ovA42QenDX4Yzrr8TBtUaK__gq7U08p_wofzQJ9mkG_fWipvyX-c9n1nUvJovQQTdjXKDjjEO7zhpD3oQh7SOPJmqVJxzujnueCSDIJYMU2H9l3IDHZuMlMyf9VJK5wIzppnrjppVyhXVkUbXld0v-NnHlPVodfch-jW-XabwCyaHSZ1W18s1fteb-dQwmQojiwnezUc0BYNunrL1Qleb_ZflCFQJjkSTxJVkYu1ehL01hjpxmuveN5URwC6Gt9KKmis5By7WeioJtfo-dvU2kjG1Wiq9GIRra49i8eZgk7vHtzv_wTmdhSE8roUQ48zMWpe5tXGX1DFEPyao4hEV7IheBNTDZNydpkLUtsdEtjYKvazVnzfeoqQCJ4wSi-M7Oc6IKRsfWN4c3x9ii0rx_gZ__iV0OKyrKqcx8w-zlYgR9DLDmOmTaEaL1FB5TcoLGqjye4oJkNEAxUu-GXGpa6VoCN97px-_FSIhRFiKdtkFv-RtBxep-ZJ1vS6uJiMm0xRqyPhJUmTDJSSt-XwA5Hns2DyUYZBlWe3-dqRyEFBhzf1SfVjytL23qxcfQjSOaON5AOfe5e_AkuBFHyNrkdEK5zacqwvdWSVIgC2n04G0ISdk2MobIDdoy0ECd-BqnXnRNt1wT3nuGWOKeEzcFWq6FHMSQR0VNJmf41tA3nFOX1x7Yxab19q0TxWy3mKWK0qAcek6Q-7Qb0G3AkGebcEKYXHo2vVbv39jTUjAlBKZ6oRBCFWDECPn09BfCEWHcnKCsjPIUXG2C8mRnHBnNJDkgad29i6PKLg8L21zSVPQmgbYErS4jt7OPWHQOq8_5eWmgybkzGs-J-nHEnHIQefjbfdjjnt6d2xQZjzwyaR9YkBsWgkoZ0jvkPS-QBFAEiaT3VO--DrLlnUjwqZyYyFuwHaZsrOlRZ7dhd1qMtgOGdSVXMEVIqozKv--TLNdBHfcg6T7Uu17rKRHFf-fKmrRkdor_BUZN39yL69CVQBbYrL95wQoTRU4g54VVkOkN9e1JKWxn26Kv8HtINXxUlEYKgUTcZr_Gw&cid=CAQSPAAvHhf_iKfqWUz5GN1UES0kIuj-x66Ea6RDL9cfOSCJDDsnsBVkFgkZYKyXLx6YlOAaMzhmnbU33q-6-BgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Freurl.cc&ds=l&xdt=1&iif=1&cor=7051291605763480000&adk=2419447976&idt=121&cac=0&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:33:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11525
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:33:12 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 3CDC 31 KB
12 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:34:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:34:13 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 3CDC 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 448229
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 17:14:48 GMT

GET
H3 200 1igfs7II_g6.png
static.xx.fbcdn.net/rsrc.php/v3/yd/r/ Frame AEA7 12 KB
12 KB 8ms
8ms Image
image/png 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/1igfs7II_g6.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/V-GL57iHfEB.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e13547eec8879c9b576c2e06837303ad06ea15905d4eb075291ff21686a5b3da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/V-GL57iHfEB.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
content-md5: Bsv/k/2TeJemYEeLUt4www==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12027
reporting-endpoints
x-fb-debug: 1/a99ydI2NW//L2hLUBS/R7PR84CLWYR1Xm0//S1VZbwFtSHOc4QZ5/1L94LDJ1icQdTy6lUtGpL+J8KGzYDUA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Tue, 21 Jan 2025 00:40:19 GMT

GET
H3 200 xgVgalBG80z.png
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ Frame AEA7 1 KB
1 KB 9ms
9ms Image
image/png 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/xgVgalBG80z.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/GSwcapvLrEq.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/GSwcapvLrEq.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
content-md5: rB4cTW8WNZcBsFntToJGtA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1315
reporting-endpoints
x-fb-debug: f+VCmH5xUTzdoCCuaEqYX3VR7i68Zc7BHBqVal3boAzkq/MB20ZwatrJfirAuo4Pc1zPHTmXBbeHSqKmVkxzIA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Wed, 08 Jan 2025 01:00:57 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3CDF 1 KB
643 B 8ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45107
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 09:13:30 GMT
etag: 48472445140208031
expires: Tue, 23 Jan 2024 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3CDC 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4b2799539132f279c4c6520c8d589d8f84d4e06d014159a4ee62777de308d2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 kCwDvxe1QsQ.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ Frame AEA7 12 KB
4 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/kCwDvxe1QsQ.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/oZB9N6h5pPF.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

264a0a28c23da253d460c72e9b7ff9e297a4e02ea590c5d20a1f0fa77bc9aadd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 8PPs50PtkMAX5E1OU2ogzA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3451
reporting-endpoints
x-fb-debug: MusY5GgBeYCbM79CZa187GkGUYfDwNo/xDDxoD/uVjJSjiW0fMSrwPVHE8ioWrFAUeTeiKd2RgrSBftm6Ee4MQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 16 Jan 2025 22:29:38 GMT

GET
H2 200 VMMGrWYM7Te.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y-/r/ Frame AEA7 341 KB
74 KB 10ms
10ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/VMMGrWYM7Te.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/oZB9N6h5pPF.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d0260a942842dfe2e8de7d78be4aecaa450e9ee0be021d76e6ba13d9f5c92b08

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: WmWr4XDoSnANsz1Uo5Z2tg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 75279
reporting-endpoints
x-fb-debug: zSED479bbwMEfqYJOzSwE1XflxuQ2jzg1yS6Ojl2Q/D3uJXTsdJG0XhwUkB0imz4jFNjDnwE7VbIqKUxD0qcUA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Wed, 08 Jan 2025 12:17:55 GMT

GET
H2 200 feeds Show response
storage.re-news.tw/ 6 KB
7 KB 646ms
291ms XHR
text/html 35.244.196.223
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.re-news.tw/feeds
Requested by: Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.196.223 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 223.196.244.35.bc.googleusercontent.com
Software: / Express
Resource Hash: e58d3594966d71e654e441d9d51c4e406fc28c66c93c50a7294ced5755dfcd4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:18 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"1945-yj+Xndz7f686JLVcmtbAbFNnf3k"
vary: Origin
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6469

GET
H3 200 ieeHDjcGsIR.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ Frame AEA7 213 B
351 B 8ms
8ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/ieeHDjcGsIR.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/oZB9N6h5pPF.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6480d194b98b9fc3e4589a44b7e54b81ad926722e5b6fb7cc236161e2c2e03ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
content-md5: oSUZEsOZh+qyGbXjvLFs7Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 213
reporting-endpoints
x-fb-debug: mi/oARtreNzcyq/oLbstp4VzXoec1H8F8yyLTBOsDc+k5Pm/usfQSXaBhbt9BQdghibfZf6V/4OqAvHVDofDoQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=1
expires: Sat, 11 Jan 2025 12:42:27 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 3E2F 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 448229
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:14:48 GMT
expires: Thu, 16 Jan 2025 17:14:48 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3CDF 35 B
463 B 89ms
9ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJr0FmYQVFDw9f-P65qR5Qk&google_cver=1&google_push=AXcoOmTFYqvBoHLKJjaWolAuCdWKj0yIKgnjPJUofiDt-awsgLAHlm2roWHY7hzIWDKKi5p5Ul-l9FjlF2QLygo03pfLd3vzWRdW

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3CDF
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEMY5RhPeQtx_0zYdO-ycAg4&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEMY5RhPeQtx_0zYdO-ycAg4&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHNLeE1ZQ1MxUnMyNng1&google_gid=CAESEMY5RhPeQtx_0zYdO-ycAg4&google_cver=1&google_push=AXcoOmTLn0kI0CxTbn5Yxtu1lYxafiKpYLH2We5dtcojVmY...

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHNLeE1ZQ1MxUnMyNng1&google_gid=CAESEMY5RhPeQtx_0zYdO-ycAg4&google_cver=1&google_push=AXcoOmTLn0kI0CxTbn5Yxtu1lYxafiKpYLH2We5dtcojVmYYUKeypKJJ0mb5c1Rsei1nK2C169P8G2TCWAhh7jqbRpOQWBvR41Q2Wg

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Jan 2024 21:45:16 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-799-g9c6cd74#rel-ec2-master i-0414fa71e87322d9a@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHNLeE1ZQ1MxUnMyNng1&google_gid=CAESEMY5RhPeQtx_0zYdO-ycAg4&google_cver=1&google_push=AXcoOmTLn0kI0CxTbn5Yxtu1lYxafiKpYLH2We5dtcojVmYYUKeypKJJ0mb5c1Rsei1nK2C169P8G2TCWAhh7jqbRpOQWBvR41Q2Wg
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3CDF
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEDBLMeU3SfFJPTyD6K5WXkM&google_cver=1&google_push=AXcoOmRhBbyLXq9o8AYOPAvqUyyTRAX1PGZOC_CsEIFRT1PRDu_gN676pwvN0GP7grie--KetmZOLkp2msYWz4...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyNzA0MjA1MTgxNzk5NDM4MA%3D%3D&google_push=AXcoOmRhBbyLXq9o8AYOPAvqUyyTRAX1PGZOC_CsEIFRT1PRDu_gN676pwvN0GP7grie--KetmZOLkp2msYWz4hZXW...

170 B
188 B

19ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyNzA0MjA1MTgxNzk5NDM4MA%3D%3D&google_push=AXcoOmRhBbyLXq9o8AYOPAvqUyyTRAX1PGZOC_CsEIFRT1PRDu_gN676pwvN0GP7grie--KetmZOLkp2msYWz4hZXWghjkDiNN8WuQ

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyNzA0MjA1MTgxNzk5NDM4MA%3D%3D&google_push=AXcoOmRhBbyLXq9o8AYOPAvqUyyTRAX1PGZOC_CsEIFRT1PRDu_gN676pwvN0GP7grie--KetmZOLkp2msYWz4hZXWghjkDiNN8WuQ
Date: Mon, 22 Jan 2024 21:45:17 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 dds
rtb.openx.net/sync/ Frame 3CDF 43 B
236 B 55ms
16ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJLsNH70FDS3GF15274onDc&google_cver=1&google_push=AXcoOmR3pv0bsuJRjnb4tZeYLbKDIXDQKEA5m-nrwJlFJiyqfVyMeBvyTpyvF6qnUBolZXmas92Wzi3xl9dOTclNOwjV_lhb4fBc8A
Requested by: Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 3CDF 0
166 B 49ms
12ms Image
text/html 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJaBkeau4OiCXEioKU-BnCY&google_cver=1&google_push=AXcoOmRSBLI_tn6JPeDtliJCRnIO7q_BFxNanMSPLm86sPk_t_N2-yyb9NGlpOc1y2PAiMw1sQMWsiTUabN2ByxmVA4QFaej_OhPIw
Requested by: Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 22 Jan 2024 21:45:16 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3CDF
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEclzPeDpQodca-RjBRL5pE&google_cver=1&google_push=AXcoOmSdF5TA_R5kPTbcpe_Vyk8DOq4DVvEv38fmSE5jrFQJk-wZNxHAA4Akz4O_x-DBhXEOCPnQKcqLfvrs...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSdF5TA_R5kPTbcpe_Vyk8DOq4DVvEv38fmSE5jrFQJk-wZNxHAA4Akz4O_x-DBhXEOCPnQKcqLfvrsNVo-RESzXjvDDdhC

170 B
188 B

21ms
21ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSdF5TA_R5kPTbcpe_Vyk8DOq4DVvEv38fmSE5jrFQJk-wZNxHAA4Akz4O_x-DBhXEOCPnQKcqLfvrsNVo-RESzXjvDDdhC

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSdF5TA_R5kPTbcpe_Vyk8DOq4DVvEv38fmSE5jrFQJk-wZNxHAA4Akz4O_x-DBhXEOCPnQKcqLfvrsNVo-RESzXjvDDdhC
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 3CDF 0
45 B 344ms
14ms Image
text/plain 89.149.192.197
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESED9-c4RD1Un4ec1ZQ-uj7QM&google_cver=1&google_push=AXcoOmSdqy1FfrGmvUkN4L4USy3SidmpzDKkac3JPxyBmmQ5KxSHuXGiFKSiZ3DQS1b02SC_OcEQC5mhdtMc474FqDyID6NEUY96xA
Requested by: Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.149.192.197 Bunschoten, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3CDF 0
12 B 16ms
15ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KL7DyB4pOdoLHmBBNOY_gjf_wXxk5neBiO9PmnFK_CYsc9NQLgrhiVqS34ACVaDfhE0G6l

Requested by

Host: 549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
URL: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16487568800811394484/ Frame 9B1E 673 B
439 B 56ms
39ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

152c87f7fa936808f3c68c4c37c865635ec0d1b598609a52990a4da941fa068d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 410
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:17 GMT
expires: Tue, 21 Jan 2025 21:45:17 GMT
last-modified: Tue, 16 Jan 2024 15:33:33 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3CDC 0
0 89ms
50ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvgZAHZjP0Cl0qI3uNDl2Etir1p-JRsp5dujSVLTpew-qkjo-Il55PaVL2ui0JiHIC3X5NQEsWQ7ACOC0AbxF8AsaW3WCMFfzu7qh1hI5qOSf08wU4bmMUlxmpNAXA0xsWIkVyJgY2TYvrilB1J-95lfFghg0G7SuA_YWl98-lNCjfq5tCdWmFJI1TXv--WhDPQnhRm2TEL6DBid6cT10AxTRqRiByNgjOunYB_D13aaesCSm8yqaUAyrYTSWOijipcusy0k2cCBycqt0-Kd5j8wOXnR8gW0sn8jdiqabkAr8e46cEpP66Jwp9nZIG0QBXuAxlGHT3Mi300H1UIxuva7gcDfvk2J1hysWbwa30O0i5BeakSi62nDSFlaIe3QchNrBiEkeg3wihntFbhSdrDz3_GNxx38qjCQSDiuec_Edyj_ZePqrnUmWbb_LOm3pWQWnvMd-7UvzleX89QJTLro6eB25itPNa3vgC2aqZkSGLQse-vey3rJc4p8mdgAdxI9gd6DLi_cwHRUZIs9h6AZhlOZZrj3kL0GBpAsopAX6qdDfMuMXiJuHS7vePGGXk85kup_EPSBy5XDZFiimbr8ii0xkajH10Qg-gPlH3QemUEb6NKSP_xIh3SYcTCav-EAQw-LW5xTs1tPTZWrQHT4qgaCJvD3QoEw5Rm0ykhmzo3yMV4Wdy6AKtacZFDnBqZD-GZ72CF8OGpOXFFcFTd0kGwgeENeLUnLhB_Zil_GW5kfhe4XteqxGs2H_P3QVCd4OKYBuB5JY0oLj_oE6-lpC2yY1xAugCfWcN-MLgN_7Wyfu2ypTcGwOUuCPECcB24p5d4klTwbgsmhQZjeak5RR0ATe_30AtLPM1vW_P8RQ6dhsE6fQQMOWq8ywJP5kHnzA_WE2tiLcwLDoQLiQ9IzolqATB2KCFJX4u_v_4RKzNflSjdCudLm8yBdVOoPl2VRPLJctvdLfcYHgTj_GPj4aMn1_--6EBBcijeSf-SDWpFDtA0TC7Wm10F5r3E661XhAjkbFZj8V0e6DAKlRUTDjuajbw9f6AcLvxXmXeRglWfTWw3ExeQ0SDE0R09Gl-SKL1hmOSFeEI9XxTWVGg0mGPoA8in6ANK5FmYGNT-HdmULdL_PoEtVLb8Y1VZt9mBD8ijbD__xCaX6fpRnuUTwliVWjvb4lMJIzOnZgf27duT_zugxuVf25Tys63_QUuAzsAP9h-1iwl-qOGl810Lu_84Z-PjTrKg8SgX6j59CQp37927jYnQyga2pNOgHFwKg26W3tU-aDP_r5gmTnvxhL2WhybnVK4&sai=AMfl-YRmkNCcPbVD6olNSmZ77fze0WQfIaleVJBC2h58oDkNZVW1ziWQNU5b_MDY2u7HSATcLnNiTTs3fCQ4Fi2s2g9jpSbut1xXJBZo7XTgUKXWArJSCJwAKygWWr-yFmzhy6sLO2NYamozjKLqXyRGpFY8haKABPW42LZ5Jm91V3RaQn9U8GhldJNqJTHgqYpngnWCgmqT04chodqU3W8EXPYgKhZaFt_q18p-2rkpAwt-wfs32hRNDdy-eEWZrW8oO2wznXE&sig=Cg0ArKJSzHnKXHcmb69oEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=153&cbvp=1&cstd=142&cisv=r20240118.93474&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET /
www.facebook.com/login/ Frame AEA7 0
0

GET
H3 200 /
www.facebook.com/login/ Frame AEA7 0
0 205ms
205ms Document
text/html 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FCreditCards.com.tw%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/oZB9N6h5pPF.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Jan 2024 21:45:17 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: VQu3LcnTzkI9WnKJOG1XmefL9YF3YT4P/Pv4pK2P7oUelWA8Vjur9T1LfhPShP6kb8150Wo5ugWaT/2UKirA2Q==
x-frame-options: DENY
x-xss-protection: 0

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 3E2F 39 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Jan 2025 09:54:39 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 9B1E 120 KB
41 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 11:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37673
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 11:17:24 GMT

GET
H3 200 template-2d058155.js Show response
s0.2mdn.net/sadbundle/16487568800811394484/ Frame 9B1E 37 KB
13 KB 13ms
13ms Script
application/x-javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16487568800811394484/template-2d058155.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55ee9510e78623f5fd1309067dc6e7a15f70d48e23e5658a0aa81be100ad232b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 15:34:17 GMT
date: Tue, 16 Jan 2024 15:34:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 540660
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13540
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 15:33:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 index-70c4f56f.css
s0.2mdn.net/sadbundle/16487568800811394484/ Frame 9B1E 4 KB
1 KB 10ms
10ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16487568800811394484/index-70c4f56f.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70c4f56f8e13e9387d9c65b17636a678eb6ccf82a8255cb1d2eb9192f7e478bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 02:14:21 GMT
date: Wed, 17 Jan 2024 02:14:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 502256
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1455
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 15:33:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3CDC 0
0 41ms
41ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvgZAHZjP0Cl0qI3uNDl2Etir1p-JRsp5dujSVLTpew-qkjo-Il55PaVL2ui0JiHIC3X5NQEsWQ7ACOC0AbxF8AsaW3WCMFfzu7qh1hI5qOSf08wU4bmMUlxmpNAXA0xsWIkVyJgY2TYvrilB1J-95lfFghg0G7SuA_YWl98-lNCjfq5tCdWmFJI1TXv--WhDPQnhRm2TEL6DBid6cT10AxTRqRiByNgjOunYB_D13aaesCSm8yqaUAyrYTSWOijipcusy0k2cCBycqt0-Kd5j8wOXnR8gW0sn8jdiqabkAr8e46cEpP66Jwp9nZIG0QBXuAxlGHT3Mi300H1UIxuva7gcDfvk2J1hysWbwa30O0i5BeakSi62nDSFlaIe3QchNrBiEkeg3wihntFbhSdrDz3_GNxx38qjCQSDiuec_Edyj_ZePqrnUmWbb_LOm3pWQWnvMd-7UvzleX89QJTLro6eB25itPNa3vgC2aqZkSGLQse-vey3rJc4p8mdgAdxI9gd6DLi_cwHRUZIs9h6AZhlOZZrj3kL0GBpAsopAX6qdDfMuMXiJuHS7vePGGXk85kup_EPSBy5XDZFiimbr8ii0xkajH10Qg-gPlH3QemUEb6NKSP_xIh3SYcTCav-EAQw-LW5xTs1tPTZWrQHT4qgaCJvD3QoEw5Rm0ykhmzo3yMV4Wdy6AKtacZFDnBqZD-GZ72CF8OGpOXFFcFTd0kGwgeENeLUnLhB_Zil_GW5kfhe4XteqxGs2H_P3QVCd4OKYBuB5JY0oLj_oE6-lpC2yY1xAugCfWcN-MLgN_7Wyfu2ypTcGwOUuCPECcB24p5d4klTwbgsmhQZjeak5RR0ATe_30AtLPM1vW_P8RQ6dhsE6fQQMOWq8ywJP5kHnzA_WE2tiLcwLDoQLiQ9IzolqATB2KCFJX4u_v_4RKzNflSjdCudLm8yBdVOoPl2VRPLJctvdLfcYHgTj_GPj4aMn1_--6EBBcijeSf-SDWpFDtA0TC7Wm10F5r3E661XhAjkbFZj8V0e6DAKlRUTDjuajbw9f6AcLvxXmXeRglWfTWw3ExeQ0SDE0R09Gl-SKL1hmOSFeEI9XxTWVGg0mGPoA8in6ANK5FmYGNT-HdmULdL_PoEtVLb8Y1VZt9mBD8ijbD__xCaX6fpRnuUTwliVWjvb4lMJIzOnZgf27duT_zugxuVf25Tys63_QUuAzsAP9h-1iwl-qOGl810Lu_84Z-PjTrKg8SgX6j59CQp37927jYnQyga2pNOgHFwKg26W3tU-aDP_r5gmTnvxhL2WhybnVK4&sai=AMfl-YRmkNCcPbVD6olNSmZ77fze0WQfIaleVJBC2h58oDkNZVW1ziWQNU5b_MDY2u7HSATcLnNiTTs3fCQ4Fi2s2g9jpSbut1xXJBZo7XTgUKXWArJSCJwAKygWWr-yFmzhy6sLO2NYamozjKLqXyRGpFY8haKABPW42LZ5Jm91V3RaQn9U8GhldJNqJTHgqYpngnWCgmqT04chodqU3W8EXPYgKhZaFt_q18p-2rkpAwt-wfs32hRNDdy-eEWZrW8oO2wznXE&sig=Cg0ArKJSzHnKXHcmb69oEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=287&vt=11&dtpt=134&dett=3&cstd=142&cisv=r20240118.93474&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9B1E 8 KB
6 KB 46ms
46ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6702087d88926b897eade8d2a9131dfc2016d21d9eed719e045d9f614669273

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5926
x-xss-protection: 0

GET
H3 200 h_650x620_bg-l-5g.png
s0.2mdn.net/4528404/ Frame 9B1E 31 KB
31 KB 9ms
8ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/h_650x620_bg-l-5g.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b02cfdd20fac895a89ad30dcae3480489cd8f55e1d02b6fa162df658695f14a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 13:35:30 GMT
x-content-type-options: nosniff
age: 29387
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32003
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 18:00:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 13:35:30 GMT

GET
H3 200 congstar-Stoerer_5G_v_3-srgb-3euro_lila.svg
s0.2mdn.net/4528404/1705447802715/ Frame 9B1E 7 KB
3 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1705447802715/congstar-Stoerer_5G_v_3-srgb-3euro_lila.svg

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93e6bf19f19d2a03c4ed31d7206d3a630fcbc1b9495bca766906d621b6ebb644

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45907
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2954
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 23:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 09:00:10 GMT

GET
H3 200 logo.svg
s0.2mdn.net/4528404/1687521602712/ Frame 9B1E 5 KB
2 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687521602712/logo.svg

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 17:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16606
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
last-modified: Fri, 23 Jun 2023 12:00:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 17:08:31 GMT

GET
H3 200 cta-small.svg
s0.2mdn.net/4528404/1687523402213/ Frame 9B1E 4 KB
1 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687523402213/cta-small.svg

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3259ca7d3e09ade842ae522f7808dfc053a5d9bf7e19ea5ae94403558a361e86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 02:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69910
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1321
x-xss-protection: 0
last-modified: Fri, 23 Jun 2023 12:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 02:20:07 GMT

GET
H3 200 logo-d0d80991.svg
s0.2mdn.net/sadbundle/16487568800811394484/ Frame 9B1E 5 KB
2 KB 11ms
10ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16487568800811394484/logo-d0d80991.svg

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 15:34:18 GMT
date: Tue, 16 Jan 2024 15:34:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 540659
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 15:33:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 InterstateCondensedBlack.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame 9B1E 14 KB
14 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateCondensedBlack.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16487568800811394484/index-70c4f56f.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b7bf416424abed17314649bb71a1de7a3afc6af66840d04b730e69652e27ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index-70c4f56f.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:41:22 GMT
x-content-type-options: nosniff
age: 235
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14644
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:06 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 21:56:22 GMT

GET
H3 200 h_650x620_bg-l-5g.png
s0.2mdn.net/4528404/ Frame 9B1E 31 KB
31 KB 8ms
7ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/h_650x620_bg-l-5g.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b02cfdd20fac895a89ad30dcae3480489cd8f55e1d02b6fa162df658695f14a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 13:35:30 GMT
x-content-type-options: nosniff
age: 29387
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32003
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 18:00:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 13:35:30 GMT

GET
H3 200 congstar-Stoerer_5G_v_3-srgb-3euro_lila.svg
s0.2mdn.net/4528404/1705447802715/ Frame 9B1E 7 KB
3 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1705447802715/congstar-Stoerer_5G_v_3-srgb-3euro_lila.svg

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93e6bf19f19d2a03c4ed31d7206d3a630fcbc1b9495bca766906d621b6ebb644

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45907
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2954
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 23:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 09:00:10 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 48DC 0
0 40ms
40ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401180101&jk=3946149797908001&bg=!19Sl1JvNAAa8BdJLnAU7ADQBe5WfONvQaqe695nUl54VqC5m_BiScAmKtHc4NaOI28TCuNYzfpVCw3Dwtq28yai0Z3NBAgAAAJxSAAAAA2gBB5kC-tU7ME8Nd-yCAukcpsqg_ZspAoIHvK6Y5_ddrddwl9Q2WJ0Wa5hgCxMGtOrBkGzXrXUhUPDuMbIPENdtzPkLO8uKKa9HjKFdyRj1CBAbHM62s3qgfS7ltIMqQ-rNigJC6etg6wjCnZwb96KIOi8Ama1f4OR6kGniqxgrmeju57S5OSeTwJq8E41P3T08eI886iyuAStywAxZ6iCO-xhAqSPIXb6vKYp3yUTcrafJk12nmMFmTrH6sz-RtbA9hN-9GH8RbZaY4lYXahZlPY6Rgo1GVt3bYxyU-NllVxOuO1wuCqKeitN8_6WzZv6kjKSqJ74_x5sLf9DfZoExfLcTvXdioby309LNgo4MTh0-foszAGl7pSC_tFl8iKOmanBQ4mObqU2oD8tSleSKhXQODa7WxrZg8OZywQ6GJYGyaww8isVshs-y21m1GH2HbeUplnniJHq2RfV8DZaIuiv5uNqBIxvmr7goIT0G_2QFfewVPJ7FjsyrEY6dbvVp4G3WcUaeHfxBHFHo9-M1YqgJTA995UFNtcyKf-9fCGYToGwFLWmG6IlEM6TSWoNVD1TCxC7fA77zkga-C3qO1dlQbwgG1wXI0epVnDDFO-HLbRLJ4c8RNlxtZMgdWhg-lJavU_xysgOxIrGt0AO8B3G-uUb1uJYawnIhLcKlevtcAbCXKQMCdtzyV-0-EpN7X10dySUcKH15InG2RJRWCT0de_Q9WfkRbMwIDikiRr8S32KYBnLDaDO7rw4rpWcdTyRvhi60u3UYDqk2SvLcFklc4-IEwAv4ueslaWLI86P-f7BOTwlx6Cdn1fCOeenIoonvakrV-gj_VgAsSVGi8xwX_WZNoBnkVCHLRmYPugBO4CVHTAZyCn9YXlwfOaEyk7B7TmYJTnOUmpgwTKILOC8Fx20C7gL2FeG-_KXV4fcqONX_wW_WOIHyjN3_fzD_4sJ0BsuTtmRyBFD4EZ1luuoDOidIUXYsOc24F2RdtXD9hmraLf0cXKSSlrgWXw
Requested by: Host: reurl.cc
URL: https://reurl.cc/E44nYm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H2 200 dc_oe=ChMIx5b99vvxgwMVetcRCB1U9AiwEAAYACDwwe5cQhMIjc3f9vvxgwMV-62DBx2IVgoq;dc_eps=AHas8cBmxka7Si56ODIBPECdrUnmKHmis2NC1yelAMJiOjY9BQmJ2SaxntKrApbPFEf7QEVuIFjSrQM;stragg=1;&timestamp=1705959917797;s...
ade.googlesyndication.com/ddm/activity/ Frame 3CDC 42 B
107 B 98ms
42ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIx5b99vvxgwMVetcRCB1U9AiwEAAYACDwwe5cQhMIjc3f9vvxgwMV-62DBx2IVgoq;dc_eps=AHas8cBmxka7Si56ODIBPECdrUnmKHmis2NC1yelAMJiOjY9BQmJ2SaxntKrApbPFEf7QEVuIFjSrQM;stragg=1;&timestamp=1705959917797;str=nextSlide;strtype=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIx5b99vvxgwMVetcRCB1U9AiwEAAYACDwwe5cQhMIjc3f9vvxgwMV-62DBx2IVgoq;dc_eps=AHas8cBmxka7Si56ODIBPECdrUnmKHmis2NC1yelAMJiOjY9BQmJ2SaxntKrApbPFEf7QEVuIFjSrQM;stragg=1;&timestamp=1705959917798;s...
ade.googlesyndication.com/ddm/activity/ Frame 3CDC 42 B
401 B 97ms
41ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: reurl.cc
URL: https://reurl.cc/E44nYm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9B1E 17 KB
6 KB 82ms
82ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Jan 2024 21:45:17 GMT

POST bz
www.facebook.com/ajax/ Frame AEA7 0
0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 53ms
52ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9979453785cabe57e3bb51b6d00f2d21c05d2601f78fc6050a4b45c843b86245

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12246
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E2F 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B8iFF7eGuZYfsEvqux_AP1OijgAsAAAAAOAHgBAI&bg=!AwClAE_NAAa8BdJLnAU7ADQBe5WfOFsVaQ9p4p5Dwra7xKBrVc1J_XJoERlHXtX9TMrGnjDr2627dl_Y4a4TDJcVPixjAgAAAMJSAAAAA2gBB5kDM5nTeFZB_5GPh-YPENot7auGM7IxKTJ-_118GtGyrMoOu3jLCu5SOsLy128ecPsC__6j9yZgY6y0T0e18wlbJQj1KPcXCJjtEiI5eBbHd5-kiQl8jWKYRzs5tM3v2ClqGy4QMlLde47IfwJJckq1nlHvWXok0KPmFsAfxmRigV8ifMWhMheDgv2f2aeRlJyvZDljEbk8PmJspTQtJeoUB94WiSi9eCv7Cja8rCpfAxiysQJqzppu7z3gODW00g22kyYnlHliTopINWuK9q3LXgKPBU4aMx0nhVmKq_jr_iHjguJpb3CUVKXrd509YZZxPoCDkvlZxXwpgTr2ilYwDEHGvp9IIyZSfPDvDbkEKAZ_ecLVoTKFoOLZG95sdFcHVPNeFYcoUXsOZbTH2b4zbNBmpLLl7PribjRmZzncJ77ZePBW7NCks6Sv745vSz9XQH4502132UlZQXDO22odx7-DYCwKodtfwJ6azdwRvNDJylXGHbCXn3egmZH8P7gIh4hoYpIcq1RhB7Wm4IkQOUSRTPJWKUHw3sbn3jaALnVUaY6nL6QKSodPl8E3b_0nzfT-T3qux6KSj-cs0eWN2KEZU7l7zVcQbecmDAz0nhlnxkBH04uSqHPGzp4pmQ1cHX4KN23yUtLANEWXxHu_9rjtXxGqHKl4X3_s2TD5Y_zpAyWGVS7ATdEjZH2dW_IruF_rY7N1PseSLaNpAt2d7Iocj_lXG5sHe0qe8rI4WoELiyAxlWUcEQBBIZXe6ciF1Amw0kVv3TxRT_V02pKeg5GxUuQkSxetTY4wfYBk1bQyn0PUqh4DsJxn3VvgIdFneGxh0GOAGsiXTAgyWZMNyEIi-gnE2vRAP7hJSkq8hGIrrvkqA3Ady5i4v39Mur7MvcfS0Ix0C66twAJIAsONYdjv3KBX-HRvhi9RCiST-Nz_SPjSrpiNNHSU_DEsQX3JvoghywDqDV0INQat7-A2zLXuONiatlrBqOky3taWoBStq-WpYTrnabvasMWWSSYsNPIhZWLYFgXrYAuByFryVbJnulR0PvXJ1NXOxlNF6QR9S7MU0IPECCXEaEPzAkEkXjBn9g

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 5992 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Jan 2025 09:54:39 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Jan 2024 21:45:17 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 446A 13 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 43404
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 09:41:53 GMT
expires: Tue, 21 Jan 2025 09:41:53 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7CD4 829 B
560 B 17ms
17ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fae02e55a709f38b4e075b9f88112626593d21579ae95ef2b44b838814e6aa79

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Hzm4prK3UnZj9PUKiqIUNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/E44nYm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Hzm4prK3UnZj9PUKiqIUNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 21:45:17 GMT
expires: Mon, 22 Jan 2024 21:45:17 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 446A 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Jan 2025 09:54:39 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7CD4 0
0 39ms
39ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401180101&jk=1612628472538128&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 446A 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?dYUNog
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:18 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 renews-title1.png
re-news.tw/images/ 24 KB
24 KB 759ms
205ms Image
image/png 35.185.136.122
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://re-news.tw/images/renews-title1.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.136.122 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS: 122.136.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:18 GMT
last-modified: Sun, 28 Nov 2021 04:19:19 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "61a30347-5fad"
content-length: 24493
content-type: image/png

GET
H2 200 DFS.jpg
mma.prnasia.com/media2/2323368/ 87 KB
88 KB 79ms
20ms Image
image/jpeg 2606:4700::6811:eec2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mma.prnasia.com/media2/2323368/DFS.jpg?p=medium600
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6811:eec2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 5191d62efcd2bc7389629e6f0d9c10c093cc4c2a37b653f9c487d20c7af04fdb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:18 GMT
cf-cache-status: HIT
age: 41171
x-powered-by: ASP.NET
server-timing: intid;desc=9bce022cd3a0b939
content-length: 89579
cf-bgj: h2pri
last-modified: Mon, 22 Jan 2024 10:08:19 GMT
server: cloudflare
vary: *, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
cf-ray: 849afbb11ae51d88-FRA
access-control-allow-headers: Content-Type
expires: Mon, 22 Jan 2024 10:08:20 GMT

GET
H2 200 202401220838236.jpg
img.racingcharger.tw/wp-content/uploads/ 132 KB
132 KB 1090ms
455ms Image
image/jpeg 61.216.47.122
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.racingcharger.tw/wp-content/uploads/202401220838236.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 61.216.47.122 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 61-216-47-122.hinet-ip.hinet.net
Software: Apache /
Resource Hash: 6f0a5d7914d541adb5ee6e12cf81b0fb0c03cdd79318a20b207cce56aa441ef4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:19 GMT
last-modified: Mon, 22 Jan 2024 08:38:31 GMT
server: Apache
accept-ranges: bytes
content-length: 134893
content-type: image/jpeg

GET
H2 200 %E9%AB%98%E6%95%88%E8%B3%BA-OPENPOINTS-%E6%96%B9%E5%BC%8F%E8%88%87-OPENPOINT-%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1%E5%BD%99%E6%95%B4-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2019/12/ 123 KB
124 KB 1765ms
210ms Image
image/jpeg 192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2019/12/%E9%AB%98%E6%95%88%E8%B3%BA-OPENPOINTS-%E6%96%B9%E5%BC%8F%E8%88%87-OPENPOINT-%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1%E5%BD%99%E6%95%B4-1080x630.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fb83c74bb6ecf84215151d23e17e59295e13ac4a2e9b5b90607ac5fbba6d81f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:19 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams BYPASS
last-modified: Mon, 22 Jun 2020 07:20:29 GMT
server: nginx
etag: "5ef05bbd-1eda5"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 126373
expires: Mon, 29 Jan 2024 21:45:19 GMT

GET
H2 200 1705877684-c001fc5e7e33e4c3bcada59f90ab72a4-840x525.jpg
img.gbyhn.com.tw/2024/01/ 108 KB
108 KB 487ms
110ms Image
image/jpeg 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.gbyhn.com.tw/2024/01/1705877684-c001fc5e7e33e4c3bcada59f90ab72a4-840x525.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd4f8e259f44f558d14e53c957c745e48abdb7b6dcf42e6711701f5826de6f4b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:18 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 72467
alt-svc: h3=":443"; ma=86400
content-length: 110116
last-modified: Sun, 21 Jan 2024 22:54:45 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HhbB4%2FZHV93LlUCKAO1uC%2FNjUUSAr%2BPGSAh%2FY6shsv%2Fhkb9e088S9NqKfoNxoakyakhJuEasSJLS2RAMohUse3PYGfEV1klGD%2BcWWKu2JDQ0cCToywvqdFmKi7I0QOArccVaCQdFT1kyRSJJ0d9B"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 849afbb36b3b81df-IAD
expires: Sun, 28 Jan 2024 22:56:15 GMT

GET
H2 200 %E6%8A%B9%E8%8C%B6%E6%8E%A8%E8%96%A6%E7%A2%BC%E5%B0%81%E9%9D%A2-1140x570.png
www.rayskyinvest.com/wp-content/uploads/ 748 KB
749 KB 106ms
24ms Image
image/png 34.149.36.179
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rayskyinvest.com/wp-content/uploads/%E6%8A%B9%E8%8C%B6%E6%8E%A8%E8%96%A6%E7%A2%BC%E5%B0%81%E9%9D%A2-1140x570.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 34.149.36.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.36.149.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: a1b2fc704544aacc887678555bb01ddeac90ed9e7f406373959c7438622744e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Mon, 22 Jan 2024 21:45:18 GMT
expires: Tue, 21 Jan 2025 15:15:08 GMT
last-modified: Thu, 18 Jan 2024 10:23:47 GMT
server: nginx
etag: "65a8fc33-bb0a4"
content-type: image/png
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 766116
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 2024011003540227.jpg
i0.wp.com/golike.tw/wp-content/uploads/2024/01/ 45 KB
46 KB 41ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/golike.tw/wp-content/uploads/2024/01/2024011003540227.jpg?resize=1024%2C535&ssl=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

3db86423c04b9a3edc1b598970cc73431c5f05721a8bf08a2642ca8829583e66

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:18 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 46238
x-nc: HIT hhn 3
last-modified: Fri, 12 Jan 2024 08:24:04 GMT
server: nginx
etag: "b3bdafed421d4504"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://golike.tw/wp-content/uploads/2024/01/2024011003540227.jpg>; rel="canonical"
expires: Sun, 11 Jan 2026 20:24:04 GMT

GET
H2 200 file.png
static.wixstatic.com/media/08c74d_85f3d2bc5e0247cd96e1875a34d00d40~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 248 KB
248 KB 49ms
7ms Image
image/png 2600:9000:2057:fc00:1e:5c56:d400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wixstatic.com/media/08c74d_85f3d2bc5e0247cd96e1875a34d00d40~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:fc00:1e:5c56:d400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.21.4.1 /
Resource Hash: 0fab9d8226565c933226a271beae622492261fbed07bbd227add760da1ad9de3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-seen-by: image-manipulator-7c76496fbd-mlgdc
date: Fri, 13 Oct 2023 11:19:08 GMT
via: 1.1 google, 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
server: openresty/1.21.4.1
x-amz-cf-pop: FRA6-C1
age: 8763970
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=15552000, immutable
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: cqrrtPP8QHF50qlGqqrMbNImEP1kIUWeCSlbBoUYDIhpj9QrjpBFWQ==
content-length: 253615
wix-tracer: 2Whs3ebFGWCmylTflCxOx4hE9el

GET
H2 200 %E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
blog.alphaloan.co/wp-content/uploads/2021/04/ 180 KB
181 KB 229ms
175ms Image
image/jpeg 192.0.78.236
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.236 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

90102b36c17b8182fcb580b55b917d4807fb037df4dd104a6815ad305e2bea20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:45:18 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams BYPASS
last-modified: Thu, 27 Apr 2023 05:06:22 GMT
server: nginx
etag: "644a02ce-2d1f7"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 184823
expires: Mon, 29 Jan 2024 21:45:18 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3CDC 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvlwiYU1xT0-x2BIRUSK6l0jdjFtwoWn732NwyqOBd7wTcGXIZUDb_Wys2AfrICTFjZI3E6pZJjEO3IWPmCQTnutOJ8xEyErXXkDMiuvcH5_4gw5y69ZRvB09cY6WQ8Dtlmun8CSGZ8CUiocGApkTztgIiD&sai=AMfl-YRSydxHUE2itjWZC78yEPLBb1m4xVlKHrOY7QoUylR-aCQm3KSJZUATYjga2nTNnMxlyF0LaqQ4KIpWaaJa-nSrZTB7-zg9G7AjHQSNV-ur8lmk-CWRKcofcfJz&sig=Cg0ArKJSzIMCHap6y-coEAE&cid=CAQSPAAvHhf_iKfqWUz5GN1UES0kIuj-x66Ea6RDL9cfOSCJDDsnsBVkFgkZYKyXLx6YlOAaMzhmnbU33q-6-BgB&id=lidar2&mcvt=1000&p=358,640,458,960&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1212019568&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705959917114&rpt=385&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 41ms
40ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401180101&jk=1612628472538128&bg=!8vGl8b7NAAa8BdJLnAU7ADQBe5WfOI_wlLuctPdyHJNOnVN6-Z3-yY71Xy2NkmkLlWmWLOucdRZZ-R7M0A4hWCzdlm5zAgAAAFZSAAAAA2gBB5kCvIwYj8N_Gc-ZCGbUnfpAqLyEGQmsFTczI9dQ1BhCyCL6iwMESXhnT9KaTbSyQ6c9oTrVDCJM9ESHutzDMVxjn-kBD1iIMXLmO4QTFCFXx1OyMV-aQ2fmGrnUP5mejJvaPHxuFo42ovtHl5t0D2jSEhOoFkEtqZgknfSoIBx6Lu7OrK8StCLPX4U2eKewQHKgLMHjDRrXB-yp9sJRULdunoVv2yaJ4HjDHc_LmgZT41mztD2VIBFH_1XpVdTyBIHWZ9ezP-3Bh_I1FjLu8uDgWmIcCKkNvWMuVius1bCJfCAEcGDCTZz_SYkSxU9lZWWoCCwygVM1JA9NuMQJ803Y4zbP4wxXwCxbyyLUKY0mUSPhqyfCzFZbI0EzBJs2tT-8Xl7VYyHbH9jc8uHlDL8Z0kCWPaLzVtGqyl6O5lEWE0NFQuF691S2_XtoWyxQeafi0h3YKH-uG_fgStUy-uo5PYXf9e3fOdpvZZr7kgixyQMjOkMYdN-6eA3aOy_EEcJMbB2YVPgd8j5n6UtEsG5MbFUzXB7XuTXaij0F3sgjGYxYb8sg6aV832o2jWpiKcT-JSNtijTQIcyJCcK-Jk0gNrW0mjPzATSqrEsNGmLBA_DvYk_ul2SRs57sLfCyBygm1xWfLQ0YsSI-oW6DwDX39nsyj0aKNFlKbtbzOJbD8Mcx8aDcXk2No8z_25DYNR8MGccA6t7qfKwjFhv50lJ9qsBLT57T7ERC_TMzjdRZpn1Rk_seaXmx9VuTlT7vOCLtz6hMGke4CozNct3x8foPAb3frvZxRKE6YsMGLPSgXoIdMqCYoE-Vhw6Hu-JODUL5DcY2F8KdOiGWO8kkCWWC5iXuIkAOa9fVpAreyk-CgKNUW-2H_FXzqC9Np6jsewSpyObiUvpwEMXFV-pHdRenjNlEXf2_2zSTLq9o3nY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/E44nYm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CDC 0
20 B 39ms
38ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3600497477451&version=m202309260101&ct=76&x=1&cor=7051291605763480000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 16ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je41h0v897965293&_p=1705959913141&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1982044936.1705959913&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1705959913&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FE44nYm&dt=service%20Customer&_s=3&tfd=6961
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/E44nYm
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 85077dbcae4544b4beeea3cf8a0ff366.jpg
img01.ztat.net/article/spp-media-p1/0a197c3516f94caa83501dcf4e910f5c/ Frame D940 6 KB
6 KB 15ms
11ms Image
image/webp 2600:9000:2156:0:15:157b:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img01.ztat.net/article/spp-media-p1/0a197c3516f94caa83501dcf4e910f5c/85077dbcae4544b4beeea3cf8a0ff366.jpg?imwidth=350
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:15:157b:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b8d9e0f30e380a27ffcc9e9d32ee50a3dd15aa232ffe482478539baad8c9f076

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 08:15:21 GMT
via: 1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
age: 2035801
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 6102
x-amz-expiration: expiry-date="Mon, 04 Mar 2024 00:00:00 GMT", rule-id="Expire after 3 months"
last-modified: Fri, 24 Nov 2023 09:03:22 GMT
server: AmazonS3
etag: "ffcb67374004cd3181e86aac33b768b9"
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=7776000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: xivI34pmmbs3CXioPNStAzVBeE1QjDWWRC8eZp9lPeMG0rSlZDDq9A==

GET
H2 200 488bf90f9bd6442d882348bd9e3b7c80.jpg
img01.ztat.net/article/spp-media-p1/844e7c0b66374b928936c8327fbc8c24/ Frame D940 14 KB
14 KB 14ms
12ms Image
image/webp 2600:9000:2156:0:15:157b:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img01.ztat.net/article/spp-media-p1/844e7c0b66374b928936c8327fbc8c24/488bf90f9bd6442d882348bd9e3b7c80.jpg?imwidth=350
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:15:157b:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Skipper /
Resource Hash: 4a3bc9b51da68ed876d04506b7eb3683451af755944b608e870f572f21739bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 01:19:34 GMT
via: 1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
server: Skipper
age: 3270347
x-amz-cf-pop: FRA50-C1
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=7776000, immutable
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 8K24yD5p10gmH6J-z-ppNGaTVIDi2IVqT7ynw6t6MIaogcIV_FlLoQ==

GET
H2 200 ab88f02bfdef46d998246614e68a9444.jpg
img01.ztat.net/article/spp-media-p1/3672aabac5fc4088bb16117a9c991f89/ Frame D940 9 KB
10 KB 13ms
12ms Image
image/webp 2600:9000:2156:0:15:157b:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img01.ztat.net/article/spp-media-p1/3672aabac5fc4088bb16117a9c991f89/ab88f02bfdef46d998246614e68a9444.jpg?imwidth=350
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:15:157b:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ef7c8107b2bd1e70e603df141b8c90262ae528e59065d273ed468830239c142c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 05:39:52 GMT
via: 1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
age: 1699530
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 9642
x-amz-expiration: expiry-date="Sat, 02 Mar 2024 00:00:00 GMT", rule-id="Expire after 3 months"
last-modified: Wed, 22 Nov 2023 13:48:06 GMT
server: AmazonS3
etag: "5f8371691c4e5ab06f07258aa1899d97"
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=7776000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: aMViI2g-33WomY_aD5v5d_i7nByUnaTKcorMXGhGqPJuRC4KbR8GsQ==

GET
H2 200 cfd64755709641318a78edc3e1920f00.jpg
img01.ztat.net/article/spp-media-p1/cebe9a60b26a46aea1de6f25c07f782c/ Frame D940 20 KB
20 KB 14ms
13ms Image
image/webp 2600:9000:2156:0:15:157b:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img01.ztat.net/article/spp-media-p1/cebe9a60b26a46aea1de6f25c07f782c/cfd64755709641318a78edc3e1920f00.jpg?imwidth=350
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:15:157b:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e510894ba685bee68ebe9d36541e100242fb63223046d9827adb5e2509f57f19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 04:37:19 GMT
via: 1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
age: 1098483
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 20096
x-amz-expiration: expiry-date="Mon, 11 Mar 2024 00:00:00 GMT", rule-id="Expire after 3 months"
last-modified: Fri, 01 Dec 2023 01:02:55 GMT
server: AmazonS3
etag: "60cb7a52d110bb2cb71f83d8fd875795"
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=7776000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: nfl4Yp0X-aG3u3c83OItkmlrsJFWfhjzZ-uilfnjM6yacq1PTsU27Q==

GET
H3 200 InterstateRegular-Bold.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame 9B1E 29 KB
29 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateRegular-Bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16487568800811394484/index-70c4f56f.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d52c7c5050b088109075328a9e830e4bfdf6446c763b9e69c637d5c0e11d599

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index-70c4f56f.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:32:21 GMT
x-content-type-options: nosniff
age: 781
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29232
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 21:47:21 GMT

GET
H3 200 InterstateCondensed.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame 9B1E 28 KB
28 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateCondensed.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16487568800811394484/index-70c4f56f.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

241bb801b29748e542884f7b902c02f12f6a318ba97f70224986634926dbc433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index-70c4f56f.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:37:06 GMT
x-content-type-options: nosniff
age: 496
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28596
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 21:52:06 GMT

GET
H3 200 logo.svg
s0.2mdn.net/4528404/1687521602712/ Frame 9B1E 5 KB
2 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687521602712/logo.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 17:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16611
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
last-modified: Fri, 23 Jun 2023 12:00:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 17:08:31 GMT

GET
H3 200 cta-small.svg
s0.2mdn.net/4528404/1687523402213/ Frame 9B1E 4 KB
1 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687523402213/cta-small.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3259ca7d3e09ade842ae522f7808dfc053a5d9bf7e19ea5ae94403558a361e86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16487568800811394484/index.html?e=69&leftOffset=0&topOffset=0&c=s3ZmCUwFYV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 02:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69915
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1321
x-xss-protection: 0
last-modified: Fri, 23 Jun 2023 12:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 02:20:07 GMT

GET
H2 200 dc_oe=ChMIx5b99vvxgwMVetcRCB1U9AiwEAAYACDwwe5cQhMIjc3f9vvxgwMV-62DBx2IVgoq;dc_eps=AHas8cBmxka7Si56ODIBPECdrUnmKHmis2NC1yelAMJiOjY9BQmJ2SaxntKrApbPFEf7QEVuIFjSrQM;stragg=1;&timestamp=1705959922796;s...
ade.googlesyndication.com/ddm/activity/ Frame 3CDC 42 B
107 B 43ms
42ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 21:45:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 901
pix.revjet.com/interaction/ Frame D940 43 B
276 B 41ms
40ms Ping
image/gif 65.21.233.17
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pix.revjet.com/interaction/901?__ads=0247ab31e236657728f71a58ca0572a6&vid=5111198605665009206&__adt=8240602668035630425&__ade=1&latent=0&vis_type=8&__stamp=1705959923974
Requested by: Host: cdn.revjet.com
URL: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.21.233.17 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.17.233.21.65.clients.your-server.de
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:24 GMT
cache-control: no-store
content-length: 43
expires: Sat, 01 Jan 2000 12:00:00 GMT

POST
H2 200 901
pix.revjet.com/interaction/ Frame F3B5 43 B
276 B 41ms
41ms Ping
image/gif 65.21.233.17
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pix.revjet.com/interaction/901?__ads=52726f33ef581f0da6f4439202bfe42b&vid=5111770317351714359&__adt=8240603791821795851&__ade=1&latent=0&vis_type=8&__stamp=1705959924108
Requested by: Host: cdn.revjet.com
URL: https://cdn.revjet.com/~cdn/JS/03/elements-2.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 65.21.233.17 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.17.233.21.65.clients.your-server.de
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 22 Jan 2024 21:45:24 GMT
cache-control: no-store
content-length: 43
expires: Sat, 01 Jan 2000 12:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.facebook.com
URL: https://www.facebook.com/platform/plugin/tab/renderer/?key=timeline&config_json=%7B%22app_id%22%3A%22776730922422337%22%2C%22href%22%3A%22https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F%22%2C%22width%22%3A340%2C%22height%22%3A500%2C%22has_cta%22%3Atrue%2C%22has_small_header%22%3Afalse%2C%22has_adapt_container_width%22%3Atrue%2C%22has_cover%22%3Atrue%2C%22has_posts%22%3Afalse%2C%22tabs%22%3A%22timeline%22%2C%22can_personalize%22%3Afalse%2C%22is_xfbml%22%3Afalse%2C%22referer_uri%22%3A%22https%3A%2F%2Freurl.cc%2F--redacted--%2F%22%7D&fb_dtsg_ag&__user=0&__a=1&__req=1&__hs=19744.BP%3Aplugin_default_pkg.2.0..0.0&dpr=1&__ccg=EXCELLENT&__rev=1010946193&__s=%3A%3Apd1zyj&__hsi=7327042053852206485&__dyn=7xeUmxa13xu1syUbAihwRwqo98nwgU5Gex-ewSwMwNw8OdwJwvE3vx61cw9y0Ko2_CwjE3awbG78b87C1xwEwlU-0nS4o5-0ha2l2Utw78waOfwbK0RE5a1qw8W1uwa-7U1bo6i6811E2ZwrU6C0L836w5Kw&__csr=&__sp=1

Domain: www.facebook.com
URL: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FCreditCards.com.tw%252F%26tabs%3Dtimeline%26width%3D340%26height%3D500%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId

Domain: www.facebook.com
URL: https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xeUmxa13xu1syUbAihwRwqo98nwgU5Gex-ewSwMwNw8OdwJwvE3vx61cw9y0Ko2_CwjE3awbG78b87C1xwEwlU-0nS4o5-0ha2l2Utw78waOfwbK0RE5a1qw8W1uwa-7U1bo6i6811E2ZwrU6C0L836w5Kw&__hs=19744.BP%3Aplugin_default_pkg.2.0..0.0&__hsi=7327042053852206485&__req=4&__rev=1010946193&__s=%3A%3Apd1zyj&__sp=1&__user=0&dpr=1&jazoest=21745&lsd=LmIcTD81NArbZjBMN4Ou87

Verdicts & Comments Add Verdict or Comment

163 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reurl.cc/	1970-01-20 17:54:06	Name: _gid Value: GA1.2.439255793.1705959913
.reurl.cc/	1970-01-20 17:52:39	Name: _gat Value: 1
.reurl.cc/	1970-01-21 03:28:39	Name: _ga Value: GA1.1.1982044936.1705959913
.reurl.cc/	1970-01-20 20:02:15	Name: _fbp Value: fb.1.1705959913288.795790920
.criteo.com/	1970-01-21 03:14:15	Name: receive-cookie-deprecation Value: 1
.criteo.com/	1970-01-21 03:14:15	Name: uid Value: 6e4cd7df-17a4-4f30-92c0-d74e98f7aa16
.reurl.cc/	1970-01-21 03:14:15	Name: cto_bundle Value: 4gEpql9iSzdvcURHZHVRTG5DQ1VqRkhRVVlweWclMkJRVjJqVWJGRDZQRm4zenhmOHBodTBaQ3U5ck5KbWJvd0xMVyUyRnltSlhVYnNBOTBzcWlCY05aaCUyQmRSS3dOMSUyQjZkdVQzOWg3MHI4dFZhV2VVdVlXSEUzRTVMVFlSUnZMcU9tWHNFbyUyQjElMkJJMGdCcWJnUFNaS2llTFFJcWlHUkElM0QlM0Q
.openx.net/	1970-01-21 02:38:15	Name: i Value: 911a552d-891d-495c-94b5-cbb8c200d534\|1705959913
.reurl.cc/	1970-01-21 03:14:15	Name: __gads Value: ID=83d3423ff66af1c8:T=1705959913:RT=1705959913:S=ALNI_MZPjnuab47aUlzB90-Zy9Qr8sEcHA
.reurl.cc/	1970-01-21 03:14:15	Name: __gpi Value: UID=00000d47af6879c7:T=1705959913:RT=1705959913:S=ALNI_MY873Q8Se4Km46jpcF6xJnINTZSKw
.reurl.cc/	1970-01-21 03:28:39	Name: _ga_N394QBRGC0 Value: GS1.1.1705959913.1.0.1705959914.59.0.0
.doubleclick.net/	1970-01-21 03:14:15	Name: IDE Value: AHWqTUnVroWJ1seXg29EfwGFiT3LGLTZjYGBdzCmaQu35PyG7JiSVNGRfuMOZAVBXIY
.doubleclick.net/	1970-01-20 17:52:43	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-21 02:38:15	Name: CMID Value: Za7h6pIDEu9jQTqYFJlyrgAA
.casalemedia.com/	1970-01-20 20:02:15	Name: CMPS Value: 2175
.casalemedia.com/	1970-01-20 20:02:15	Name: CMPRO Value: 2175
.adnxs.com/	1970-01-21 03:28:39	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:02:15	Name: XANDR_PANID Value: WHgEQ0Rnwug0n99W2qTLNodmmOh0AGupvJToGNj65lGQ60oC7Eqxlo3T6JBh1YjGp-rp7FFzCk2nARf8VCCHQYC6wc9l-3ZFY6h9Cp9R2RE.
.adnxs.com/	1970-01-20 20:02:15	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>wwZN2k!@wnfH8K6pQK`!5=E<L5?%K9dHk]x?:E8D1HREP18[:)bDf`7??l!em1y`mbpRzqF1`baC=*SL/c
.adnxs.com/	1970-01-20 20:02:15	Name: uuid2 Value: 8280389233878419743
.doubleclick.net/	1970-01-20 22:11:51	Name: APC Value: AfxxVi5ZV_WRBGQAiEF47QoSCRNAWHIlkvaZvUzSggzg5khsxcu2FA
.doubleclick.net/	1970-01-20 18:35:51	Name: ar_debug Value: 1
.reurl.cc/	1970-01-20 18:35:51	Name: ISMD5VERSION Value: 1
.revjet.com/	1970-01-20 17:54:06	Name: ads Value: 52726f33ef581f0da6f4439202bfe42b
.holmesmind.com/	1970-01-21 03:28:39	Name: P Value: 221945-vAgH8NQeaCI0MK1WFX2Mh4zsz5citygp
.holmesmind.com/	1970-01-20 18:13:47	Name: Vision Value: 20240123-23:59,20240123-08,20240123-08,20240123-23:59
.holmesmind.com/	1970-01-20 18:13:47	Name: C Value: null
.holmesmind.com/	1970-01-20 20:17:37	Name: RK Value: null
.holmesmind.com/	1970-01-20 17:54:06	Name: fcm Value: 1
.reurl.cc/	1970-01-20 18:35:51	Name: CFFPCKUUID Value: 678-XGpLXPFs9E0BGqMJNsRO9JxI5XQAeqKI
.reurl.cc/	1970-01-20 18:35:51	Name: CFFPCKUUIDMAIN Value: 9115-YIQPT5L1bjsV5A7gYUPO7Ar6r1StiGlp
.reurl.cc/	1970-01-20 18:35:51	Name: FPUUID Value: 9115-a87422f7fc12e953adaf5f8d7f576383
.lndata.com/	1970-01-21 02:38:44	Name: admckid Value: 2401230545151718143
.hinet.net/	1970-01-21 03:28:39	Name: uuid Value: 46db9d8e-8cd9-4642-83da-1262a2a053d7
.reurl.cc/	1970-01-21 02:38:15	Name: __htid Value: 46db9d8e-8cd9-4642-83da-1262a2a053d7
.reurl.cc/	1970-01-20 17:52:43	Name: _ht_em Value: 1
.reurl.cc/	1970-01-20 17:54:06	Name: _ht_50ef57 Value: 1
.revjet.com/	1970-01-21 03:28:39	Name: trx Value: 5111770317351714359
.c.appier.net/	1970-01-21 02:38:15	Name: _auid Value: ihqAPOesBh28eqZ77OGuZQ
.adfarm1.adition.com/	1970-01-20 20:02:15	Name: UserID1 Value: 7327042051817994380
.w55c.net/	1970-01-21 03:24:20	Name: wfivefivec Value: 0sKxMYCS1Rs26x5
.w55c.net/	1970-01-20 18:35:51	Name: matchgoogle Value: 5
.quantserve.com/	1970-01-20 20:02:15	Name: d Value: EEkBCQH7KoEA
.quantserve.com/	1970-01-21 03:22:54	Name: mc Value: 65aee1ed-9ca00-ba6e3-64678
.prnasia.com/	1970-01-20 17:52:41	Name: __cf_bm Value: NI5Y4n_CwpKAjQ45Iqt7qSNluM8DN2bhq5mzJZrqLdE-1705959918-1-AfVh8+NrGfYY+Zqg3nMZsQGVt9CLOn5WZqZdWUrGc2gqzirgwiaSFl26o4JMSQIGubtHrxIGtFdoHhNjZsAaZvw=

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

39dc3ec8239f9be1463b5816c6b2fc8a.safeframe.googlesyndication.com
46db9d8e-8cd9-4642-83da-1262a2a053d7.t.ssp.hinet.net
549442ea0bb583276d23e33136627d67.safeframe.googlesyndication.com
ad-specs.guoshipartners.com
ad.doubleclick.net
ad.holmesmind.com
ad2.apx.appier.net
ade.googlesyndication.com
ads.revjet.com
bcp.crwdcntrl.net
blog.alphaloan.co
c.holmesmind.com
cdn-ima.33across.com
cdn.ampproject.org
cdn.holmesmind.com
cdn.jsdelivr.net
cdn.revjet.com
cm-dev-poc.holmesmind.com
cm.g.doubleclick.net
cm.lndata.com
cms.quantserve.com
connect.facebook.net
creditcards.com.tw
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
fcm.holmesmind.com
fcm2.holmesmind.com
fonts.googleapis.com
fonts.gstatic.com
gocm.c.appier.net
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
i0.wp.com
ib.adnxs.com
image6.pubmatic.com
img.gbyhn.com.tw
img.racingcharger.tw
img01.ztat.net
invstatic101.creativecdn.com
m.holmesmind.com
mma.prnasia.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
pix.revjet.com
pm.w55c.net
re-news.tw
region1.analytics.google.com
reurl.cc
rtb.openx.net
s0.2mdn.net
scontent.xx.fbcdn.net
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static.criteo.net
static.wixstatic.com
static.xx.fbcdn.net
stats.g.doubleclick.net
storage.re-news.tw
storage.reurl.cc
sync.teads.tv
t.ssp.hinet.net
tags.crwdcntrl.net
tpc.googlesyndication.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.rayskyinvest.com
www.facebook.com
104.18.35.167
116.50.36.71
142.250.181.226
142.250.184.194
142.250.185.70
142.250.185.98
167.235.11.39
172.105.221.29
172.64.151.101
18.155.129.21
18.197.162.124
192.0.77.2
192.0.78.236
192.0.78.24
192.229.233.6
198.47.127.19
2001:4860:4802:34::36
203.66.35.74
203.75.214.136
23.35.237.56
2600:9000:2057:fc00:1e:5c56:d400:93a1
2600:9000:2156:0:15:157b:ff80:93a1
2600:9000:2250:aa00:0:e06c:e940:93a1
2606:4700::6810:5914
2606:4700::6811:eec2
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:801::2001
2a00:1450:4001:802::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:81c::2001
2a00:1450:4001:827::2003
2a00:1450:4001:827::2006
2a00:1450:4001:828::2002
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9c
2a02:2638:3::3
2a02:2638:3::c
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a06:98c1:3121::3
34.102.146.192
34.120.107.143
34.149.36.179
34.149.98.30
34.95.67.231
34.96.70.87
35.185.130.121
35.185.136.122
35.186.253.211
35.190.36.98
35.201.76.93
35.227.249.156
35.244.159.8
35.244.196.223
35.73.17.154
35.79.48.13
37.252.173.215
51.38.120.206
52.69.87.178
54.170.29.7
61.216.47.122
65.21.233.17
85.114.159.93
89.149.192.197
05a7fccd3b6d253392f9aae878a8343fb153761f0a66a6a0e669d1823a75118d
07e7fe2ae1f7a8b12a42abe3d98f965966c1b8f505d3b4b2c951ed072bc3bca7
0912eb76845cca43ec976e9bc886ca3f240697afb98c9ec95ec6c34fa32a8a71
09561a8c2ee576756fe3eb9db7323dfe42fff9f3fa0104104f61f3c973533874
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e3979b319c1ce95b982c3887be47e9fe05f2e8e18020cbda37bc1fa71e37472
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2
0fab9d8226565c933226a271beae622492261fbed07bbd227add760da1ad9de3
13e64e2153618f475e94e0e85fa68c9ce910cfc9b24ca9d44fa546a7d2020a24
152c87f7fa936808f3c68c4c37c865635ec0d1b598609a52990a4da941fa068d
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
1b16a5af84666feb9f8f195d3a8b74042f80439ca327b61f1c598f58072911ea
1f85a81bd4c2cfec0ebb2719c72cc4092862ee40b0a7822b174a79857ba82fa6
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
241bb801b29748e542884f7b902c02f12f6a318ba97f70224986634926dbc433
264a0a28c23da253d460c72e9b7ff9e297a4e02ea590c5d20a1f0fa77bc9aadd
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840
27c91b042b50c145ccbe32c722d890e2e13b662302c269e1c990591348d98875
291ad59350731069a43cb924ae03eba4174c9157dbb1434679298877141e1fbb
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
3259ca7d3e09ade842ae522f7808dfc053a5d9bf7e19ea5ae94403558a361e86
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
36ec1a683484bce1fca08f1a6831301e6e5da35baa36d8274975d7d72f5dc2a6
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3bfbd588006eeee4a5ad2ca97fdbe3d7bfca1c9d47e6a45cb7b69b1cee3532a1
3db86423c04b9a3edc1b598970cc73431c5f05721a8bf08a2642ca8829583e66
40e339b39ab5229aa56624c7df0f88a60ceb6ddce68f0b98b968d8644892af38
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
446fc7d126ed25e3ccf4a8619ced94dc10e4b41154bb0fea672b8100ff77e739
45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb
4636fb9df5ae103fbad3764c9f98400be1c9384cbe77fdb6951b96adcac788b1
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
489c8bd821038a9ce8f643de824f6a507c68e3a4e024fb56209d7b9464134036
4903141af05dab837543e379f26049fdceb72ab8d7248ce3213b09b6b5b04aa8
4a3bc9b51da68ed876d04506b7eb3683451af755944b608e870f572f21739bb3
4a46e8bd5307848d5ba66c67f43de932f37338e5172b11cd323ca013b89fe9fb
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ba7441454b993f6dc09527c8a03ab527e59496d04796dec6f7189208bd315b6
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5191d62efcd2bc7389629e6f0d9c10c093cc4c2a37b653f9c487d20c7af04fdb
52bb2d07b65ec544edeb2a33f4103397a28f036f0d100090f3e17e4364aea1fb
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55ee9510e78623f5fd1309067dc6e7a15f70d48e23e5658a0aa81be100ad232b
569cde2a2d9c46b8a90a8c4296aa45d9f52a146d7b075f9e5dba7fcc2f03ce2c
5be2ab464eb1f97c1087491d76ec587a5f1c537e41363fecc4bb6dc9f28e568f
5dd0b5724f4bbac4bd58de274236fce36135ce302364b3b8ff5c4c3631e81139
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6149e64e42f41b1d226a77eccf0b0b96892f9e3601c388ba183913c33ff639bb
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63f7be1d0a480f22ca23ca1a147f759d5199f5a16ad731633cd3aa81f857ec5c
6480d194b98b9fc3e4589a44b7e54b81ad926722e5b6fb7cc236161e2c2e03ac
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
69528e3dfd2b91eedc2bf69f141a51cd73e1e28ed16f8bfc5f10de0e7a3c5200
69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35
6f0a5d7914d541adb5ee6e12cf81b0fb0c03cdd79318a20b207cce56aa441ef4
70c4f56f8e13e9387d9c65b17636a678eb6ccf82a8255cb1d2eb9192f7e478bb
71afeaa2f8371d9b3f97e6a91b94b72b2eec42d37886a88207943877051187b7
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d
74c6d9117673ef0056d0cf6f8b401a2c3677434fc873f2054b89d551f0d237a7
7e10c54664d1afe92a38644af769d6495400fcbf8aa5f8631a78eb55f58f3dd2
7fcd866c187a043196ab5b083e2e9055098017e4e66fde37d354829ffcf5f3d4
8271b841e73750bcf9a779c03f54f06281398d46633b247813d5fe3421b95021
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87d29ebc03c2c2a2090062efabc2ab6fc5b4407ea5c43763f0a3f717d4b23312
885cb38c43b35c7ff9befe60f6c96f653d15befa0770f5f2ea0ea5cbc5d03a68
8dc3914f441ecc859886d666df0b83135bf3be073c8838d91e3635230e641efe
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e
90102b36c17b8182fcb580b55b917d4807fb037df4dd104a6815ad305e2bea20
90edac54a124f81059f7274b63fce20251062f1034c9c2ccc9af7413c8d1cd80
913af4bac90e23b14cd4e2c38ba7807ceb25d8167392b8822004fad88c7a472d
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
915b4482630044aa18e9ee03669b89e221dcae195a879c12346c6ab47a2500f4
93e6bf19f19d2a03c4ed31d7206d3a630fcbc1b9495bca766906d621b6ebb644
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
9979453785cabe57e3bb51b6d00f2d21c05d2601f78fc6050a4b45c843b86245
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d52c7c5050b088109075328a9e830e4bfdf6446c763b9e69c637d5c0e11d599
9db6eb84d3a774b0d8ac3cad8c6c899a449169877729bb4c7bc7d87505fbfb20
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
9e52993af61643d30e57659134617225748709b37568d944153cca2e023fb3fb
9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b
9ee2af0367db9a24c31f395274f2dc2f8d3ca3ff98c909b5ebd8c24024972460
9fb4148717aa67385596c190ef092545e134af6244bc90e7c28514fede0e1461
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a00165bad079462fb75ea06f53c5d331dd32baefd58c3f898e9dc6499d74f2f9
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a194e711b7cfda7ee27f0e59ff111c43a413210210089c082c3524c503456dd1
a1b2fc704544aacc887678555bb01ddeac90ed9e7f406373959c7438622744e2
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a75a5c50db4d5628dad52eb05139bf0677fb4d19d6915f18d267806dbdd810ea
a956a6fe1ee57805393bf1781b32486b4ed9ca402a04320280e59a18bc348a87
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ae42780a45b51519108c5652ede4a30cbf2dd2d4417f11e1f29f6a0361e947f4
aea329c8fc42e4454ef62e1fbca6c04aac43220994f688869210598a66228f53
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aee1b6c4bde47d675127a7e2d8ba6beee16eb24fdaf6aa66ae6f0dd667e2c916
b02cfdd20fac895a89ad30dcae3480489cd8f55e1d02b6fa162df658695f14a5
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4b2799539132f279c4c6520c8d589d8f84d4e06d014159a4ee62777de308d2e
b617ae5eea990b3409db83eba2b37bcc5498abb4b02c3239af16645006ef25d5
b6702087d88926b897eade8d2a9131dfc2016d21d9eed719e045d9f614669273
b74e5ab38a474ea9c30e80d6f3cefb0b5c5201118325b037fa032994fd7c9d40
b8d9e0f30e380a27ffcc9e9d32ee50a3dd15aa232ffe482478539baad8c9f076
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22
bfc0b1fd1c82937e8b73386fa545f650d7cb1d4f8482195facfd1617b881dff1
c0a9e937cf031edb0f9312fba2bb4554430fff4e4c4f7c91ea4075edb3e88ef9
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821
c2754c8058fdfdf9c8aef009eb9b3c25b93aeab0c7a0cbe5a4be020620ee4966
c3b7bf416424abed17314649bb71a1de7a3afc6af66840d04b730e69652e27ac
c57e30f3e3440754bfd9c14304db0781d0d1226d5a3b093a4ed015f5007d5c62
c62a99738ed2783dac6ea4e44d47cd1402c5431a96b003ca821c35ca7169a258
c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255
c7d5594f3a599ccd0b1a336bb68a24d59882f394bb0b9c9a29c5200cd2b48468
ca848bb459064d2d0a527bd0840ec4cbdea5545ab07b8dc7ebb61c8d0cb1a954
cd4f8e259f44f558d14e53c957c745e48abdb7b6dcf42e6711701f5826de6f4b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf5de34ab663c557d25b498f7b00b2236bff9e01ac6333e40afe537625c9635e
d0260a942842dfe2e8de7d78be4aecaa450e9ee0be021d76e6ba13d9f5c92b08
d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d144365863e6bb29da96e647c672152326639ed4bad9f7f4092eeb3698eba532
d1ea19a19ec8d6220550ff2184b4c0b90caae3b46865454cc42f803d52d2562e
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d5d09e4a2f975bd3b1d2467607c33d0c3ab7c493498d2e21c751f25fadd9746a
d5ef37381138e5c82aba1b09a5e9cb76a193c998e80f09e9ec9cdb8c0eac8e17
d7800992c70337710a800628bad888bebad0a275102de46a3370179e373c034b
d85c2a791bc239832bdd2f1b17db4308cfde1a4c8980e023b24f1fc00f3d382a
d882dff85edd5e0121959274acf5b8c5ffb6f5526b0bf2842982e2e17fbd3198
d9dc8b250cb1c4d2e6a78b24ee09f8a434890c3f8fa0edc0684e1bfd6a6c7c91
da9912d4e908e3788e753fe3583a9063c0b65049f82d366fe871f03368f7ce10
dce3111ede9ead68dbb0c6343255a1cc111060d98da86a7e96e0fa8510bb1a02
ddcebbf00b80631b39d8dc4c2a851f64ee7697506d6f0ffe0b0987f79247059a
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670
de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e13547eec8879c9b576c2e06837303ad06ea15905d4eb075291ff21686a5b3da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44b4d77b271b6595bfed67b604e1dbbcb99906e6eed0844efcfc3f762a2c1a1
e510894ba685bee68ebe9d36541e100242fb63223046d9827adb5e2509f57f19
e58d3594966d71e654e441d9d51c4e406fc28c66c93c50a7294ced5755dfcd4c
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec0252ba8694b474f3b887ffe91c07341280451a177944d79ff2a94d877a07d5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef7c8107b2bd1e70e603df141b8c90262ae528e59065d273ed468830239c142c
f0563dbb4bb81c6b1f745145ff4ca39c3d63daf31952c521dbb689dda5b26ff3
f34428f898fb63f420d9774acf1c03f09623569d0d764e9b76c43d4d29752326
f3f47903ab86885cc68031c8342a3d220754100194b6248fed233e1ed278dadd
f459bcfec9b90fb2f0ae513c92b064f6457ad813bce8f7c03f75e1261b69b513
f98e46c158bbde86c51826dd30c8e7a850678f5fb28df7240e767605f310c591
fae02e55a709f38b4e075b9f88112626593d21579ae95ef2b44b838814e6aa79
fb83c74bb6ecf84215151d23e17e59295e13ac4a2e9b5b90607ac5fbba6d81f7
fd0c747a5a0d859f124191192e8a9ba304b621480e3a1f63f70161e1b783312b
feb3062249f4d471eb76ae13f6924abbd143680fba63c07e54cd301aba0119dc
febaf4a1ace567d9e1c2a64b9721eaa47cb418db39c8869b38ecd480bdfde322
ff9ce35d5fae856bab207c9f8d8eb3dff6354f007ea9f9b9a32f5cc018d52876
ffd5ab38e5eb365c61b8cf48354ebf18bb8a517544289583baa8e5d03788a3f6

reurl.cc Open in urlscan Pro 35.185.130.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

306 Requests

92 %HTTPS

39 %IPv6

48 Domains

76 Subdomains

67 IPs

10 Countries

5987 kBTransfer

12544 kBSize

45 Cookies

21 Outgoing links

Redirected requests

306 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Screenshot
Live screenshot

Full Image

306
Requests

92 %
HTTPS

39 %
IPv6

48
Domains

76
Subdomains

67
IPs

10
Countries

5987 kB
Transfer

12544 kB
Size

45
Cookies

306 HTTP transactions
8 data transactions