urlscan.io logo urlscan.io
SecurityTrails logo

reurl.cc Open in urlscan Pro
35.185.130.121  Public Scan

Go To Rescan Add Verdict Report
URL: https://reurl.cc/dnpNOk
Submission: On March 19 via api from JP — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 57 IPs in 5 countries across 38 domains to perform 242 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 168549.
TLS certificate: Issued by R11 on March 14th 2025. Valid for: 3 months.
This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 35.185.130.121 396982 (GOOGLE-CL...)
2 2a04:4e42:400... 54113 (FASTLY)
5 34.149.98.30 396982 (GOOGLE-CL...)
3 2607:f8b0:400... 15169 (GOOGLE)
30 142.251.40.162 15169 (GOOGLE)
3 203.137.133.156 4694 (IDCF IDC ...)
2 168.95.245.1 131660 (CHTCDN Da...)
5 107.178.241.176 396982 (GOOGLE-CL...)
4 157.240.241.35 32934 (FACEBOOK)
2 34.160.26.175 396982 (GOOGLE-CL...)
2 157.240.241.1 32934 (FACEBOOK)
3 2607:f8b0:400... 15169 (GOOGLE)
1 183.79.249.124 24572 (YAHOO-JP-...)
2 142.250.81.238 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
1 1 2001:4998:14:... 14777 (YAHOO)
2 2 2406:2000:98:... 38032 (YAHOO-HK2...)
2 2 100.28.140.230 14618 (AMAZON-AES)
2 2 52.223.40.198 16509 (AMAZON-02)
1 2 50.16.174.192 14618 (AMAZON-AES)
1 2a04:4e42::300 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 103.1.220.9 131149 (YUANJHEN-...)
1 192.0.77.48 2635 (AUTOMATTIC)
1 2600:9000:211... 16509 (AMAZON-02)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 34.96.70.87 396982 (GOOGLE-CL...)
8 2620:100:a00b... 19750 (AS-CRITEO)
1 104.18.29.101 13335 (CLOUDFLAR...)
1 142.251.40.161 15169 (GOOGLE)
25 142.251.35.162 15169 (GOOGLE)
3 119.63.193.220 38627 (BAIDUJP B...)
30 2600:9000:247... 16509 (AMAZON-02)
3 2620:100:a00b::5 19750 (AS-CRITEO)
1 2620:100:a00b... 19750 (AS-CRITEO)
7 142.251.41.14 15169 (GOOGLE)
4 2600:9000:247... 16509 (AMAZON-02)
7 54.64.195.61 16509 (AMAZON-02)
1 119.63.198.189 38627 (BAIDUJP B...)
1 34.111.12.34 396982 (GOOGLE-CL...)
1 34.107.150.21 396982 (GOOGLE-CL...)
14 203.75.214.136 3462 (HINET Dat...)
3 119.63.198.143 38627 (BAIDUJP B...)
1 2 142.250.80.34 15169 (GOOGLE)
1 2600:9000:247... 16509 (AMAZON-02)
4 142.250.65.194 15169 (GOOGLE)
1 34.102.218.41 396982 (GOOGLE-CL...)
8 2607:f8b0:400... 15169 (GOOGLE)
1 119.63.198.188 38627 (BAIDUJP B...)
2 210.59.219.34 3462 (HINET Dat...)
2 103.132.192.30 138552 (RTBHOUSE-...)
4 8 35.190.36.98 15169 (GOOGLE)
4 4 172.104.121.22 63949 (AKAMAI-LI...)
4 142.251.40.100 15169 (GOOGLE)
1 142.251.35.161 15169 (GOOGLE)
1 142.251.40.129 15169 (GOOGLE)
1 142.251.40.97 15169 (GOOGLE)
242 57
1    35.185.130.121 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com
reurl.cc
2    2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
5    34.149.98.30 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 30.98.149.34.bc.googleusercontent.com
storage.reurl.cc
3    2607:f8b0:4006:822::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
30    142.251.40.162 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f2.1e100.net
securepubads.g.doubleclick.net
3    203.137.133.156 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)
cpt.geniee.jp
2    168.95.245.1 (Palo Alto, United States)

ASN131660 (CHTCDN Data Communication Business Group, TW)
PTR: 168-95-245-1.hinet-ip.hinet.net
ad-specs.guoshipartners.com
5    107.178.241.176 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.241.178.107.bc.googleusercontent.com
onead.onevision.com.tw
4    157.240.241.35 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-lga3.facebook.com
www.facebook.com
2    34.160.26.175 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 175.26.160.34.bc.googleusercontent.com
re-news.tw
2    157.240.241.1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-lga3.fbcdn.net
connect.facebook.net
3    2607:f8b0:4006:816::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    183.79.249.124 (Japan)

ASN24572 (YAHOO-JP-AS-AP Yahoo Japan, JP)
yads.c.yimg.jp
2    142.250.81.238 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f14.1e100.net
www.google-analytics.com
2    2001:4860:4802:36::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    2607:f8b0:4004:c07::9d (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2607:f8b0:4006:817::2002 (United States)

ASN15169 (GOOGLE, US)
td.doubleclick.net
3    2607:f8b0:4006:81e::200e (United States)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    2001:4998:14:800::1000 (United States)

ASN14777 (YAHOO, US)
cms.analytics.yahoo.com
2    2406:2000:98:800::e5 (Taiwan)

ASN38032 (YAHOO-HK2-AP internet content provider, HK)
ups.analytics.yahoo.com
2    100.28.140.230 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-28-140-230.compute-1.amazonaws.com
bcp.crwdcntrl.net
2    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
2    50.16.174.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-174-192.compute-1.amazonaws.com
ps.eyeota.net
1    2a04:4e42::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    2606:4700::6812:60e1 (United States)

ASN13335 (CLOUDFLARENET, US)
mma.prnasia.com
1    2606:4700:3034::6815:6009 (United States)

ASN13335 (CLOUDFLARENET, US)
img.gbyhn.com.tw
1    103.1.220.9 (Taiwan)

ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW)
PTR: ph2.g-dns.com
img.racingcharger.tw
1    192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org
s.w.org
1    2600:9000:211c:5800:1e:5c56:d400:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.wixstatic.com
1    34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com
oa.openxcdn.net
1    34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com
invstatic101.creativecdn.com
8    2620:100:a00b::30 (United States)

ASN19750 (AS-CRITEO, US)
static.criteo.net
1    104.18.29.101 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn-ima.33across.com
1    142.251.40.161 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f1.1e100.net
ea076ad4b93696117164f6fbc8330d8b.safeframe.googlesyndication.com
25    142.251.35.162 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net
pagead2.googlesyndication.com
3    119.63.193.220 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
api.popin.cc
30    2600:9000:247b:fe00:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.holmesmind.com
3    2620:100:a00b::5 (United States)

ASN19750 (AS-CRITEO, US)
bidder.criteo.com
1    2620:100:a00b::12 (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
7    142.251.41.14 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f14.1e100.net
fundingchoicesmessages.google.com
4    2600:9000:247b:7e00:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.holmesmind.com
7    54.64.195.61 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
ad.holmesmind.com
1    119.63.198.189 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
tw.popin.cc
1    34.111.12.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.12.111.34.bc.googleusercontent.com
ad.tagtoo.co
1    34.107.150.21 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 21.150.107.34.bc.googleusercontent.com
uec.tagtoo.co
14    203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net
t.ssp.hinet.net
3    119.63.198.143 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
log.popin.cc
2    142.250.80.34 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net
googleads.g.doubleclick.net
1    2600:9000:247b:4000:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
adx.holmesmind.com
4    142.250.65.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net
ep1.adtrafficquality.google
1    34.102.218.41 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 41.218.102.34.bc.googleusercontent.com
ecs.tagtoo.co
8    2607:f8b0:4006:816::2001 (United States)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google
1    119.63.198.188 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
r.popin.cc
2    210.59.219.34 (Taichung City, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 210-59-219-34.hinet-ip.hinet.net
prebid.scupio.com
2    103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net
prebid-asia.creativecdn.com
8    35.190.36.98 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 98.36.190.35.bc.googleusercontent.com
ad2.apx.appier.net
4    172.104.121.22 (Tokyo, Japan)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1731-22.members.linode.com
gocm.c.appier.net
4    142.251.40.100 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f4.1e100.net
www.google.com
1    142.251.35.161 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f1.1e100.net
9ce807cd7edc19a86b46faea21c90f89.safeframe.googlesyndication.com
1    142.251.40.129 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f1.1e100.net
3eb2cc337b56bca6a3dd525d22043c25.safeframe.googlesyndication.com
1    142.251.40.97 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f1.1e100.net
8ddd594d9c0173489ad7c0ffa5af16ba.safeframe.googlesyndication.com
Apex Domain
Subdomains		 Transfer
42 holmesmind.com
cdn.holmesmind.com — Cisco Umbrella Rank: 158711
ad.holmesmind.com — Cisco Umbrella Rank: 109223
adx.holmesmind.com
92 KB
34 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 251
stats.g.doubleclick.net — Cisco Umbrella Rank: 175
td.doubleclick.net — Cisco Umbrella Rank: 210
googleads.g.doubleclick.net — Cisco Umbrella Rank: 55
250 KB
29 googlesyndication.com
ea076ad4b93696117164f6fbc8330d8b.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 126
9ce807cd7edc19a86b46faea21c90f89.safeframe.googlesyndication.com
3eb2cc337b56bca6a3dd525d22043c25.safeframe.googlesyndication.com
8ddd594d9c0173489ad7c0ffa5af16ba.safeframe.googlesyndication.com
361 KB
16 google.com
analytics.google.com — Cisco Umbrella Rank: 171
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 740
www.google.com — Cisco Umbrella Rank: 3
72 KB
14 hinet.net
t.ssp.hinet.net — Cisco Umbrella Rank: 74181
923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net Failed
56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net Failed
5 KB
12 appier.net
ad2.apx.appier.net — Cisco Umbrella Rank: 100825
gocm.c.appier.net — Cisco Umbrella Rank: 3655
3 KB
12 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 421
ep2.adtrafficquality.google — Cisco Umbrella Rank: 429
58 KB
8 popin.cc
api.popin.cc — Cisco Umbrella Rank: 17572
tw.popin.cc — Cisco Umbrella Rank: 102215
log.popin.cc — Cisco Umbrella Rank: 82389
r.popin.cc — Cisco Umbrella Rank: 85659
105 KB
8 criteo.net
static.criteo.net — Cisco Umbrella Rank: 979
56 KB
6 reurl.cc
reurl.cc — Cisco Umbrella Rank: 168549
storage.reurl.cc — Cisco Umbrella Rank: 226989
7 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 65
22 KB
5 onevision.com.tw
onead.onevision.com.tw — Cisco Umbrella Rank: 134377
2 KB
4 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 1265
gum.criteo.com — Cisco Umbrella Rank: 503
559 B
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 121
228 B
3 tagtoo.co
ad.tagtoo.co — Cisco Umbrella Rank: 137701
uec.tagtoo.co — Cisco Umbrella Rank: 105193
ecs.tagtoo.co — Cisco Umbrella Rank: 98820
62 KB
3 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 2483
prebid-asia.creativecdn.com — Cisco Umbrella Rank: 25608
3 KB
3 yahoo.com
cms.analytics.yahoo.com — Cisco Umbrella Rank: 1982
ups.analytics.yahoo.com — Cisco Umbrella Rank: 631
991 B
3 geniee.jp
cpt.geniee.jp — Cisco Umbrella Rank: 46152
70 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 60
401 KB
2 scupio.com
prebid.scupio.com — Cisco Umbrella Rank: 108452
336 B
2 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1206
2 KB
2 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 441
1 KB
2 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1277
729 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 228
80 KB
2 re-news.tw
re-news.tw
31 KB
2 guoshipartners.com
ad-specs.guoshipartners.com — Cisco Umbrella Rank: 153028
23 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 356
58 KB
1 33across.com
cdn-ima.33across.com — Cisco Umbrella Rank: 1380
7 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 2655
8 KB
1 wixstatic.com
static.wixstatic.com — Cisco Umbrella Rank: 6581
1011 KB
1 w.org
s.w.org — Cisco Umbrella Rank: 5486
730 B
1 racingcharger.tw
img.racingcharger.tw
75 KB
1 gbyhn.com.tw
img.gbyhn.com.tw
70 KB
1 prnasia.com
mma.prnasia.com — Cisco Umbrella Rank: 851434
15 KB
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 775
198 B
1 yimg.jp
yads.c.yimg.jp — Cisco Umbrella Rank: 37203
58 KB
0 alphaloan.co Failed
blog.alphaloan.co Failed
0 creditcards.com.tw Failed
creditcards.com.tw Failed
242 38
Domain Requested by
34 cdn.holmesmind.com securepubads.g.doubleclick.net
cdn.holmesmind.com
ad.holmesmind.com
30 securepubads.g.doubleclick.net reurl.cc
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
25 pagead2.googlesyndication.com securepubads.g.doubleclick.net
pagead2.googlesyndication.com
14 t.ssp.hinet.net api.popin.cc
cdn.holmesmind.com
t.ssp.hinet.net
10 fundingchoicesmessages.google.com securepubads.g.doubleclick.net
8 ad2.apx.appier.net 4 redirects reurl.cc
cdn.holmesmind.com
8 ep2.adtrafficquality.google pagead2.googlesyndication.com
ep2.adtrafficquality.google
securepubads.g.doubleclick.net
8 static.criteo.net securepubads.g.doubleclick.net
cdn.holmesmind.com
reurl.cc
7 ad.holmesmind.com cdn.holmesmind.com
5 www.google-analytics.com storage.reurl.cc
www.google-analytics.com
reurl.cc
www.googletagmanager.com
5 onead.onevision.com.tw ad-specs.guoshipartners.com
reurl.cc
5 storage.reurl.cc reurl.cc
4 www.google.com ep2.adtrafficquality.google
4 gocm.c.appier.net 4 redirects
4 ep1.adtrafficquality.google pagead2.googlesyndication.com
securepubads.g.doubleclick.net
reurl.cc
4 www.facebook.com reurl.cc
3 log.popin.cc reurl.cc
3 bidder.criteo.com static.criteo.net
3 api.popin.cc reurl.cc
api.popin.cc
3 cpt.geniee.jp reurl.cc
cpt.geniee.jp
3 www.googletagmanager.com reurl.cc
www.googletagmanager.com
2 prebid-asia.creativecdn.com cdn.holmesmind.com
2 prebid.scupio.com cdn.holmesmind.com
2 googleads.g.doubleclick.net 1 redirects pagead2.googlesyndication.com
2 ps.eyeota.net 1 redirects reurl.cc
2 match.adsrvr.org 2 redirects
2 bcp.crwdcntrl.net 2 redirects
2 ups.analytics.yahoo.com 2 redirects
2 analytics.google.com www.googletagmanager.com
2 connect.facebook.net storage.reurl.cc
connect.facebook.net
2 re-news.tw storage.reurl.cc
reurl.cc
2 ad-specs.guoshipartners.com reurl.cc
2 cdn.jsdelivr.net reurl.cc
1 8ddd594d9c0173489ad7c0ffa5af16ba.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 3eb2cc337b56bca6a3dd525d22043c25.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 9ce807cd7edc19a86b46faea21c90f89.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 r.popin.cc reurl.cc
1 ecs.tagtoo.co ad.tagtoo.co
1 adx.holmesmind.com pagead2.googlesyndication.com
1 uec.tagtoo.co api.popin.cc
1 ad.tagtoo.co api.popin.cc
1 tw.popin.cc api.popin.cc
1 gum.criteo.com static.criteo.net
1 ea076ad4b93696117164f6fbc8330d8b.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 cdn-ima.33across.com securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 static.wixstatic.com reurl.cc
1 s.w.org reurl.cc
1 img.racingcharger.tw reurl.cc
1 img.gbyhn.com.tw reurl.cc
1 mma.prnasia.com reurl.cc
1 trc.taboola.com reurl.cc
1 cms.analytics.yahoo.com 1 redirects
1 td.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 yads.c.yimg.jp cpt.geniee.jp
1 reurl.cc
0 56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net Failed reurl.cc
0 923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net Failed reurl.cc
t.ssp.hinet.net
0 blog.alphaloan.co Failed reurl.cc
0 creditcards.com.tw Failed reurl.cc
242 62

This site contains links to these domains. Also see Links.

Domain
re-news.tw
youtils.cc
www.comptw.com
stockinfo.tw
Subject Issuer Validity Valid
reurl.cc
R11		 2025-03-14 -
2025-06-12		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
storage.reurl.cc
WR3		 2025-03-14 -
2025-06-12		 3 months crt.sh
*.google-analytics.com
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
*.g.doubleclick.net
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
*.geniee.jp
GeoTrust TLS RSA CA G1		 2024-07-30 -
2025-08-30		 a year crt.sh
ad-specs.guoshipartners.com
Go Daddy Secure Certificate Authority - G2		 2025-01-08 -
2026-01-21		 a year crt.sh
onead.onevision.com.tw
R10		 2025-02-03 -
2025-05-04		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-12-27 -
2025-03-27		 3 months crt.sh
wp.re-news.tw
WR3		 2025-03-04 -
2025-06-02		 3 months crt.sh
edge01.yahoo.co.jp
Cybertrust Japan SureServer CA G4		 2025-02-07 -
2026-03-06		 a year crt.sh
*.google.com
WE2		 2025-03-10 -
2025-06-02		 3 months crt.sh
*.doubleclick.net
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
*.taboola.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-12-01 -
2025-12-31		 a year crt.sh
*.prnasia.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-10-23 -
2025-11-23		 a year crt.sh
gbyhn.com.tw
WE1		 2025-03-06 -
2025-06-04		 3 months crt.sh
img.racingcharger.tw
R11		 2025-02-15 -
2025-05-16		 3 months crt.sh
s.w.org
E6		 2025-02-28 -
2025-05-29		 3 months crt.sh
*.wixstatic.com
R11		 2025-01-23 -
2025-04-23		 3 months crt.sh
oa.openxcdn.net
WR3		 2025-03-12 -
2025-06-10		 3 months crt.sh
invstatic101.creativecdn.com
WR3		 2025-02-12 -
2025-05-13		 3 months crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-03 -
2025-05-03		 3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2024-09-05 -
2025-09-30		 a year crt.sh
*.popin.cc
Secure Site Pro CA G2		 2024-09-23 -
2025-10-24		 a year crt.sh
*.holmesmind.com
Go Daddy Secure Certificate Authority - G2		 2025-03-06 -
2026-04-07		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-09 -
2025-05-10		 3 months crt.sh
ad.tagtoo.co
WR3		 2025-02-20 -
2025-05-21		 3 months crt.sh
uec.tagtoo.co
WR3		 2025-02-23 -
2025-05-24		 3 months crt.sh
*.t.ssp.hinet.net
HiPKI OV TLS CA - G1		 2025-02-12 -
2026-02-12		 a year crt.sh
adtrafficquality.google
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
ecs.tagtoo.co
WR3		 2025-01-22 -
2025-04-22		 3 months crt.sh
*.scupio.com
Sectigo RSA Organization Validation Secure Server CA		 2024-09-27 -
2025-10-28		 a year crt.sh
*.creativecdn.com
RapidSSL TLS RSA CA G1		 2024-04-05 -
2025-04-30		 a year crt.sh

This page contains 39 frames:

Primary Page: https://reurl.cc/dnpNOk
Frame ID: 56A46BF822B6CD635A9DA9BAB3BD6D03
Requests: 65 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: 529F3C4B3CB360F2B820F9E8E647CFE6
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=1891814378.1742402130&gtm=45je53i0v897965293za200zb9181474282&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719&z=1496502895
Frame ID: 12960D7654DD8F9677419DC33B0955E0
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 6211FD8F56996CFE013A3DD2DF9536E4
Requests: 1 HTTP requests in this frame

Frame: https://ea076ad4b93696117164f6fbc8330d8b.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Frame ID: F77BB146DC32CB3F6A2474C5B20D645A
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss47A2akmv2EkuZvVJBrthKiarrVwfQzQvV4uev7OGdwJ8shZ3n5nLjrJhIX5A6BA0rwtV9chMRMUWYUTSRhFFiCO2nBYBECGgbUU1jCI4PLFl4McgJkUgYG4EZDW1zHyzQEPaEbSTN0lveHdKdxshcU-spJHdR2fSrPg4jeD_VZOwSv2-DnNtyc4LodGXEQS5tGD54g8_ZyBcSQVVVj_PTzxUnKe1seAv0m1Q0_21m69AjEghe8P6Z4Yke541WW2vJ-8u46tsgRgQCMy1GTpwo9PuwpsPm3mdLtiEOwVxdO6-rhFCLmTpE3YAgzZUf1I6XQIJ2y6wbA2l1dbTpVOieHjHWXs02oWinynpv5x0idLNFv4lNrhRrBJjuWNVd5FmYPOMOyM6RP7-Cx1U90wPihM5Xit4_4zk5PSPoCDke50tKRA7olY0S6Q&sai=AMfl-YRm0UKxiEhjzLmqi-OxbV7fFd2NNoT7ruq0Ay2KGaxnDx-jt5nwmG234OYK4vgz0vmygVDkjCbP84toBQsHD8Mg7BXbp3zofn9zh6De0A3LnXtL0uqWJ3SwJLDX&sig=Cg0ArKJSzO-8TpqGXmYIEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 54C3453FECAFF9D894DF492FC3AF1D42
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstrQImjsAo81usiM0j-btw0b5ZH1J_WW7Oah_K_5CyCw8JbxFFRT9cLgXFGvB3tr5pPBwjCsatYi6u-K9W8bPee-hErptSpPcDnID6aSMIXgGbQWqallkiIrnXvVp4U1ssCagda6HnZIDlNEvNxsA1dEeg4V5KSVlRr8bL34-OZUpRFRjhDIQ82h0H6LSTvZd4ZfTgnqXujYpEQ2Vyx9TiIlkHkJCEmyr0pvPflKI6z8IGjr7scgqYuEOMxCO1_FfZAd1l05BSzlZ5ljiZmrhX1VH2rgaOFewo49CxcIS52mxEfhGHS0npzXz9MrjsfCiGXyfcgj84TNqUjPAQ4jES93vEjGx2BeQ9UErc6s-hQ_S73CzOjxa-p4UUvKIClF-X3KDS-Q1oQwFxBYRVxSXhDpK2CLjwEXGlo5JYvQoAGCpDu1i_bs-L2WQ&sai=AMfl-YQfsWN7LRAncrcofgYV0AI2mDcMEwJiyFBHOUyeFAhdKXub2DZD3uS9IbdzFCh2T9jh-36QxxfGuo70gcOTumTiQNFBYabu7j7t9RY-FzgWuVd4PDC9gDiY_LM6&sig=Cg0ArKJSzJBwYFta7l0KEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 8C9ADBC097482C5356B61615EF543203
Requests: 22 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst0Cm-0wWWRNCTu6FOM63k4tiZx4LNUQCx14qqYqFXLiLNMF0GtH80p7dm5WOh6VGsGK57hPiMQk7X4Q4eecTZIdfFnnAKC4_932Rr1ZpnQUTK1CW4eXTuzMJd83EsCiXk7TUBOHFBRWM4EuflIWR_-C95wtOXmoMyczDTmrcYNyqUB-O3Ly5qzPIFwawo8qNwB7r_r6Vy0CeY5RjiYLeopx5KkGBWw8k5XQnWVpVNdJxCHyiU9yqHKqk4UR-GBHi9SPodszMMAbAxiQrBEWOy0bBWu82CsErCkuZP7ciQnIsl3e96YTrfMHkCpxIbtcp3JXmBTeQVMBGF_kNuyleY1myeoy4pYglgUA41l-GmbnBEVVoW59C5waNB7v9VoQH-vmIgK0eF8TClJHhA8IzksNN0BUxwxGYo5MRRbFtvSN2Wa7WN16mdpt9GjqBq6gZQ&sai=AMfl-YTRB8f1t2Q8oWPcjFwzAdx8p-MQvOD1CNx5323IjYlauKe7A1LTZNQMCXnotZiCsvWrB7BdVIURiAQas2QVeS0H0Ztd9TI97-J2Go_rvt32xK97aGBct_oKkzrY&sig=Cg0ArKJSzJ5ZC_YRj9SMEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 911B16AD64F0619B0A152468AA999DA7
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsusf2lvL1Lz3UXxwsAqsDQK7SRtUddLH9eEwQzLEhVJci7XWuX1JLyoXJ0i4y8ojMcuNlOYfRhYWoQdqd6R0HSgE8zmQ_9Deya_cltoPY-6sb6S2o2IM-TtEhUHoosbsDSRk3PpVjMAiMJ3bSgB2HZhY6eaDhIzyAsSZ60NPX0ERKQfGh77pShOajaoc66OeU9xfaNHsK9FgptDprdN-OdCrYObXi1eIEOF-63pJnO85TxU1s9ozJTV8elRpUQl7Io4Y-3eFgijdoYvVSf0hhr-CeyWWKh25sQevgjKjeV7PhCDvSylbBZE9ySr--PCG_oHDZNFby8RCwNEWUa5OPTFsaQ3sKCf94gtOJ80FIOc3Y2owoddVJCzrRup9F1VRZ33NCEiH6nRdsIRanvmGhoaPhxIh2JyzALya5udo9vOYB3uhqLkZhOwfAmtfqUaM8A&sai=AMfl-YSKw0jySVKTRNiA9bT-oEjLfEHLl1CBKvRR9VmAIWjzSG8ogBL6ViX2iMQm4o-uIQw1Rv1rrDW_gm_oVP_e5ZxMEok1LXc8dOv2zSLXKZ__8GMnfY1w-uIub-3d&sig=Cg0ArKJSzGTPm3HyY4beEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 2887E945D20338BAACCE733E207EC617
Requests: 8 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Frame ID: 5D9F45896E634F368E82FB0E1223FDDB
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 003595B55CB2ACC03BDE99E2CBA88AC4
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: E6AD4E678269C81B2C471F1A1EEDFBE1
Requests: 23 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: B36A115D1FA6E0E0B9AA243064B71013
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 3DA3A474DF350507077E0127F1122DB8
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250313/r20190131/zrt_lookup.html
Frame ID: 1BA5CCD7B2078AE1EE2900CA3223BCDF
Requests: 1 HTTP requests in this frame

Frame: https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Frame ID: 65FAE5F3EE065234532FF70AFAB15209
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 7B0E0934923FDF2C84B2F6422AA38327
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 97F449E1E78B837E091398C112FCE6F6
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 572837606EFFB4A9DE14A7EBE61572C1
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 237DB22186D2D2EB0F4FB3E2771CF4C9
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 71951F4BA3B878AA89AB7E10F62C5F62
Requests: 1 HTTP requests in this frame

Frame: https://9ce807cd7edc19a86b46faea21c90f89.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3
Frame ID: 29774B24F5041F46002C095E407FF351
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 581A7851FD844CE3CBE86DEB0B005277
Requests: 1 HTTP requests in this frame

Frame: https://3eb2cc337b56bca6a3dd525d22043c25.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3
Frame ID: E4C877339896F67D815A760A3DAE9709
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: DA32B57FC4A9A5B279413D6E3F2E9006
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C86279E4CFA16DEB37863C37EC700774
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstnFbrQ39QdGOEExcfFj3fLNhlu9XkrSoH7U-K6FkAYqxIzaeBb_-sn8Rw90vQTLQGQgDaWu2nLvmX8qUpioZGFfFoZMDGeI4d3t8n5gg9Td9vgDxRq8tCtkSY9a94uLB1csaBCLSir2T1W6kRvwumq4zHOBsbfDyg9ZqzSEqJl9aV-Gi4ogkVgnbfOcGt91xKzg6JvMOwpoqgenR4gC42ZIK7dcfnRYxqZvpai1WhVcX5qp1AvqlFxpWbXImys-cs8kYqp_ZxSdhGMTMw1G7zgM-vBn4nRfu7O0zQersyZhdVAEiVXgFujhogieKyyn3iW-NmmiRx9IXda1ZvGRniNsX7xWkwO_08J2ZcLZ9YdF90FxntBRizV8aJ8g2h8LlxKVLfRuYSgKFKnYGak0DXh_bqALXc58T0v3c-OgVelwOl5dz1KtSpwQF7PD-4GqNnSqiSIsCoi2Q&sai=AMfl-YTo-GO_3s63Fjn-kvcQX9REUA0dacLoGnXpnejDQSJ3ZoQ0D8eR5MrQo9wx7rXOuJgv0530BOG5OdDGsurmgyUITLUJFMKhpGYUe4BtaIZ5G_SESgxfq72Fld9F&sig=Cg0ArKJSzGcFNMNq6IomEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 4A8FF5C988BAA6014EC88C2BFCA2BB0E
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d
Frame ID: FABE41696BED1E9E0E66F2E3D56AA4F4
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: F8D6989FDDF78FBE4394976032D1762B
Requests: 22 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 128F30A55573D16225105815C37CB94F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6EDC9A89520DC13686ACFD5DF4E526DE
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: F5B41AD4A7E5078B8E9E0A15F012AB74
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 28A44D1EB3ED021447FCAE96AD5FC99C
Requests: 1 HTTP requests in this frame

Frame: https://8ddd594d9c0173489ad7c0ffa5af16ba.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=6
Frame ID: 371AE98DDB2A9D35697964A491DA020E
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: B77741A28F376C5106EB1C287D0C1E25
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9A7E881ECFCB83392A43581600ACB6EE
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvhFCX03PajbsAr9uWY1qOhQxxf5cxJBM5LE48dVmUJIYTRAM4GtnZP2Dt8T5u60YDMQm5onxZGogJOO85v8V7MHEksEyADzdQPJIQvkc3Z76b3k67tyAfe6sgM4hUXFWfqQMQWAYLQRbwEQ65f3vBNtSkqgQZiualpZmzxeDZGWjj3LRYuF8WD4cbaZLQKVEPr-uwfQI8lyenfGHDcvbpW8yQmGxVGptlEowmB5-GtaN99FHVEQrGQ8guaRCju9CQF09AyKWeB8YsUaawHOttafqNfAkUx3OT5ilOqsdNHDWc53X837HIsPnz7aDg_FQ7HWfrLx5Ymn8L00IRYLARzv1LcPJLs-tOe0rl9o3TuewiBEMov4E6koGg2yZPPztDBn2v16uhvj6Ylu30vj6ZWxaTUZZa4Etvd6bSuPqWjIk1rQoNfjsETEkldIKqBFJTV7usTff0L-w&sai=AMfl-YRR9mo-jrvd2C1piVe8ShsWEOEc3uhBDTNHwO0kjziF87180xPX9eLnYK0a5elIMnN1uHzPM7IwZPUo1i0r-zh4WLuSn8MPSmCdb9mpdJ63XIUyQE5EZUCmVc0d&sig=Cg0ArKJSzJjURZL6R7A5EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 7F6D6C11F1D18A711F7498B1724994A8
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d
Frame ID: 4CEB479D3A5179EC17E6E491E9CBA18A
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: A93DBA6C60DEFA29C8C3FEB394AA9FC8
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

GMX - E-Mail-Adresse kostenlos, FreeMail, De-Mail & Nachrichten | https://navigator.gmx.net/mail?sid...

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/vue(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

242
Requests

88 %
HTTPS

33 %
IPv6

38
Domains

62
Subdomains

57
IPs

5
Countries

3005 kB
Transfer

10605 kB
Size

47
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34
  • https://cms.analytics.yahoo.com/cms?partner_id=OneDATA HTTP 302
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA HTTP 302
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/vzn?id=y-4L8uS8pE2p_UO6LGEC2R8BeizH1X7nhWOEXG3A--~A
Request Chain 35
  • https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/ltm?id=59c120b21f514d7ac333c17387ba837
Request Chain 36
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/ttd?id=e27db76e-6d30-477d-a490-9faaa605e270
Request Chain 37
  • https://ps.eyeota.net/pixel?pid=3m51m51&uid=2b50c4df-04e0-11f0-8884-0242ac120002&t=ajs HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=2b50c4df-04e0-11f0-8884-0242ac120002&t=ajs
Request Chain 111
  • https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=3173046724&pi=t.ma~as.2784%2F13803&w=300&lmt=1742402132&url=https%3A%2F%2Freurl.cc%2FdnpNOk&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1742402132194&bpp=359&bdt=607&idt=573&shv=r20250313&mjsv=m202503170101&ptt=5&saldr=sd&cookie=ID%3Db19a220630837641%3AT%3D1742402131%3ART%3D1742402131%3AS%3DALNI_Ma1IUhoAmJ4un7Ax9-1NgjPwQ-eZQ&gpic=UID%3D0000107a68dd5cf1%3AT%3D1742402131%3ART%3D1742402131%3AS%3DALNI_MbQ8DBqEi39VDhpNfuWmmu3U7HsnA&eo_id_str=ID%3D826d37fc15bb614d%3AT%3D1742402131%3ART%3D1742402131%3AS%3DAA-Afjat_GjpXBKZWqSMXYVXkQ-S&correlator=2837083558736&frm=23&ife=4&pv=2&nhd=1&u_tz=-600&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1030&ady=108&biw=1600&bih=1200&isw=300&ish=250&ifk=3641921818&scr_x=0&scr_y=0&eid=95355339%2C31091079%2C31090357&oid=2&pvsid=895196632332888&tmod=977353419&uas=0&nvt=1&fc=640&brdim=890%2C890%2C890%2C890%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=1.k3liorgkok2l&fsb=1&dtd=603 HTTP 302
  • https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Request Chain 128
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=a0rLaIQKAdeYrMWVVvLaZw
Request Chain 140
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=647LbJWwCeWkMqD0VvLaZw
Request Chain 188
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=hhwgOBakDOKBVGTTV_LaZw
Request Chain 189
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=H_GDfqptC56VYGg-V_LaZw

242 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request dnpNOk
reurl.cc/ 		15 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.130.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3fadf6580ed44d83afca9892803180db824dc3adffa2520b66a6e49a05a56260

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-origin
*
access-control-expose-headers
*, Authorization, X-Authorization
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 19 Mar 2025 16:35:28 GMT
referrer-policy
no-referrer-when-downgrade
server
nginx/1.18.0 (Ubuntu)
target
https://ci.ws/tmqud
vary
Accept-Encoding Origin
x-request-id
64256318-0922-4ee0-958f-cf36c4bcd81b
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 		152 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
age
2973635
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Wed, 19 Mar 2025 16:35:28 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-eddf8230028-FRA, cache-toj-leto2350026-TOJ
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
25648
x-jsd-version
4.3.1
style.css
storage.reurl.cc/stylesheets/rwd/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/stylesheets/rwd/style.css?v=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-request-id
50890984-b8e5-4043-b339-16ee713bfc24
access-control-expose-headers
*, Authorization, X-Authorization
content-encoding
gzip
age
23080
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 10:10:48 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=28800
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
904
pixel.js
storage.reurl.cc/javascripts/ 		429 B
417 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/pixel.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-request-id
1f98000f-56ce-46d6-ba19-42196e496c8f
access-control-expose-headers
*, Authorization, X-Authorization
content-encoding
gzip
age
16585
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 11:59:04 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=28800
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
322
ga2.js
storage.reurl.cc/javascripts/ 		536 B
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/ga2.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-request-id
16cfea92-7c25-48c2-b312-35447ca6d848
access-control-expose-headers
*, Authorization, X-Authorization
cache-control
public,max-age=28800
age
14447
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
536
date
Wed, 19 Mar 2025 12:34:42 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/javascript; charset=utf-8
vary
Origin
js
www.googletagmanager.com/gtag/ 		355 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0cedf3ea98f252b7f5475f7f884421b822e54796a2fc262af13a79242952b60e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires
Wed, 19 Mar 2025 16:35:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1020:0
content-length
120989
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		437 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
87e1375d8b045a0f2527f2b512e2f3725bda59dddef6d2f7da3d86053b5b6d7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires
Wed, 19 Mar 2025 16:35:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1020:0
content-length
144256
x-xss-protection
0
server
Google Tag Manager
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		106 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
30c45abf57e0285b2e5de1a13f6c3421e07776154c947b8c9dada66841a9ca58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
544 / 20166 / m202503130101 / config-hash: 11785860922430482874
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33520
x-xss-protection
0
server
cafe
wrapper.min.js
cpt.geniee.jp/hb/v1/219632/1441/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.137.133.156 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
234c0c89b9e2409fbb4ebb449993aa93c347b2cf57925e8cb0ee5c751ea3dc46

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=3600, private
content-encoding
gzip
etag
W/"67dab386-2f10"
cross-origin-resource-policy
cross-origin
expires
Wed, 19 Mar 2025 17:35:29 GMT
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript
last-modified
Wed, 19 Mar 2025 12:07:34 GMT
server
nginx
ad-serv.min.js
ad-specs.guoshipartners.com/static/js/ 		50 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
168.95.245.1 Palo Alto, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS
168-95-245-1.hinet-ip.hinet.net
Software
HiNetCDN / OneAD
Resource Hash
7040fd7374c1bc5bed13a4e532369c03fb62484514b5956508edfb09ede54fb4

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
W/"67d13528-c774"
age
0
x-varnish
12137524 22813992
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Wed, 12 Mar 2025 07:18:00 GMT
cache-control
public, max-age=360
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
*
x-powered-by
OneAD
server
HiNetCDN
onead-lib.min.js
ad-specs.guoshipartners.com/static/js/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
168.95.245.1 Palo Alto, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS
168-95-245-1.hinet-ip.hinet.net
Software
HiNetCDN / OneAD
Resource Hash
1bf41ca1364230ce3a9cbbac1110ff4d7d287a9f978fa74297aa30117c4da9c0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
W/"67b5a55f-6100"
age
0
x-varnish
233706305
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Wed, 19 Feb 2025 09:33:19 GMT
cache-control
public, max-age=360
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
*
x-powered-by
OneAD
server
HiNetCDN
vue.min.js
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 		84 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
age
468883
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Wed, 19 Mar 2025 16:35:28 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230020-FRA, cache-toj-leto2350026-TOJ
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
33184
x-jsd-version
2.5.16
renews.js
storage.reurl.cc/javascripts/ 		404 B
523 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/renews.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-request-id
35dbaa6a-682f-4ee8-9a26-48c8102bf7ea
access-control-expose-headers
*, Authorization, X-Authorization
cache-control
public,max-age=28800
age
26772
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
404
date
Wed, 19 Mar 2025 09:09:16 GMT
last-modified
Tue, 09 Jul 2024 09:45:35 GMT
content-type
text/javascript; charset=utf-8
vary
Origin
loading.js
storage.reurl.cc/javascripts/ 		134 B
258 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/loading.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-request-id
41c8a73f-79a6-4e9a-812f-04b6936a0dad
access-control-expose-headers
*, Authorization, X-Authorization
cache-control
public,max-age=28800
age
18314
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
134
date
Wed, 19 Mar 2025 11:30:14 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/javascript; charset=utf-8
vary
Origin
oid
onead.onevision.com.tw/v2/et/ 		374 B
982 B 		Script
General
Check archive.org
Download Go to
Full URL
https://onead.onevision.com.tw/v2/et/oid?cb=window.text_etag_callback_1ev1c
Requested by
Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
3d84fcf976815278726db8314d21c9901fd972437304675190d78d8cdf0a6c82

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-onead-version
f00555d2
etag
2b50c4d3-04e0-11f0-8884-0242ac120002
age
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
362718905
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript
last-modified
Wed, 19 Mar 2025 16:35:29 GMT
cache-control
max-age=600
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
374
x-onead-backend
onead-http-event-mqjn-gohttp
server
gws
x-powered-by
OneAD
page.php
www.facebook.com/plugins/ Frame 529F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-giktfAZl' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
zstd
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-giktfAZl' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:29 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster
?1
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma
no-cache
priority
u=0,i
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7483560161482985791&cpp=C3&cv=1021044805&st=1742402129436"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7483560161482985791&cpp=C3&cv=1021044805&st=1742402129436", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-connection-quality
GOOD; q=0.7, rtt=127, rtx=0, c=24, mss=1232, tbw=8363, tp=13, tpl=0, uplat=81, ullat=0
x-fb-debug
e6eNBdrIJyBJyQC3OYWoBzyxgMQsaMWBBrufU+Q7fsnQiQtxv8de239FWW4KJxwze4ki3JqbDCV/3BZww7oPUQ==
x-xss-protection
0
feeds
re-news.tw/ 		6 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://re-news.tw/feeds
Requested by
Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/renews.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
175.26.160.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
766b91aba7ba20c4f09336f9fb8eff2637435fd18ddc36473fe141b98af814d4

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
public,max-age=3600
etag
W/"19d3-v916RLYLD1W00unlLccDGMpiceQ"
via
1.1 google
access-control-allow-origin
https://reurl.cc
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6611
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
text/html; charset=utf-8
x-powered-by
Express
vary
Origin
fbevents.js
connect.facebook.net/en_US/ 		242 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/pixel.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
7b02340f2dc45840d3c378e8585638242965427824cfae847cda7f486176c359
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-956E0rrV' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-956E0rrV' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=126, rtx=0, c=24, mss=1232, tbw=8361, tp=13, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
B5Qlx2XBza+uqj08IhiUELt2JsYdG/TaueSKdablksZT3BFtSfI/wCbp7/VahIwCHE2K5wp0CZWBzdQcNUS+9w==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
63126
x-xss-protection
0
origin-agent-cluster
?1
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/ga2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
age
6153
report-to
{"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:52:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 14:52:56 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:225:0
content-length
20994
server
Golfe2
adsrv
onead.onevision.com.tw/v2/ 		177 B
464 B 		Script
General
Check archive.org
Download Go to
Full URL
https://onead.onevision.com.tw/v2/adsrv?version=20240208&uid=1000480&category=-1&cookie=true&ip=&guid=2b50c4df-04e0-11f0-8884-0242ac120002&channel=0&volume=0.5&r=&adid=&response_freq_multiple=native-drive.0&web_location=https%3A%2F%2Freurl.cc%2FdnpNOk&title=GMX%20-%20E-Mail-Adresse%20kostenlos%2C%20FreeMail%2C%20De-Mail%20%26%20Nachrichten%20%7C%20https%3A%2F%2Fnavigator.gmx.net%2Fmail%3Fsid...&fp=04c6d3e15a52f9e0d5fe2d47f4a29cde&_t=1742402129538&cb=ONEAD_text_response_1ev1c&pb=0&spid=&bgid=0
Requested by
Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0ed03838d093679e891fcf864f179c5cb765977df5365cb25459323a8a7a327c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-onead-version
f00555d2
age
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
787383332
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-onead-guid
2b50c4df-04e0-11f0-8884-0242ac120002
access-control-allow-credentials
true
x-onead-message
browser_incompatible
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
177
x-onead-backend
onead-http-query-w07k-gohttp
server
gws
x-powered-by
OneAD
1675200226052423
connect.facebook.net/signals/config/ 		81 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1675200226052423?v=2.9.189&r=stable&domain=reurl.cc&hme=c1f2cecb0bd2e60711f2156ceae0254b57f69ec526dbc6c13633615b2168eda4&ex_m=71%2C124%2C109%2C113%2C62%2C4%2C102%2C70%2C16%2C98%2C90%2C51%2C55%2C178%2C181%2C193%2C189%2C190%2C192%2C29%2C103%2C53%2C78%2C191%2C173%2C176%2C186%2C187%2C194%2C135%2C41%2C199%2C196%2C197%2C34%2C148%2C15%2C50%2C203%2C202%2C137%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C110%2C52%2C112%2C39%2C111%2C30%2C95%2C26%2C174%2C177%2C145%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C104%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C106%2C105%2C107%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C2%2C36%2C64%2C42%2C108%2C45%2C80%2C69%2C114%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C101%2C115
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
466b4a6c2c47478a104f80a757d2c06af42c6adfec939b18e7990bc1f6fa5460
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-ilTGLuOK' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-ilTGLuOK' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=126, rtx=0, c=81, mss=1232, tbw=75549, tp=73, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
XXUcpMNm1bNc+MrFxka9dlJKzzBSRObymg5b8MHTxvR1b+nmcwhJF5KFae/FidmHDJVpnjfAqLajLwZ9uArJPA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-fb-optimizer
0
document-policy
force-load-at-top
content-length
18095
x-xss-protection
0
origin-agent-cluster
?1
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/ 		523 KB
164 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
d3e4dec7f8bb0c04ea7afdd3ddec48498dc1485e0ca8ecc10b9bb610e53f7dcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
3959196029401901588
age
15147
x-content-type-options
nosniff
expires
Thu, 19 Mar 2026 12:23:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 12:23:02 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168071
x-xss-protection
0
server
cafe
yads-async.js
yads.c.yimg.jp/js/ 		210 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yads.c.yimg.jp/js/yads-async.js
Requested by
Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
183.79.249.124 , Japan, ASN24572 (YAHOO-JP-AS-AP Yahoo Japan, JP),
Reverse DNS
Software
/
Resource Hash
e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
etag
"fad34f610280b86070657d734b70d7bc"
age
494
x-content-type-options
nosniff
date
Wed, 19 Mar 2025 16:27:16 GMT
content-type
text/javascript
last-modified
Tue, 18 Mar 2025 07:38:42 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=600, stale-while-revalidate=1200
accept-ch
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
x-amz-request-id
564d8246-87c3-4431-809b-5ea62ca1030f
permissions-policy
ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
accept-ranges
bytes
content-length
58654
x-xss-protection
1; mode=block
x-amz-server-side-encryption
AES256
gnshbrequest-v4.23.3.js
cpt.geniee.jp/hb/v1/lib/ 		181 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Requested by
Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.137.133.156 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=86400, private
content-encoding
gzip
etag
W/"67d140eb-2d3d7"
cross-origin-resource-policy
cross-origin
expires
Thu, 20 Mar 2025 16:35:29 GMT
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript
last-modified
Wed, 12 Mar 2025 08:08:11 GMT
server
nginx
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503180101/ 		63 KB
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503180101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
b39e05a71f1d102609e37419d18d6ef7afab979a64e6a83f99ca240f29af08c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
7481735638272510099
age
5611
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 15:01:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 15:01:58 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23120
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503180101"
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742402129829&sw=1600&sh=1200&v=2.9.189&r=stable&ec=0&o=4252&fbp=fb.1.1742402129821.24844937369814602&cs_est=true&pm=1&hrl=5f472c&ler=empty&cdl=API_unavailable&it=1742402129647&coo=false&cs_cc=1&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
GOOD; q=0.7, rtt=127, rtx=0, c=24, mss=1232, tbw=8407, tp=14, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
196 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742402129829&sw=1600&sh=1200&v=2.9.189&r=stable&ec=0&o=4252&fbp=fb.1.1742402129821.24844937369814602&cs_est=true&pm=1&hrl=5f472c&ler=empty&cdl=API_unavailable&it=1742402129647&coo=false&cs_cc=1&rqm=FGET
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-A4HD3TPT' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7483560165033848673&cpp=C3&cv=1021044805&st=1742402130072"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
N4/frxobvp/40cUjO3EYbilPpj2c77MTXfydtri5UzgcxoDkRMpzdoPjgCevGOCBVKmZ+tSnCybYsuY6zENCjw==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7483560165033848673&cpp=C3&cv=1021044805&st=1742402130072", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-A4HD3TPT' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
GOOD; q=0.7, rtt=127, rtx=0, c=27, mss=1232, tbw=8907, tp=20, tpl=0, uplat=149, ullat=0
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
collect
www.google-analytics.com/j/ 		3 B
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1545310307&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FdnpNOk&ul=en-us&de=UTF-8&dt=GMX%20-%20E-Mail-Adresse%20kostenlos%2C%20FreeMail%2C%20De-Mail%20%26%20Nachrichten%20%7C%20https%3A%2F%2Fnavigator.gmx.net%2Fmail%3Fsid...&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=754851270&gjid=1149293416&cid=1891814378.1742402130&tid=UA-102456694-1&_gid=491048179.1742402130&_r=1&_slc=1&z=381540511
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/dnpNOk

Response headers

report-to
{"group":"ascnsrsgac:175:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:29 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:175:0
content-length
3
server
Golfe2
collect
www.google-analytics.com/ 		35 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1545310307&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FdnpNOk&ul=en-us&de=UTF-8&dt=GMX%20-%20E-Mail-Adresse%20kostenlos%2C%20FreeMail%2C%20De-Mail%20%26%20Nachrichten%20%7C%20https%3A%2F%2Fnavigator.gmx.net%2Fmail%3Fsid...&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=3&el=MTYyLjI0NS4yMDYuMjQ2&ev=1&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1891814378.1742402130&tid=UA-102456694-1&_gid=491048179.1742402130&z=977935965
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

age
13282
report-to
{"group":"ascnsrsgac:163:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 12:54:07 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:163:0
content-length
35
server
Golfe2
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je53h1v9181474282za200&_p=1742402129122&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719&cid=1891814378.1742402130&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1742402130&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FdnpNOk&dt=GMX%20-%20E-Mail-Adresse%20kostenlos%2C%20FreeMail%2C%20De-Mail%20%26%20Nachrichten%20%7C%20https%3A%2F%2Fnavigator.gmx.net%2Fmail%3Fsid...&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3029
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:87:0
report-to
{"group":"ascnsrsggc:87:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:87:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:87:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
text/plain
server
Golfe2
js
www.googletagmanager.com/gtag/ 		437 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0&l=dataLayer&cx=c&gtm=45je53h1v9181474282za200&tag_exp=102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6035985c69f0b6a191efccc5cc8bf7b7344803185ac7727d54c1cbcc05084b97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires
Wed, 19 Mar 2025 16:35:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1020:0
content-length
144255
x-xss-protection
0
server
Google Tag Manager
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je53i0v897965293za200zb9181474282&_p=1742402129122&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719&cid=1891814378.1742402130&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1742402130&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FdnpNOk&dt=GMX%20-%20E-Mail-Adresse%20kostenlos%2C%20FreeMail%2C%20De-Mail%20%26%20Nachrichten%20%7C%20https%3A%2F%2Fnavigator.gmx.net%2Fmail%3Fsid...&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3100
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
report-to
{"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:137:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
552 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N394QBRGC0&cid=1891814378.1742402130&gtm=45je53i0v897965293za200zb9181474282&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:112:0
report-to
{"group":"ascnsrsggc:112:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:112:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:112:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 1296 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=1891814378.1742402130&gtm=45je53i0v897965293za200zb9181474282&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719&z=1496502895
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:30 GMT
expires
Wed, 19 Mar 2025 16:35:30 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
128002626
fundingchoicesmessages.google.com/i/ 		195 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/128002626?ers=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
472272816a5c1d481d98da19fdcda43362368e867ac4f9eed17e2e5386fd16ae
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-57tTw2WLkIpcZaxWtmtlyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmLw1JBiaL15jnUqEButPc_qBMSGCpdYHYH4_rpLrM-B-EP9ZdYfQFwkcYW1CYiFeDguPXm9j03gwPlF55iUNJLyC-OT8_NKijKTSkvyi9KS01KLU4vKUovijQyMTA2MDc31DIzjCwwALqAskA"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-57tTw2WLkIpcZaxWtmtlyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
vzn
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=OneDATA
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true
  • https://onead.onevision.com.tw/v2/pixel/vzn?id=y-4L8uS8pE2p_UO6LGEC2R8BeizH1X7nhWOEXG3A--~A
170 B
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-4L8uS8pE2p_UO6LGEC2R8BeizH1X7nhWOEXG3A--~A
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-onead-version
f00555d2
x-vendor
vzn
age
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
616497402
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 19 Mar 2025 16:35:31 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
y-4L8uS8pE2p_UO6LGEC2R8BeizH1X7nhWOEXG3A--~A
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-86wx-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

strict-transport-security
max-age=31536000
location
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-4L8uS8pE2p_UO6LGEC2R8BeizH1X7nhWOEXG3A--~A
age
0
referrer-policy
no-referrer-when-downgrade
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Wed, 19 Mar 2025 16:35:31 GMT
content-type
text/html
server
ATS
ltm
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
  • https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
  • https://onead.onevision.com.tw/v2/pixel/ltm?id=59c120b21f514d7ac333c17387ba837
170 B
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/ltm?id=59c120b21f514d7ac333c17387ba837
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-onead-version
f00555d2
x-vendor
ltm
age
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
580892595
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
59c120b21f514d7ac333c17387ba837
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-86wx-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

expires
0
cache-control
no-cache
location
https://onead.onevision.com.tw/v2/pixel/ltm?id=59c120b21f514d7ac333c17387ba837
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
0
date
Wed, 19 Mar 2025 16:35:30 GMT
pragma
no-cache
ttd
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1
  • https://onead.onevision.com.tw/v2/pixel/ttd?id=e27db76e-6d30-477d-a490-9faaa605e270
170 B
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/ttd?id=e27db76e-6d30-477d-a490-9faaa605e270
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-onead-version
f00555d2
x-vendor
ttd
age
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
616726644
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
e27db76e-6d30-477d-a490-9faaa605e270
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-86wx-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

location
https://onead.onevision.com.tw/v2/pixel/ttd?id=e27db76e-6d30-477d-a490-9faaa605e270
content-length
197
date
Wed, 19 Mar 2025 16:35:30 GMT
server
Kestrel
/
ps.eyeota.net/pixel/bounce/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=3m51m51&uid=2b50c4df-04e0-11f0-8884-0242ac120002&t=ajs
  • https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=2b50c4df-04e0-11f0-8884-0242ac120002&t=ajs
1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=2b50c4df-04e0-11f0-8884-0242ac120002&t=ajs
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
HTTP/1.1
Server
50.16.174.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-174-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

Content-Length
1228
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Wed, 19 Mar 2025 16:35:30 GMT
Content-Type
application/javascript

Redirect headers

Location
/pixel/bounce/?pid=3m51m51&uid=2b50c4df-04e0-11f0-8884-0242ac120002&t=ajs
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Wed, 19 Mar 2025 16:35:30 GMT
cm
trc.taboola.com/sg/onedata/1/ 		0
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/onedata/1/cm
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-fastly-to-nlb-rtt
139572
x-timer
S1742402131.774837,VS0,VE142
x-vcl-time-ms
142
via
1.1 varnish
accept-ranges
bytes
x-cache
MISS
content-length
0
date
Wed, 19 Mar 2025 16:35:30 GMT
x-service-version
v1
server
nginx
x-cache-hits
0
x-served-by
cache-toj-leto2350032-TOJ
policy-check
cpt.geniee.jp/hb/v1/ 		12 B
162 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cpt.geniee.jp/hb/v1/policy-check?loc=https%3A%2F%2Freurl.cc%2FdnpNOk&list_id=mid-219632&gam_id=gam-424536528%2Cgam-0
Requested by
Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.137.133.156 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-allow-origin
*
cache-control
max-age=10800, private
content-length
12
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
application/json
server
nginx
cross-origin-resource-policy
cross-origin
renews-title1.png
re-news.tw/images/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://re-news.tw/images/renews-title1.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
175.26.160.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
public,max-age=3600
etag
W/"5fad-191b5b37a20"
age
3781
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24493
date
Wed, 19 Mar 2025 15:32:29 GMT
last-modified
Tue, 03 Sep 2024 02:25:24 GMT
x-powered-by
Express
content-type
image/png
Shield_AI_Lockup___Jet_Black_Logo.jpg
mma.prnasia.com/media2/2632721/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mma.prnasia.com/media2/2632721/Shield_AI_Lockup___Jet_Black_Logo.jpg?p=medium600
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6812:60e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
2299c048d3c0e81cfccad6b24d0a05ec8e6f16fe10fc1c1eed56ba5d1414ea3f

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
883
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 19 Mar 2025 14:06:07 GMT
server-timing
intid;desc=549bd486ffc63753
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
image/jpeg
last-modified
Wed, 19 Mar 2025 14:06:06 GMT
vary
*, Accept-Encoding
access-control-allow-headers
Content-Type
cache-control
public, max-age=1
cf-ray
922e6224f8912ad0-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
15167
x-powered-by
ASP.NET
server
cloudflare
1742374481-3d19ad150481be3ceca110b983ca7518-840x525.jpg
img.gbyhn.com.tw/2025/03/ 		70 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.gbyhn.com.tw/2025/03/1742374481-3d19ad150481be3ceca110b983ca7518-840x525.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:6009 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18ebba1833b570f5832aa77e77ceab9902919bf55faa8aa433a5a85894cbd5a4

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cf-cache-status
HIT
age
9179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FQnx0STrzzNa4jFUOiSlH2xNiCAd%2FUIGd1If2PyrsoPmnNEqpsGj4bG9%2BfobDZN4g83E6ZZTleRA2G1B1Cjv3A77%2BflS8tFp0FTuZ301ODCNzlu7AAl3fDabLffb%2BEOkK091Wa1QuRR9BIMm6fMp"}],"group":"cf-nel","max_age":604800}
expires
Wed, 26 Mar 2025 09:17:53 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=75206&min_rtt=75172&rtt_var=15912&sent=6&recv=10&lost=0&retrans=0&sent_bytes=4000&recv_bytes=2369&delivery_rate=51667&cwnd=253&unsent_bytes=0&cid=a2e10e766281270e&ts=102&x=0"
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
image/jpeg
last-modified
Wed, 19 Mar 2025 08:54:41 GMT
vary
Accept-Encoding
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
922e6225de4e3203-SLC
accept-ranges
bytes
content-length
71182
x-turbo-charged-by
LiteSpeed
server
cloudflare
2025031907151634.jpg
img.racingcharger.tw/wp-content/uploads/ 		75 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.racingcharger.tw/wp-content/uploads/2025031907151634.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.1.220.9 , Taiwan, ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW),
Reverse DNS
ph2.g-dns.com
Software
Apache /
Resource Hash
6936fb93559b850cbabc65fef3dd59c157dde3cf0bb248570aefaa91f590fed7

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

accept-ranges
bytes
content-length
76816
date
Wed, 19 Mar 2025 16:35:30 GMT
last-modified
Wed, 19 Mar 2025 07:15:22 GMT
content-type
image/jpeg
server
Apache
%E6%97%85%E9%81%8A%E6%8A%98%E6%89%A3-KLOOK-kkday-%E6%8E%A8%E8%96%A6%E5%84%AA%E6%83%A0%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2019/12/ 		0
0
1f449.png
s.w.org/images/core/emoji/15.0.3/72x72/ 		423 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/15.0.3/72x72/1f449.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=315360000
x-nc
HIT bur 1
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
423
date
Wed, 19 Mar 2025 16:35:30 GMT
content-type
image/png
last-modified
Tue, 30 Jan 2024 01:21:05 GMT
server
nginx
x-frame-options
SAMEORIGIN
file.png
static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 		1010 KB
1011 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211c:5800:1e:5c56:d400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.27.1.1 /
Resource Hash
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-cf-id
KE4PS2iwq3kvm2KDLUu88WJMlVR4hnRCqz6ltZs-GJnpjncg-aDpmw==
cache-control
public, max-age=15552000, immutable
timing-allow-origin
*
age
3249510
via
1.1 google, 1.1 590897dc65a5ea6dcbac1c8ea98c65c4.cloudfront.net (CloudFront)
x-wixmp-trace
projects/wix-media-infrastructure/traces/2spVhEK7hN7G4oknE9KNdNWC2Cu
access-control-allow-origin
*
x-seen-by
image-manipulator-79c6fd85fd-jw8kv
content-length
1033732
alt-svc
h3=":443"; ma=86400
date
Mon, 10 Feb 2025 01:57:00 GMT
content-type
image/png
x-cache
Hit from cloudfront
server
openresty/1.27.1.1
x-amz-cf-pop
JFK52-P4
%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
blog.alphaloan.co/wp-content/uploads/2021/04/ 		0
0
AGSKWxUJFl0dQ8j1TowuXsxgN_XmxVReXo6Jee-njk20WnKa91Wi_VUam0DdlOT2wNZN2dtSDFH7vy9SuVpDGOX4bCDDLTS_Pl06ZhooY3NszfPVoLg6oY50kx-aWHU2ZZU-2C09Knn54g==
fundingchoicesmessages.google.com/f/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUJFl0dQ8j1TowuXsxgN_XmxVReXo6Jee-njk20WnKa91Wi_VUam0DdlOT2wNZN2dtSDFH7vy9SuVpDGOX4bCDDLTS_Pl06ZhooY3NszfPVoLg6oY50kx-aWHU2ZZU-2C09Knn54g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyNDAyMTMxLDQwMDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL3JldXJsLmNjL2RucE5PayIsbnVsbCxbWzgsIjNreDQ3ZHRTWGpZIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMjQsIiJdLFsyOSwiZmFsc2UiXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
370f0929da8f903bc7097f1bbf583ec72dfa421f80664eb49e27bf6710be9f4c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-yRLCyUitvuKUHGXFbdadgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:31 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmLw1pBiaL15jnUqEButPc_qBMSGCpdYHYH4_rpLrM-B-EP9ZdYfQFwkcYW1CYiFuDkuP3m9j03gx7sOByWNpPzC-OT8vJKizKTSkvyitOS01OLUorLUongjAyNTA2NDcz0D4_gCAwAEFSw_"
content-security-policy
script-src 'report-sample' 'nonce-yRLCyUitvuKUHGXFbdadgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 6211 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
2214
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28720
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 15:58:37 GMT
expires
Wed, 19 Mar 2025 16:48:37 GMT
last-modified
Mon, 17 Mar 2025 19:42:52 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
esp.js
oa.openxcdn.net/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-goog-metageneration
1
content-encoding
gzip
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag
"df5542b88bc0e368c6999754a5b9e2ba"
age
99362
x-goog-stored-content-encoding
gzip
expires
Wed, 18 Mar 2026 12:59:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
7927
date
Tue, 18 Mar 2025 12:59:29 GMT
last-modified
Thu, 27 May 2021 18:30:51 GMT
content-type
application/javascript
x-guploader-uploadid
AKDAyIvuhycBiZV9JeORnaJQHZmOjiL0vuW97VD_EUR507Gfo-1WAjwPJLIgsSbqvowsnZT2CV3ySGx02hF6
cache-control
no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
x-goog-generation
1622140251693895
content-length
7927
server
UploadServer
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

etag
861bdaf24bda5c0db45c6ebe1c94a9eb
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2729
date
Wed, 19 Mar 2025 16:35:31 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 05 Feb 2025 14:45:21 GMT
server
Google Frontend
x-cloud-trace-context
723c749b765b9e3aefdda48076a43603
publishertag.ids.js
static.criteo.net/js/ld/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-a641"
cross-origin-resource-policy
cross-origin
expires
Thu, 20 Mar 2025 16:35:31 GMT
access-control-allow-origin
*
date
Wed, 19 Mar 2025 16:35:31 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
ob.js
cdn-ima.33across.com/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ima.33across.com/ob.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.29.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
public, max-age=259200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"678fc4ec-4599"
age
369472
cf-ray
922e62283bd60fe5-LAX
expires
Sat, 22 Mar 2025 16:35:31 GMT
date
Wed, 19 Mar 2025 16:35:31 GMT
content-type
application/javascript
last-modified
Tue, 21 Jan 2025 16:01:48 GMT
vary
Accept-Encoding
server
cloudflare
ads
securepubads.g.doubleclick.net/gampad/ 		182 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=791734016595560&correlator=214782296535944&eid=83321072&output=ldjh&gdfp_req=1&vrg=202503130101&ptt=17&impl=fifs&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C13848%2C18535%2C13856%2C13860%2C14209%2C14210&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7&prev_iu_szs=300x250%2C1x1%7C320x480%2C300x250%2C300x250%2C1x1%7C320x50%7C300x100%7C320x100%2C300x250&ifi=1&didk=3663017418~954026992~3220679602~2335188262~1073006158~4279657583&dids=div-gpt-ad-1692339097859-0~div-gpt-ad-1706005027566-0~div-gpt-ad-1682415009667-0~div-gpt-ad-1682415043506-0~div-gpt-ad-1683598631228-0~div-gpt-ad-1683598657711-0&adfs=1641170635~~3999208325~~4276429512~3230137061&sfv=1-0-41&sc=1&cookie_enabled=1&abxe=1&dt=1742402131063&lmt=1742402131&adxs=1005%2C-9%2C245%2C-9%2C245%2C625&adys=108%2C-9%2C108%2C-9%2C455%2C108&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C-1%7C0%7C-1%7C0%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FdnpNOk&vis=1&psz=380x250%7C0x-1%7C380x250%7C0x-1%7C1140x50%7C380x250&msz=350x250%7C0x-1%7C350x250%7C0x-1%7C1110x50%7C350x250&fws=0%2C2%2C0%2C2%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742402128118&idt=2017&adks=1451399479%2C4066066610%2C827794272%2C3475397127%2C3271617715%2C3242553145&frm=20&eoidce=1&td=1&egid=14706&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
50ac64cdd7252223f04a120a84d55baa4143b6c170281bf57fe5c9181965286f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
dcb
google-lineitem-id
6690069789,6405456366,6424070779,-2,6499557592,6499556608
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2,-2,-2,-2,-2,-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 16:35:31 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138468304473,138452341869,138456634296,-2,138462658624,138462658495
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
14602
x-xss-protection
0
server
cafe
container.html
ea076ad4b93696117164f6fbc8330d8b.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame F77B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ea076ad4b93696117164f6fbc8330d8b.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.161 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f1.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:31 GMT
expires
Wed, 19 Mar 2025 16:35:31 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
AGSKWxUjuNvyBXh6YgIrSKBeR_TP1GE22ePvI68V7-9lJdx8_AY-fe60tzzlMTuj-5C3cbvd-HN9_e7MMH4nrn8-IPc_X-vdbbgnQxOhTYSVW8hkPnfLrPbO1_e42qpRd7EAkkTgKg8zdw==
fundingchoicesmessages.google.com/f/ 		9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUjuNvyBXh6YgIrSKBeR_TP1GE22ePvI68V7-9lJdx8_AY-fe60tzzlMTuj-5C3cbvd-HN9_e7MMH4nrn8-IPc_X-vdbbgnQxOhTYSVW8hkPnfLrPbO1_e42qpRd7EAkkTgKg8zdw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyNDAyMTMxLDIxMDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcmV1cmwuY2MvZG5wTk9rIixudWxsLFtbOCwiM2t4NDdkdFNYalkiXSxbOSwiZW4tVVMiXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwiIl0sWzI5LCJmYWxzZSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
12f84fb4571546a90298c446fb4a6b5a70c5e8476bbee96405c51fee209ee4fa
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-3AvaqfsSlX7fVYrHH8xOaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:31 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw0JBiaL15jnUqEButPc_qBMSGCpdYHYH4_rpLrM-B-EP9ZdYfQFwkcYW1CYiFeDguP3m9j03gxY-LvYxKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGpgbGhuZ6BsbxBQYANqssxg"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-3AvaqfsSlX7fVYrHH8xOaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
view
securepubads.g.doubleclick.net/pcs/ Frame 54C3 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss47A2akmv2EkuZvVJBrthKiarrVwfQzQvV4uev7OGdwJ8shZ3n5nLjrJhIX5A6BA0rwtV9chMRMUWYUTSRhFFiCO2nBYBECGgbUU1jCI4PLFl4McgJkUgYG4EZDW1zHyzQEPaEbSTN0lveHdKdxshcU-spJHdR2fSrPg4jeD_VZOwSv2-DnNtyc4LodGXEQS5tGD54g8_ZyBcSQVVVj_PTzxUnKe1seAv0m1Q0_21m69AjEghe8P6Z4Yke541WW2vJ-8u46tsgRgQCMy1GTpwo9PuwpsPm3mdLtiEOwVxdO6-rhFCLmTpE3YAgzZUf1I6XQIJ2y6wbA2l1dbTpVOieHjHWXs02oWinynpv5x0idLNFv4lNrhRrBJjuWNVd5FmYPOMOyM6RP7-Cx1U90wPihM5Xit4_4zk5PSPoCDke50tKRA7olY0S6Q&sai=AMfl-YRm0UKxiEhjzLmqi-OxbV7fFd2NNoT7ruq0Ay2KGaxnDx-jt5nwmG234OYK4vgz0vmygVDkjCbP84toBQsHD8Mg7BXbp3zofn9zh6De0A3LnXtL0uqWJ3SwJLDX&sig=Cg0ArKJSzO-8TpqGXmYIEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:31 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 54C3 		40 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
e05fa4272fa689d8aca271000f3d17fffe1684744bb0139548c485de7f163143
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
14013522314978476827
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
15138
x-xss-protection
0
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 54C3 		219 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
f186eb26bb013dc13d3039942d33fe61d6dfb30685aa204bf847190d379b941c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
2474135099193125559
age
1089
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 17:17:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 16:17:23 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68853
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 8C9A 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstrQImjsAo81usiM0j-btw0b5ZH1J_WW7Oah_K_5CyCw8JbxFFRT9cLgXFGvB3tr5pPBwjCsatYi6u-K9W8bPee-hErptSpPcDnID6aSMIXgGbQWqallkiIrnXvVp4U1ssCagda6HnZIDlNEvNxsA1dEeg4V5KSVlRr8bL34-OZUpRFRjhDIQ82h0H6LSTvZd4ZfTgnqXujYpEQ2Vyx9TiIlkHkJCEmyr0pvPflKI6z8IGjr7scgqYuEOMxCO1_FfZAd1l05BSzlZ5ljiZmrhX1VH2rgaOFewo49CxcIS52mxEfhGHS0npzXz9MrjsfCiGXyfcgj84TNqUjPAQ4jES93vEjGx2BeQ9UErc6s-hQ_S73CzOjxa-p4UUvKIClF-X3KDS-Q1oQwFxBYRVxSXhDpK2CLjwEXGlo5JYvQoAGCpDu1i_bs-L2WQ&sai=AMfl-YQfsWN7LRAncrcofgYV0AI2mDcMEwJiyFBHOUyeFAhdKXub2DZD3uS9IbdzFCh2T9jh-36QxxfGuo70gcOTumTiQNFBYabu7j7t9RY-FzgWuVd4PDC9gDiY_LM6&sig=Cg0ArKJSzJBwYFta7l0KEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:31 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
cf_reurl_tw_gam.js
api.popin.cc/searchbox/ Frame 8C9A 		129 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

Content-Encoding
gzip
ETag
W/"84c303c8957ac66aa38f2a88e2291b99"
x-amz-version-id
u2A0lYWFB7No0ZP_ZBKUcX5kfrhgSMHf
Expires
Wed, 19 Mar 2025 17:35:32 GMT
Date
Wed, 19 Mar 2025 16:35:32 GMT
Last-Modified
Wed, 19 Mar 2025 07:07:58 GMT
Content-Type
text/javascript
Vary
Accept-Encoding
Transfer-Encoding
chunked
X-Cache-Status
HIT from 10.252.55.44
x-amz-replication-status
COMPLETED
Cache-Control
max-age=3600
Timing-Allow-Origin
*
Connection
keep-alive
Cross-Origin-Resource-Policy
cross-origin
Server
nginx
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 8C9A 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
f186eb26bb013dc13d3039942d33fe61d6dfb30685aa204bf847190d379b941c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
2474135099193125559
age
1089
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 17:17:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 16:17:23 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68853
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 911B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst0Cm-0wWWRNCTu6FOM63k4tiZx4LNUQCx14qqYqFXLiLNMF0GtH80p7dm5WOh6VGsGK57hPiMQk7X4Q4eecTZIdfFnnAKC4_932Rr1ZpnQUTK1CW4eXTuzMJd83EsCiXk7TUBOHFBRWM4EuflIWR_-C95wtOXmoMyczDTmrcYNyqUB-O3Ly5qzPIFwawo8qNwB7r_r6Vy0CeY5RjiYLeopx5KkGBWw8k5XQnWVpVNdJxCHyiU9yqHKqk4UR-GBHi9SPodszMMAbAxiQrBEWOy0bBWu82CsErCkuZP7ciQnIsl3e96YTrfMHkCpxIbtcp3JXmBTeQVMBGF_kNuyleY1myeoy4pYglgUA41l-GmbnBEVVoW59C5waNB7v9VoQH-vmIgK0eF8TClJHhA8IzksNN0BUxwxGYo5MRRbFtvSN2Wa7WN16mdpt9GjqBq6gZQ&sai=AMfl-YTRB8f1t2Q8oWPcjFwzAdx8p-MQvOD1CNx5323IjYlauKe7A1LTZNQMCXnotZiCsvWrB7BdVIURiAQas2QVeS0H0Ztd9TI97-J2Go_rvt32xK97aGBct_oKkzrY&sig=Cg0ArKJSzJ5ZC_YRj9SMEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:31 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame 911B 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
13
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
p1pneUj8i0bYJHHzQm3og8HgHO3RMlN-kK-FdOXMghImwiI8lXY4-Q==
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 911B 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
f186eb26bb013dc13d3039942d33fe61d6dfb30685aa204bf847190d379b941c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
2474135099193125559
age
1089
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 17:17:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 16:17:23 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68853
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 2887 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsusf2lvL1Lz3UXxwsAqsDQK7SRtUddLH9eEwQzLEhVJci7XWuX1JLyoXJ0i4y8ojMcuNlOYfRhYWoQdqd6R0HSgE8zmQ_9Deya_cltoPY-6sb6S2o2IM-TtEhUHoosbsDSRk3PpVjMAiMJ3bSgB2HZhY6eaDhIzyAsSZ60NPX0ERKQfGh77pShOajaoc66OeU9xfaNHsK9FgptDprdN-OdCrYObXi1eIEOF-63pJnO85TxU1s9ozJTV8elRpUQl7Io4Y-3eFgijdoYvVSf0hhr-CeyWWKh25sQevgjKjeV7PhCDvSylbBZE9ySr--PCG_oHDZNFby8RCwNEWUa5OPTFsaQ3sKCf94gtOJ80FIOc3Y2owoddVJCzrRup9F1VRZ33NCEiH6nRdsIRanvmGhoaPhxIh2JyzALya5udo9vOYB3uhqLkZhOwfAmtfqUaM8A&sai=AMfl-YSKw0jySVKTRNiA9bT-oEjLfEHLl1CBKvRR9VmAIWjzSG8ogBL6ViX2iMQm4o-uIQw1Rv1rrDW_gm_oVP_e5ZxMEok1LXc8dOv2zSLXKZ__8GMnfY1w-uIub-3d&sig=Cg0ArKJSzGTPm3HyY4beEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:31 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame 2887 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
13
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
p1pneUj8i0bYJHHzQm3og8HgHO3RMlN-kK-FdOXMghImwiI8lXY4-Q==
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 2887 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
f186eb26bb013dc13d3039942d33fe61d6dfb30685aa204bf847190d379b941c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
2474135099193125559
age
1089
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 17:17:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 16:17:23 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68853
x-xss-protection
0
server
cafe
events
bidder.criteo.com/csm/ 		0
187 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/dnpNOk

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:31 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
syncframe
gum.criteo.com/ Frame 5D9F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

cache-control
private, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:32 GMT
server
Kestrel
server-processing-duration-in-ticks
380646
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
_
fundingchoicesmessages.google.com/f/AGSKWxUTqpWEJRrLwmu-31QqFYwDgXwQacJRJ3jgtQzQIsLLjHcSx6VZsAZ-pTW8oWbVK9tsaGHMN90h5nlUEKXdYGzs0i_NzrS9KsYWePsTIwRn_v9BMQdiQNmXmEbtc2F0T4WqzXEaLXGaKgD7aqGtiQ4gaYeCX... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUTqpWEJRrLwmu-31QqFYwDgXwQacJRJ3jgtQzQIsLLjHcSx6VZsAZ-pTW8oWbVK9tsaGHMN90h5nlUEKXdYGzs0i_NzrS9KsYWePsTIwRn_v9BMQdiQNmXmEbtc2F0T4WqzXEaLXGaKgD7aqGtiQ4gaYeCXuoWYp4ZUZH-5poLhfjUASVZYASDULNH/_?service=ad&_dart_interstitial./ads-300./ads_ad_/top-ad-
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
f2804ff8a9898e86da5f8aa6c2f0a646e3803b174fe1f7dab4a7347d263581df
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-j5k0_ipaXudjlp5EHxowPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw1ZBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFuDmuPHm9j02g4_8ZHyWNpPzC-OT8vJKizKTSkvyitOS01OLUorLUongjAyNTA2NDCz0Dw_gCAwAA7ywy"
content-security-policy
script-src 'report-sample' 'nonce-j5k0_ipaXudjlp5EHxowPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		187 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
1adc1c30dcd11fa3812e3815c6c9f3ec82194a576a3ffdb0bab61b245458ba62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
15086987941898928024
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
60926
x-xss-protection
0
server
cafe
AGSKWxWO1plwdlT7C8WZAEkimj1VoegzNNSw71l1Ygp7uKWutOKaep5n8PKthCiIEpTB0pEleDOD50BZReeykzHr6iEqwawrn_w0NUZpWC91nS2HqEW6Lno51GI62WrB83Zz3Fqi4fv5CA==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWO1plwdlT7C8WZAEkimj1VoegzNNSw71l1Ygp7uKWutOKaep5n8PKthCiIEpTB0pEleDOD50BZReeykzHr6iEqwawrn_w0NUZpWC91nS2HqEW6Lno51GI62WrB83Zz3Fqi4fv5CA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-DI5it6XqdGyMrZTVI5Xbyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw15Bi-FB_mfUHEAvxcFx58nofm8CHD4c7GZVckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxoYWegXl8gQEAsp4lfA"
content-security-policy
script-src 'report-sample' 'nonce-DI5it6XqdGyMrZTVI5Xbyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
capmapping.htm
cdn.holmesmind.com/js/ Frame 0035 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:7e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
46
content-length
12184
content-type
text/html
date
Wed, 19 Mar 2025 16:35:11 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-id
ZW0j4QU5oP6fMNFamUwyRhE3JtBOC0AlfzSqN7CzQN8bqy-qIF9mUw==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame E6AD 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
26
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
gqNStZ-OUyw9z8o8b9EcwmMvCSlSBi7CyjVaOIjFYBnosAnkAzm9Lw==
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
capmapping.htm
cdn.holmesmind.com/js/ Frame B36A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:7e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
46
content-length
12184
content-type
text/html
date
Wed, 19 Mar 2025 16:35:11 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-id
ZW0j4QU5oP6fMNFamUwyRhE3JtBOC0AlfzSqN7CzQN8bqy-qIF9mUw==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame 3DA3 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
26
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
gqNStZ-OUyw9z8o8b9EcwmMvCSlSBi7CyjVaOIjFYBnosAnkAzm9Lw==
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 54C3 		187 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
ab4df621caf60937556c492dcc85cf551700cab89badb2672a24b961ae5d2558
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
2409835584144623626
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
60885
x-xss-protection
0
server
cafe
AGSKWxWO1plwdlT7C8WZAEkimj1VoegzNNSw71l1Ygp7uKWutOKaep5n8PKthCiIEpTB0pEleDOD50BZReeykzHr6iEqwawrn_w0NUZpWC91nS2HqEW6Lno51GI62WrB83Zz3Fqi4fv5CA==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWO1plwdlT7C8WZAEkimj1VoegzNNSw71l1Ygp7uKWutOKaep5n8PKthCiIEpTB0pEleDOD50BZReeykzHr6iEqwawrn_w0NUZpWC91nS2HqEW6Lno51GI62WrB83Zz3Fqi4fv5CA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-KIqOs0HXM8bugWt7aAbbqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw1pBi-FB_mfUHEAvxcFx58nofm8CCrf-mMSq5JOUXxifn55Wk5pXoJqYU64LYRZlJpSX5RSjs1DKQipz89PTMvPR4IwMjUwNjQws9A_P4AgMAnRslNQ"
content-security-policy
script-src 'report-sample' 'nonce-KIqOs0HXM8bugWt7aAbbqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8C9A 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:32 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 8C9A 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ea3f1235b245092aa61194a49d0db74194cf202156d5581021e1dbce67114499

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 54C3 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:32 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2887 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:33 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 911B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:33 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8C9A 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:32 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 54C3 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:32 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 54C3 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4682b028c9b090ae0abfba536abf9d0cb9231a6d30035f51475ce4f9f77770de

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame 911B 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04f1a5003bb0f2df327205e8281a581a85a8fcce68688037d589d259cea83e0b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame 2887 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b05249514d1235bb32724da7f4d199c558cb40fa178d99f34b622d3440de9f2f

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2887 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:33 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 911B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:33 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
Preset.js
ad.holmesmind.com/adserver/ Frame E6AD 		2 KB
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame E6AD 		30 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
25
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
-EK1JmviyWqdiQZIrQLsbygif7GNMj9RFn8imuyRqXPLukTUE2-VPw==
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
Preset.js
ad.holmesmind.com/adserver/ Frame 3DA3 		7 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14209
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
43a71fb6e8f61126f7dfb3fe8a1a01eba8cfbff5cd7d681bba0e62f64ad924c7

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 3DA3 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
25
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
-EK1JmviyWqdiQZIrQLsbygif7GNMj9RFn8imuyRqXPLukTUE2-VPw==
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
AGSKWxWO1plwdlT7C8WZAEkimj1VoegzNNSw71l1Ygp7uKWutOKaep5n8PKthCiIEpTB0pEleDOD50BZReeykzHr6iEqwawrn_w0NUZpWC91nS2HqEW6Lno51GI62WrB83Zz3Fqi4fv5CA==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWO1plwdlT7C8WZAEkimj1VoegzNNSw71l1Ygp7uKWutOKaep5n8PKthCiIEpTB0pEleDOD50BZReeykzHr6iEqwawrn_w0NUZpWC91nS2HqEW6Lno51GI62WrB83Zz3Fqi4fv5CA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-o4T2jGyrL0z6cJYEgbw6Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw0pBi-FB_mfUHEAvxcFx58nofm0DHgqXLmJRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxoYWegXl8gQEAewckvw"
content-security-policy
script-src 'report-sample' 'nonce-o4T2jGyrL0z6cJYEgbw6Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxWO1plwdlT7C8WZAEkimj1VoegzNNSw71l1Ygp7uKWutOKaep5n8PKthCiIEpTB0pEleDOD50BZReeykzHr6iEqwawrn_w0NUZpWC91nS2HqEW6Lno51GI62WrB83Zz3Fqi4fv5CA==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWO1plwdlT7C8WZAEkimj1VoegzNNSw71l1Ygp7uKWutOKaep5n8PKthCiIEpTB0pEleDOD50BZReeykzHr6iEqwawrn_w0NUZpWC91nS2HqEW6Lno51GI62WrB83Zz3Fqi4fv5CA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-nx2SxBhyIRft_iy7uPzLdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw15Bi-FB_mfUHEAvxcFx58nofm8CFA3uWMSm5JOUXxifn55Wk5pXoJqYU64LYRZlJpSX5RSjs1DKQipz89PTMvPR4IwMjUwNjQws9A_P4AgMAoc4lQw"
content-security-policy
script-src 'report-sample' 'nonce-nx2SxBhyIRft_iy7uPzLdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxVJIsLAxLRvdA0y1J5Q7QcV4FElTfCRJsJsXEIiP0qd48LOiCW6-JqfbXf1nMIc9MTfCZf5g-8lPhTQhVDV44SIPs8w1lxEr3OWFh_J9Gw4L2eZAkj4Fn2Vic1tD8TVV26eHRGsZw==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVJIsLAxLRvdA0y1J5Q7QcV4FElTfCRJsJsXEIiP0qd48LOiCW6-JqfbXf1nMIc9MTfCZf5g-8lPhTQhVDV44SIPs8w1lxEr3OWFh_J9Gw4L2eZAkj4Fn2Vic1tD8TVV26eHRGsZw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyNDAyMTMyLDUzNjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZXVybC5jYy9kbnBOT2siLG51bGwsW1s4LCIza3g0N2R0U1hqWSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
634e2f9e21977b3b6c2e5724131eaff85895f8a753e06ad3dfc05be18c538e36
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-FFc1rw01ZKmgACmei7XLPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmLw0pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDiuPHm9j01gx_tZa5mUNJLyC-OT8_NKijKTSkvyi9KS01KLU4vKUovijQyMTA2MDS30DAzjCwwAL0ksiQ"
content-security-policy
script-src 'report-sample' 'nonce-FFc1rw01ZKmgACmei7XLPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
show_ads_impl.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503170101/ Frame 54C3 		501 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503170101/show_ads_impl.js?bust=31091079
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
4400bd606b22c548eb8a97de8e6372727db75c21890805dc47cfe499e75174ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
16383957603556516641
age
22702
x-content-type-options
nosniff
expires
Wed, 02 Apr 2025 10:17:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 10:17:10 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
163493
x-xss-protection
0
server
cafe
td_js_sdk_171.js
api.popin.cc/ Frame 8C9A 		68 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.popin.cc/td_js_sdk_171.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

Transfer-Encoding
chunked
X-Cache-Status
HIT from 10.252.55.44
Cache-Control
max-age=3600
Timing-Allow-Origin
*
Content-Encoding
gzip
ETag
W/"d7d7ebc58d77dc27a2c068acdf41021d"
Connection
keep-alive
Cross-Origin-Resource-Policy
cross-origin
Expires
Wed, 19 Mar 2025 17:35:32 GMT
Date
Wed, 19 Mar 2025 16:35:32 GMT
Last-Modified
Tue, 28 May 2024 09:22:02 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Server
nginx
x-amz-server-side-encryption
AES256
recommend
tw.popin.cc/popin_discovery/ Frame 8C9A 		691 B
895 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tw.popin.cc/popin_discovery/recommend?mode=new&url=https%3A%2F%2Freurl.cc%2FdnpNOk&&device=pc&media=reurl.cc&extra=windows&agency=popinag&topn=50&ad=10&r_category=all&country=tw&redirect=true&uid=bd6a085d33e6e94d7681742438132688&info=eyJ1c2VyX3RkX29zIjoiV2luZG93cyIsInVzZXJfdGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsInVzZXJfdGRfYnJvd3NlciI6IkNocm9tZSIsInVzZXJfdGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidXNlcl90ZF9zY3JlZW4iOiIxNjAweDEyMDAiLCJ1c2VyX3RkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInVzZXJfdGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiIsInVzZXJfdGRfcmVmZXJyZXIiOiJodHRwczovL3JldXJsLmNjL2RucE5PayIsInVzZXJfdGRfcGF0aCI6Ii9kbnBOT2siLCJ1c2VyX3RkX2NoYXJzZXQiOiJ1dGYtOCIsInVzZXJfdGRfbGFuZ3VhZ2UiOiJlbi11cyIsInVzZXJfdGRfY29sb3IiOiIyNC1iaXQiLCJ1c2VyX3RkX3RpdGxlIjoiIiwidXNlcl90ZF91cmwiOiJodHRwczovL3JldXJsLmNjL2RucE5PayIsInVzZXJfdGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ1c2VyX3RkX2hvc3QiOiJyZXVybC5jYyIsInVzZXJfZGV2aWNlIjoicGMiLCJ1c2VyX3RpbWUiOjE3NDI0MDIxMzI2ODksImZydWl0X2JveF9wb3NpdGlvbiI6IiIsImZydWl0X3N0eWxlIjoiIn0=&alg=ltr&uis=%7B%22ss_fl_pp%22%3Anull%2C%22ss_yh_tag%22%3Anull%2C%22ss_pub_pp%22%3Anull%2C%22ss_im_pp%22%3Anull%2C%22ss_im_id%22%3Anull%2C%22ss_gn_pp%22%3Anull%7D&callback=_p6_9e7876047b33
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.189 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
1f5a6a8c7ac2c960d4b1f601ab594a2389ee9bf5a529f1063f2736cec154eb1c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-length
691
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript;charset=UTF-8
server
nginx/1.13.5
cross-origin-resource-policy
cross-origin
track.js
ad.tagtoo.co/media/ad/ Frame 8C9A 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.tagtoo.co/media/ad/track.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.12.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
34.12.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3708bbe4489aefbf64066af6a499c7476cec23bfc6cf53e9d7f2bc88ff185687

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type,Access-Control-Allow-Origin
content-encoding
gzip
x-goog-hash
crc32c=HtPvWQ==, md5=K5U0R1vjCohHUf/iKAMCDw==
etag
"2b9534475be30a884751ffe22803020f"
age
1698
x-goog-stored-content-encoding
gzip
expires
Thu, 03 Apr 2025 16:07:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
1802
date
Wed, 19 Mar 2025 16:07:14 GMT
last-modified
Mon, 10 Mar 2025 04:47:20 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AKDAyIt5JW0E0i57ofv-6eq51ErYNN-PA8aw2MEGv-10b9R0x_xl77sVBjqMn8k4_rN4-K2zOWLQ2Ko
cache-control
public, max-age=1296000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1741582040399052
content-length
1802
server
UploadServer
tuec.js
uec.tagtoo.co/ Frame 8C9A 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uec.tagtoo.co/tuec.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.150.21 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
21.150.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-goog-metageneration
1
content-encoding
gzip
x-goog-hash
crc32c=IxwxIw==, md5=L6Ez21DNgdh7j/uHKaarNQ==
etag
"2fa133db50cd81d87b8ffb8729a6ab35"
age
1117
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
3770
date
Wed, 19 Mar 2025 16:16:55 GMT
last-modified
Tue, 12 Dec 2023 09:08:46 GMT
content-type
application/javascript
vary
Accept-Encoding
x-guploader-uploadid
AKDAyIv-dIntE1JsjVv3DnzrPpGZfKX6LqEx2DTy8iipje7cI0r4ueigpxwQittH3EVsqriBW1VUM2Q
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
accept-ranges
bytes
x-goog-generation
1702372126688115
content-length
3770
server
UploadServer
utag.js
t.ssp.hinet.net/ Frame 8C9A 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 19 Mar 2025 16:45:33 GMT
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
popin_discovery5-min.js
api.popin.cc/ Frame 8C9A 		235 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.popin.cc/popin_discovery5-min.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
490591c52cd60da5e7055c5b77b7ec0b0e96c6035b62f9f2774992c6e2286969

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

Transfer-Encoding
chunked
X-Cache-Status
HIT from 10.252.55.44
Cache-Control
max-age=3600
Timing-Allow-Origin
*
Content-Encoding
gzip
ETag
W/"0592717d783f969588268cdc2474be05"
Connection
keep-alive
Cross-Origin-Resource-Policy
cross-origin
Expires
Wed, 19 Mar 2025 17:35:33 GMT
Date
Wed, 19 Mar 2025 16:35:33 GMT
Last-Modified
Tue, 28 May 2024 09:28:37 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Server
nginx
x-amz-server-side-encryption
AES256
discoverylogs
log.popin.cc/log/popin_media/ Frame 8C9A 		66 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNCwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9kbnBOT2siLCJsb2MiOiJodHRwczovL3JldXJsLmNjL2RucE5PayIsInRkX29zIjoiV2luZG93cyIsInRkX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJ0ZF9vc192ZXJzaW9uIjoiMTAuMC4wIiwidGRfYnJvd3NlciI6IkNocm9tZSIsInRkX2Jyb3dzZXJfdmVyc2lvbiI6Ijg4LjAuNDMyNCJ9&t=1742402132691
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

etag
"5c12092b-42"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
66
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
image/jpeg
last-modified
Thu, 13 Dec 2018 07:24:27 GMT
server
nginx/1.13.5
discoverylogs
log.popin.cc/log/popin_media/ Frame 8C9A 		66 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjowLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9kbnBOT2siLCJ1aWQiOiJiZDZhMDg1ZDMzZTZlOTRkNzY4MTc0MjQzODEzMjY4OCIsInRkX3RpdGxlIjoiIiwiZXh0cmEiOiIiLCJpbnRlcmFjdGlvbl9udW1iZXIiOjAsInBvcGluX3ZlcnNpb24iOjYsInRkX29zIjoiV2luZG93cyIsInRkX29zX3ZlcnNpb24iOiIxMC4wLjAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiJ9&t=1742402132695
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

etag
"5c12092b-42"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
66
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
image/jpeg
last-modified
Thu, 13 Dec 2018 07:24:27 GMT
server
nginx/1.13.5
AGSKWxVm78U3g34QwbQDlgQruEqyaiW3vFctu76lH0qBHEMeQHDLSm3oxTY4d8WLGlsgj--STAj2owp14eUi4gVVhUWZTefckN4e0UD90SoWgUagF1vaavxnuqmLIUvD3LsZugTorYj4xg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVm78U3g34QwbQDlgQruEqyaiW3vFctu76lH0qBHEMeQHDLSm3oxTY4d8WLGlsgj--STAj2owp14eUi4gVVhUWZTefckN4e0UD90SoWgUagF1vaavxnuqmLIUvD3LsZugTorYj4xg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3kx47dtSXjY.es5.O/d=1/rs=AJlcJMzuyDYVIMsjpoGujJSw3I309eWsCg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.14 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-A9vi6vWwdpI49lkXT37glg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmII1JBi-FB_mfUHEAvxcFx58nofm8CBu73dzEouSfmF8cn5eSWpeSW6iSnFuiB2UWZSaUl-EQo7tQykIic_PT0zLz3eyMDI1MDY0ELPwDy-wAAAkYglCQ"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-A9vi6vWwdpI49lkXT37glg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
view
securepubads.g.doubleclick.net/pcs/ Frame 54C3 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvw-ayr3k3_vH5t1HYLq5ZkLSK5UTeEdcq-sBbw3Rld8HTY84cqIiBOHnAECBiuqg3aACqw8YrY9rc4zsu-9Hgv6FDUD3-06ewCXBQlfSskFNdEjRPh5JkiasR85Ddxvr5Ki_x7EebRuKyJjVur92qkdXrI4K6lunpXmfrvht3vylD-3mOS--aGdrVTLODJSo9d_YU4gMof47zQImkhCgT-fugVb8aLN73pJt68i67a42amXSazIB3bddut-LPigLI17i4sXozSAI6qVQ93oePlQ4qtXjQ7X02RZ560w1JSM6Cu74cccLWHAt2t-QFOKzHcvQ7rSNc3XL212CkN0RqBAx_dr0j7qdx_JU2GtxqfdaJLUz3cA-4vhHa7GlJPOTTU2dbCo7Wvj5nHUe7n9R0knRAj70m5cdZ1IiIV2gx7CVD5v8L5gbVE5pTZ&sai=AMfl-YSgIMrif4M6H0LBoWmgmh5PS0_icU86vyl-9qJNEXPVtL3Haw1onwF5VQIT1boCLQQJ19HNtpHxpTyPm5pdDpnFUQuhg4MeK9Z6B4AOchK4IZZBpBfjjUdFS2rS&sig=Cg0ArKJSzDUjxiMS2XyiEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:32 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:32 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20250313/r20190131/ Frame 1BA5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20250313/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503170101/show_ads_impl.js?bust=31091079
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

age
59305
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4233
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 00:07:08 GMT
etag
18385622960067315400
expires
Wed, 02 Apr 2025 00:07:08 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
adx.holmesmind.com/adx-file/20220715/ Frame 65FA
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=3173046724&pi=t.ma~as.2784%2F13803&w=300&lmt=17424021...
  • https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503170101/show_ads_impl.js?bust=31091079
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:4000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/dnpNOk
Sec-Browsing-Topics
();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

content-type
application/xml
date
Wed, 19 Mar 2025 16:35:33 GMT
server
AmazonS3
via
1.1 bffa19ead06e9ee83bebfec5c8e05aa4.cloudfront.net (CloudFront)
x-amz-cf-id
XFCEW5SYHIYmahr7Xce7_4lQzS-SX1YTLW6Uk2xT3xp3wFIwZEg2qQ==
x-amz-cf-pop
JFK52-P2
x-cache
Error from cloudfront

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:33 GMT
location
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame 54C3 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250313&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503170101/show_ads_impl.js?bust=31091079
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
cafe /
Resource Hash
4e072a61968d69a4d2108a4989b7e7ccf65d90782cb0ab33b7f740bc90d21fa9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13016
date
Wed, 19 Mar 2025 16:35:33 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
0.js
ecs.tagtoo.co/js/ Frame 8C9A 		201 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecs.tagtoo.co/js/0.js
Requested by
Host: ad.tagtoo.co
URL: https://ad.tagtoo.co/media/ad/track.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.218.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.218.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type, Access-Control-Allow-Origin
content-encoding
gzip
x-goog-hash
crc32c=2mAcSQ==, md5=ijKbxOP20q6Aq4WlmoGeCA==
etag
"8a329bc4e3f6d2ae80ab85a59a819e08"
age
3737
x-goog-stored-content-encoding
gzip
expires
Wed, 19 Mar 2025 17:03:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
56322
date
Wed, 19 Mar 2025 15:33:16 GMT
last-modified
Fri, 14 Feb 2025 14:16:26 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AKDAyIsmykxFaNDxcPgT7UZROoRU2qJG5o3vsuZui5OUHhuRxaTk2_nkZaCfKYdeMBm6mHZV2nJJjCc
cache-control
public, max-age=5400
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1739542586669957
content-length
56322
server
UploadServer
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame 54C3 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503170101/show_ads_impl.js?bust=31091079
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
ads.js
ad.holmesmind.com/adserver/ Frame 3DA3 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FdnpNOk&n=548&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
203ed6bcfdb0b5f72ffd8dd519761742265eee57ab895fc0268dc5ded4195733

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
ads.js
ad.holmesmind.com/adserver/ Frame E6AD 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FdnpNOk&n=101&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
407d3204fff33de3b423ecfac301789b78c7290aac0c66c603c072d2b042f942

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame E6AD 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
52
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
k20ND3TMpmB2ynbZcnxDShr4oCvfm91SzhS_8aIGUdgkL2EKrr4FYg==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame E6AD 		130 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-2072d"
cross-origin-resource-policy
cross-origin
expires
Thu, 20 Mar 2025 16:35:33 GMT
access-control-allow-origin
*
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
criteoV2.js
cdn.holmesmind.com/js/ Frame E6AD 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
52
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
hFLfgEXBauY5tyKN8Acy5dKvEHwST5ZfiETqwBhDpBidSrls2jMs1g==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame E6AD 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
46
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
8gLGtp8t6EeY_h3clBSPTUorqi6Pq_b2oi3o6kVAiGghHl5UHrOvHA==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appierV2.js
cdn.holmesmind.com/js/ Frame E6AD 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag
"21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age
11
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3446
x-amz-cf-id
npO7qsbXS89_ZAb0TwumEsVJiraC85Ym3H6hP98wmVTUVyMskNw-6A==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Thu, 14 Dec 2023 06:52:43 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame E6AD 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
RefreshHit from cloudfront
content-length
5467
x-amz-cf-id
XzHI9SxGmNgx9QLaEwVBMKFpUU5vvZxQlkQITbYkPx0Wbp9UNMM7CQ==
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
/
www.facebook.com/tr/ Frame 8C9A 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?eid=1742402133232&id=404012299753340&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FdnpNOk&rl=https%3A%2F%2Freurl.cc%2FdnpNOk&if=true&ts=1742402133231&sw=1600&sh=1200&v=2.9.44&r=stable&fbp=fb.1.1742402129821.24844937369814602&it=1742402133222&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
GOOD; q=0.7, rtt=127, rtx=0, c=29, mss=1232, tbw=12443, tp=25, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
discoverylogs
log.popin.cc/log/popin_media/ Frame 8C9A 		66 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjoyLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9kbnBOT2siLCJ1aWQiOiJiZDZhMDg1ZDMzZTZlOTRkNzY4MTc0MjQzODEzMjY4OCIsInRkX3ZlcnNpb24iOiIxLjcuMSIsInRkX2NsaWVudF9pZCI6IjA5YjNhMTgyLTdlOTYtNGE4OS05ZmY5LWVkZGQ0MjUwZWQ3MSIsInRkX2NoYXJzZXQiOiJ1dGYtOCIsInRkX2xhbmd1YWdlIjoiZW4tdXMiLCJ0ZF9jb2xvciI6IjI0LWJpdCIsInRkX3NjcmVlbiI6IjE2MDB4MTIwMCIsInRkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInRkX3RpdGxlIjoiIiwidGRfdXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9kbnBOT2siLCJ0ZF91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgSGVhZGxlc3NDaHJvbWUvODguMC40MzI0LjE5MCBTYWZhcmkvNTM3LjM2IiwidGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0ZF9ob3N0IjoicmV1cmwuY2MiLCJ0ZF9wYXRoIjoiL2RucE5PayIsInRkX3JlZmVycmVyIjoiaHR0cHM6Ly9yZXVybC5jYy9kbnBOT2siLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfb3MiOiJXaW5kb3dzIiwidGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsImNsaWVudF9pZCI6IjA5YjNhMTgyLTdlOTYtNGE4OS05ZmY5LWVkZGQ0MjUwZWQ3MSIsImV4dHJhIjoiIiwiaW50ZXJhY3Rpb25fbnVtYmVyIjowLCJwb3Bpbl92ZXJzaW9uIjo2fQ==&t=1742402133265
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

etag
"5c12092b-42"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
66
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
image/jpeg
last-modified
Thu, 13 Dec 2018 07:24:27 GMT
server
nginx/1.13.5
log.gif
r.popin.cc/ Frame 8C9A 		35 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.popin.cc/log.gif?type=related-tw&uid=bd6a085d33e6e94d7681742438132688&url=https%3A%2F%2Freurl.cc%2FdnpNOk&t=1742402133268
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.188 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

etag
"5d67294a-23"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
35
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
image/gif
last-modified
Thu, 29 Aug 2019 01:24:26 GMT
server
nginx
prebid.aspx
prebid.scupio.com/recweb/ Frame E6AD 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.7811821740044245
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
210-59-219-34.hinet-ip.hinet.net
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/dnpNOk

Response headers

Access-Control-Allow-Origin
https://reurl.cc
Date
Wed, 19 Mar 2025 16:35:34 GMT
Server
Kestrel
Access-Control-Allow-Credentials
true
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame E6AD 		0
171 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-max-age
3600
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:34 GMT
vary
Origin
access-control-allow-credentials
true
access-control-allow-methods
POST
bid
ad2.apx.appier.net/v1/prebid/ Frame E6AD
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=a0rLaIQKAdeYrMWVVvLaZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=a0rLaIQKAdeYrMWVVvLaZw
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=a0rLaIQKAdeYrMWVVvLaZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 19 Mar 2025 16:35:34 GMT
Server
nginx
utag.js
t.ssp.hinet.net/ Frame 3DA3 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 19 Mar 2025 16:45:33 GMT
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
utag.js
t.ssp.hinet.net/ Frame E6AD 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 19 Mar 2025 16:45:33 GMT
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
drawV2.js
cdn.holmesmind.com/js/ Frame E6AD 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FdnpNOk&n=101&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
age
10
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
7HtnyrJMCwlFalOeE7C7dL-3TiXvcu-WV5nZLDql9xyvYKUwuSuVtw==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
drawV2.js
cdn.holmesmind.com/js/ Frame 3DA3 		13 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FdnpNOk&n=548&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
age
10
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
7HtnyrJMCwlFalOeE7C7dL-3TiXvcu-WV5nZLDql9xyvYKUwuSuVtw==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
cdb
bidder.criteo.com/ Frame E6AD 		0
186 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=14003762954
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://reurl.cc/dnpNOk

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:32 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 7B0E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
2888
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 15:47:25 GMT
expires
Wed, 19 Mar 2025 16:37:25 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 97F4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.100 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ZM-Qt2G7B0n9CmfzYZwQ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-ZM-Qt2G7B0n9CmfzYZwQ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:33 GMT
expires
Wed, 19 Mar 2025 16:35:33 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
events
bidder.criteo.com/csm/ Frame E6AD 		0
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/dnpNOk

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:33 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
pixel.gif
static.criteo.net/images/ Frame E6AD 		43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 14 Mar 2026 16:35:33 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
pixel.gif
static.criteo.net/images/ Frame E6AD 		43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 14 Mar 2026 16:35:33 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
activeview
pagead2.googlesyndication.com/pcs/ Frame 54C3 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstUrHkiZ_Mj2JdnqIuuWSTkAyfqFj9oYubC1nqS-T5t1QNvb_UThvLejORvH9gB_XevF6P7Tg1PPaXWxdbnhqoQC4VCwnk0-PpYTwyNL__G-0ePui-3idwz3ZEIl0EsoP4ropxDEm_T9tbjNH-itkH96GGtl3QPBv8gjherOvCce5A&sig=Cg0ArKJSzFyXYkXnBOuxEAE&id=lidar2&mcvt=1000&p=108,1030,358,1330&tm=1404.7000007629395&tu=404.5999984741211&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250317&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1451399479&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3833493200&rst=1742402131592&rpt=1187&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 19 Mar 2025 16:35:33 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
bid
ad2.apx.appier.net/v1/prebid/ Frame E6AD
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=647LbJWwCeWkMqD0VvLaZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=647LbJWwCeWkMqD0VvLaZw
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=647LbJWwCeWkMqD0VvLaZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 19 Mar 2025 16:35:34 GMT
Server
nginx
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 5728 		106 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
30c45abf57e0285b2e5de1a13f6c3421e07776154c947b8c9dada66841a9ca58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
544 / 20166 / m202503130101 / config-hash: 11785860922430482874
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33520
x-xss-protection
0
server
cafe
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 237D 		106 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
30c45abf57e0285b2e5de1a13f6c3421e07776154c947b8c9dada66841a9ca58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
544 / 20166 / m202503130101 / config-hash: 11785860922430482874
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33520
x-xss-protection
0
server
cafe
/
t.ssp.hinet.net/ Frame 8C9A 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
9a5c682fb0941773ee7bb519c55f86c919b5664088dae0335740d0464c5c9a6b
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
/
t.ssp.hinet.net/ Frame 3DA3 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
debc71b7ed41eb5413d11d327895e2016badd0dd40f111a3751a026dcd17fe25
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
/
t.ssp.hinet.net/ Frame E6AD 		37 B
400 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
6c42fa631d99c55142ffd215870910cc4f39c9d4a9e18184c1626220c774fb4b
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:35 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
view
securepubads.g.doubleclick.net/pcs/ Frame 8C9A 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvKiEzoTLO1ba1CTCSd0zQNeUibRLErZDTRuPTQBCl_wkbXGElYTRsXSNlZMslANUf0odnCQZ6H8GrEkFl7BnNnpPCWT-jDqMwv6Ni1MTjBYd0cY-3QPoId1D40msx11VVYCnir49VenVUaQzg0AsSBxl6gWjci7QzlqRSWPokayQja_Mqrck-qHLG3UWTNEE3zDDxE9boEUSQOwDzIY0taAK7anEfci1zUEbFnsPw-CdzDWwf_7UiIQIWFGEEDQzS9kiQmAJrb6K2VqVP2LaCotHgiMeM_0cttELKstTgWGCKOZiQN2QziDEIzylEdFflA8QpQG1L3GF8-OPzRX-kFWFdKnmzPmnJY-Exn29EgsNPxc9jtrAL-X63q8vKxfQYglHrui_wn0-pV2V638-8kdvys3EpKzscd00jEbt8q_IOKoOzqhPwnURp6&sai=AMfl-YRZML7i8EXPT8lk6_pAXbFcIJfy9-Nv7I6BgF56fE8snoe8ugaarOR1rIvvH9ndaEyjuBgUD0qWUKS_aSrYiQKJaQvIZOx0cR0Z5kuRumznLWFafE--yYHx23ib&sig=Cg0ArKJSzI7vWnUJ5PonEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:34 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:34 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/ Frame 5728 		523 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
d3e4dec7f8bb0c04ea7afdd3ddec48498dc1485e0ca8ecc10b9bb610e53f7dcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
3959196029401901588
age
15147
x-content-type-options
nosniff
expires
Thu, 19 Mar 2026 12:23:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 12:23:02 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168071
x-xss-protection
0
server
cafe
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/ Frame 237D 		523 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
d3e4dec7f8bb0c04ea7afdd3ddec48498dc1485e0ca8ecc10b9bb610e53f7dcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
3959196029401901588
age
15147
x-content-type-options
nosniff
expires
Thu, 19 Mar 2026 12:23:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 12:23:02 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168071
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 2887 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssCrbmIVDR8GLDxjFPlPjfzYmriDPscs3H-O7em8fM4FVsw_gJLYRIoZbSt7bwCVyhm9SS9ZDUa-4eM0y4Xsq-JjKx-49jD5yoWl_QBzRA_EFw8BfH4tltNIhDUG5LPK1skLBsKgcpl9rM07CAoO7mbLJbrzok_8GK9tO-MQc7EQ5a1BsNHs2hftfOEv0QmQERGEpyMCwlu_Zy6BdSikSnyb5Ph4CjvnVEDVYWr2XmLBI9TOgcJ9_5e8SjSQr3ric0BqnyGolx-8D4G8-HcVtt8u9yoYQcA-7GISOoGcWTjNwjv6BJnLKgpJiOQZy87BCGMZs19Eq52jVFBYjCI4WY3UcL3Z11H-0q8GT4SA9WJozzrcNQUopOpj3kwb1vGib_Zusg5rhLsfvwQNpBGBwIQnXTHnysA-dFrhKh8309_KrUjOchSiOt9aAYxUMJBvKG_5A&sai=AMfl-YRzUgYFrnksC0MWH2l0g_8xFuUYsoePL4BVUG3NjGas-81Pi0Q-WdKbT0f62Hpm6q82jg_rlb6cdYDpYWjSNqJfaQ4ToUxKvkv0vSUI58MtQ3xIA9y6i6-eGVy6&sig=Cg0ArKJSzOsCX2yOcGgKEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:34 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:34 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 7195 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
2214
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28720
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 15:58:37 GMT
expires
Wed, 19 Mar 2025 16:48:37 GMT
last-modified
Mon, 17 Mar 2025 19:42:52 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame 5728 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503130101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
cafe /
Resource Hash
8cb54139d330a83448ba38e725770ba7d57c412202c630eebb2a93034e52d4f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
12884
date
Wed, 19 Mar 2025 16:35:34 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ Frame 5728 		519 B
302 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1291578102090319&correlator=156004036600873&eid=31086814%2C31090594%2C31090852%2C83321072&output=ldjh&gdfp_req=1&vrg=202503130101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14209-2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C320x100%7C300x100&ifi=1&didk=607409652&dids=gpt-passback&adfs=3758817452&sfv=1-0-41&sc=1&cookie=ID%3Db19a220630837641%3AT%3D1742402131%3ART%3D1742402131%3AS%3DALNI_Ma1IUhoAmJ4un7Ax9-1NgjPwQ-eZQ&gpic=UID%3D0000107a68dd5cf1%3AT%3D1742402131%3ART%3D1742402131%3AS%3DALNI_MbQ8DBqEi39VDhpNfuWmmu3U7HsnA&abxe=1&dt=1742402134294&lmt=1742402134&adxs=640&adys=455&biw=1600&bih=1200&isw=320&ish=100&scr_x=0&scr_y=0&btvi=0&ucis=3u8x1blmnl4h&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=3&url=https%3A%2F%2Freurl.cc%2FdnpNOk&ref=https%3A%2F%2Freurl.cc%2FdnpNOk&top=https%3A%2F%2Freurl.cc%2FdnpNOk&vis=1&psz=320x100&msz=320x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742402134153&idt=82&adks=1212019568&frm=23&eo_id_str=ID%3D826d37fc15bb614d%3AT%3D1742402131%3ART%3D1742402131%3AS%3DAA-Afjat_GjpXBKZWqSMXYVXkQ-S&td=1&egid=6011&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
da97be7df6a82d713c3bd5c5e783d0d5d41431e27479b330690b1a04ac3f42b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
dcb
google-lineitem-id
-2
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
-2
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
272
x-xss-protection
0
server
cafe
container.html
9ce807cd7edc19a86b46faea21c90f89.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 2977 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9ce807cd7edc19a86b46faea21c90f89.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.161 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f1.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:34 GMT
expires
Wed, 19 Mar 2025 16:35:34 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 581A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
2214
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28720
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 15:58:37 GMT
expires
Wed, 19 Mar 2025 16:48:37 GMT
last-modified
Mon, 17 Mar 2025 19:42:52 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame 237D 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503130101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
cafe /
Resource Hash
467e7da308a57852b5c69bfe186f90af9715adcca378bd74b944d6c7c0f0168b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13198
date
Wed, 19 Mar 2025 16:35:34 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ Frame 237D 		36 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3361826279694916&correlator=1714242292632182&eid=83321253&output=ldjh&gdfp_req=1&vrg=202503130101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=3758817455&sfv=1-0-41&sc=1&cookie=ID%3Db19a220630837641%3AT%3D1742402131%3ART%3D1742402131%3AS%3DALNI_Ma1IUhoAmJ4un7Ax9-1NgjPwQ-eZQ&gpic=UID%3D0000107a68dd5cf1%3AT%3D1742402131%3ART%3D1742402131%3AS%3DALNI_MbQ8DBqEi39VDhpNfuWmmu3U7HsnA&abxe=1&dt=1742402134328&lmt=1742402134&adxs=650&adys=108&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=qglal8ojd8nd&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=3&url=https%3A%2F%2Freurl.cc%2FdnpNOk&ref=https%3A%2F%2Freurl.cc%2FdnpNOk&top=https%3A%2F%2Freurl.cc%2FdnpNOk&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742402134166&idt=92&adks=3360245792&frm=23&eo_id_str=ID%3D826d37fc15bb614d%3AT%3D1742402131%3ART%3D1742402131%3AS%3DAA-Afjat_GjpXBKZWqSMXYVXkQ-S&td=1&egid=6011&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
b84e71b8bd8f2715e73682f3a173c9a7ed2debb333966765b6f8f5e80cff5e9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
dcb
google-lineitem-id
6499556608
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138462658495
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
8006
x-xss-protection
0
server
cafe
container.html
3eb2cc337b56bca6a3dd525d22043c25.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame E4C8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://3eb2cc337b56bca6a3dd525d22043c25.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.129 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f1.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:34 GMT
expires
Wed, 19 Mar 2025 16:35:34 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503180101/ Frame 5728 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503180101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
b39e05a71f1d102609e37419d18d6ef7afab979a64e6a83f99ca240f29af08c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
7481735638272510099
age
5611
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 15:01:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 15:01:58 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23120
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503180101"
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503180101/ Frame 237D 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503180101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
b39e05a71f1d102609e37419d18d6ef7afab979a64e6a83f99ca240f29af08c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
7481735638272510099
age
5611
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 15:01:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 15:01:58 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23120
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503180101"
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame 5728 		18 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame DA32 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
2888
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 15:47:25 GMT
expires
Wed, 19 Mar 2025 16:37:25 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame C862 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.100 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ZM-Qt2G7B0n9CmfzYZwQ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-ZM-Qt2G7B0n9CmfzYZwQ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:33 GMT
expires
Wed, 19 Mar 2025 16:35:33 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
emome2
t.ssp.hinet.net/ Frame 8C9A 		30 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=923e68ac-322b-4c8a-80e1-f64705a6df42
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
application/json
vary
Accept-Encoding, Origin
server
nginx
view
securepubads.g.doubleclick.net/pcs/ Frame 4A8F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstnFbrQ39QdGOEExcfFj3fLNhlu9XkrSoH7U-K6FkAYqxIzaeBb_-sn8Rw90vQTLQGQgDaWu2nLvmX8qUpioZGFfFoZMDGeI4d3t8n5gg9Td9vgDxRq8tCtkSY9a94uLB1csaBCLSir2T1W6kRvwumq4zHOBsbfDyg9ZqzSEqJl9aV-Gi4ogkVgnbfOcGt91xKzg6JvMOwpoqgenR4gC42ZIK7dcfnRYxqZvpai1WhVcX5qp1AvqlFxpWbXImys-cs8kYqp_ZxSdhGMTMw1G7zgM-vBn4nRfu7O0zQersyZhdVAEiVXgFujhogieKyyn3iW-NmmiRx9IXda1ZvGRniNsX7xWkwO_08J2ZcLZ9YdF90FxntBRizV8aJ8g2h8LlxKVLfRuYSgKFKnYGak0DXh_bqALXc58T0v3c-OgVelwOl5dz1KtSpwQF7PD-4GqNnSqiSIsCoi2Q&sai=AMfl-YTo-GO_3s63Fjn-kvcQX9REUA0dacLoGnXpnejDQSJ3ZoQ0D8eR5MrQo9wx7rXOuJgv0530BOG5OdDGsurmgyUITLUJFMKhpGYUe4BtaIZ5G_SESgxfq72Fld9F&sig=Cg0ArKJSzGcFNMNq6IomEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:34 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame 4A8F 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
13
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
p1pneUj8i0bYJHHzQm3og8HgHO3RMlN-kK-FdOXMghImwiI8lXY4-Q==
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 4A8F 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
f186eb26bb013dc13d3039942d33fe61d6dfb30685aa204bf847190d379b941c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
2474135099193125559
age
1089
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 17:17:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 16:17:23 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68853
x-xss-protection
0
server
cafe
capmapping.htm
cdn.holmesmind.com/js/ Frame FABE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:7e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
48
content-length
12184
content-type
text/html
date
Wed, 19 Mar 2025 16:35:11 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-id
1b7DXc0ntAG3zDHSj9tUjZrqC1mcKIx4rflTsCPhIbiwp2DWsABUxQ==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame F8D6 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
26
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
gqNStZ-OUyw9z8o8b9EcwmMvCSlSBi7CyjVaOIjFYBnosAnkAzm9Lw==
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A8F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:34 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 4A8F 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8d870b6563b5748c4fd69a9588d2742c886a928b4ef7a51a6b384ec3e6dac839

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A8F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 19 Mar 2025 16:35:34 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
Preset.js
ad.holmesmind.com/adserver/ Frame F8D6 		2 KB
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame F8D6 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
25
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
-EK1JmviyWqdiQZIrQLsbygif7GNMj9RFn8imuyRqXPLukTUE2-VPw==
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
cm
t.ssp.hinet.net/ Frame 3DA3 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
image/png
vary
Origin
server
nginx
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame 237D 		18 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
cm
t.ssp.hinet.net/ Frame E6AD 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:35 GMT
content-type
image/png
vary
Origin
server
nginx
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 128F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
2888
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 15:47:25 GMT
expires
Wed, 19 Mar 2025 16:37:25 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 6EDC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.100 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ZM-Qt2G7B0n9CmfzYZwQ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-ZM-Qt2G7B0n9CmfzYZwQ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:33 GMT
expires
Wed, 19 Mar 2025 16:35:33 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
ads.js
ad.holmesmind.com/adserver/ Frame F8D6 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FdnpNOk&n=920&o=1&fc=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&d=1&b=2&ts=1&ii=2&FPCK=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
94f0ed92efbedf3732fb80051c9211bd20958ebc130548f97695cbcfdc88da39

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame F8D6 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
52
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
k20ND3TMpmB2ynbZcnxDShr4oCvfm91SzhS_8aIGUdgkL2EKrr4FYg==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame F8D6 		130 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-2072d"
cross-origin-resource-policy
cross-origin
expires
Thu, 20 Mar 2025 16:35:33 GMT
access-control-allow-origin
*
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
criteoV2.js
cdn.holmesmind.com/js/ Frame F8D6 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
52
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
hFLfgEXBauY5tyKN8Acy5dKvEHwST5ZfiETqwBhDpBidSrls2jMs1g==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame F8D6 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
46
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
8gLGtp8t6EeY_h3clBSPTUorqi6Pq_b2oi3o6kVAiGghHl5UHrOvHA==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appierV2.js
cdn.holmesmind.com/js/ Frame F8D6 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag
"21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age
11
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3446
x-amz-cf-id
npO7qsbXS89_ZAb0TwumEsVJiraC85Ym3H6hP98wmVTUVyMskNw-6A==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Thu, 14 Dec 2023 06:52:43 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame F8D6 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
RefreshHit from cloudfront
content-length
5467
x-amz-cf-id
XzHI9SxGmNgx9QLaEwVBMKFpUU5vvZxQlkQITbYkPx0Wbp9UNMM7CQ==
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame F8D6 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-max-age
3600
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:35 GMT
vary
Origin
access-control-allow-credentials
true
access-control-allow-methods
POST
prebid.aspx
prebid.scupio.com/recweb/ Frame F8D6 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.6270649176096912
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
210-59-219-34.hinet-ip.hinet.net
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/dnpNOk

Response headers

Access-Control-Allow-Origin
https://reurl.cc
Date
Wed, 19 Mar 2025 16:35:34 GMT
Server
Kestrel
Access-Control-Allow-Credentials
true
bid
ad2.apx.appier.net/v1/prebid/ Frame F8D6
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=hhwgOBakDOKBVGTTV_LaZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=hhwgOBakDOKBVGTTV_LaZw
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 19 Mar 2025 16:35:35 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=hhwgOBakDOKBVGTTV_LaZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 19 Mar 2025 16:35:35 GMT
Server
nginx
bid
ad2.apx.appier.net/v1/prebid/ Frame F8D6
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=H_GDfqptC56VYGg-V_LaZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=H_GDfqptC56VYGg-V_LaZw
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 19 Mar 2025 16:35:35 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=H_GDfqptC56VYGg-V_LaZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 19 Mar 2025 16:35:35 GMT
Server
nginx
cdb
bidder.criteo.com/ Frame F8D6 		0
0
pixel
923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net/ Frame 3DA3 		0
0
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je53h1v9181474282za200&_p=1742402129122&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719&cid=1891814378.1742402130&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1742402130&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FdnpNOk&dt=GMX%20-%20E-Mail-Adresse%20kostenlos%2C%20FreeMail%2C%20De-Mail%20%26%20Nachrichten%20%7C%20https%3A%2F%2Fnavigator.gmx.net%2Fmail%3Fsid...&en=scroll&epn.percent_scrolled=90&_et=20&tfd=8042
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:87:0
report-to
{"group":"ascnsrsggc:87:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:87:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:87:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:35 GMT
content-type
text/plain
server
Golfe2
utag.js
t.ssp.hinet.net/ Frame F8D6 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 19 Mar 2025 16:45:33 GMT
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
/
t.ssp.hinet.net/ Frame F8D6 		36 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
d2a0bd2e7b5e8d09ea538911b017b18aabde6f568eda7e3955864c30ceca0288
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:35 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
drawV2.js
cdn.holmesmind.com/js/ Frame F8D6 		13 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FdnpNOk&n=920&o=1&fc=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&d=1&b=2&ts=1&ii=2&FPCK=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
age
10
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
7HtnyrJMCwlFalOeE7C7dL-3TiXvcu-WV5nZLDql9xyvYKUwuSuVtw==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je53i0v897965293za200zb9181474282&_p=1742402129122&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719&cid=1891814378.1742402130&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1742402130&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FdnpNOk&dt=GMX%20-%20E-Mail-Adresse%20kostenlos%2C%20FreeMail%2C%20De-Mail%20%26%20Nachrichten%20%7C%20https%3A%2F%2Fnavigator.gmx.net%2Fmail%3Fsid...&en=scroll&epn.percent_scrolled=90&_et=14&tfd=8116
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
report-to
{"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:137:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:35 GMT
content-type
text/plain
server
Golfe2
sodar
ep1.adtrafficquality.google/pagead/ Frame 54C3 		0
0
sodar
ep1.adtrafficquality.google/pagead/ Frame 5728 		0
0
view
securepubads.g.doubleclick.net/pcs/ Frame 4A8F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstu9idXxIXCihzrOZskaFpx9EdXsOjBT5a_RDAdBtzp8cGYIa1J2VM4-4H2_7hl4v2c6iUuKcbDljOyghz0OqjARJyKNqzGuqQ50a8Zfm7hy94YgccoVrjIVBsHlpjUZsPTIaqGac3mC6PdqB7XqzP7i0IbW_XF2D3AEs1LP5JPEAtDjoNU7G0E60_Leln0Xhd8VGsKyl1BSx9lenv-9ZH6itiuVHxCyg5Jy0nzIVNtaDhIrnQCtrwYH8au1XVc7Dn8PRW-RliGYouXDIRluSNffcO92ewedex-xzvM0UlQO2Z8Y9E7GGoH9RsR4o-fDI5DCHR2AvFUVzAEgJeeDHqK9To9BUYP2fswcK6sxCKE6ZNvG219wytu0jZKVK7b0sep2bgF4OvRAnngVPYDz2hz9voaYy9eSe-gPN-NILfI9OD4wL5NHUJxLG_hxTToGl6NLyjA8M0Bu7k1&sai=AMfl-YRQnRYBBV-9K-kZGdW_4w2BX_03hI_uNPmfmMtTycxqwxIXu6uAQQltAwP5JR3xI5S6twrbMj4TAkCwn-7w2kKrgdSsSBCMKD0ih7UyxBxcZBXIXnpYTe1W12E6&sig=Cg0ArKJSzFobZG-RNOkKEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:35 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:35 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame 8C9A 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsslmA9IlclvaxDB1L1-YFbRNAf5wT3b63qFwxW59Od2rP4WVG-gcYRsx53ZRjsCEncRJEHARLgWTGXSM4VWej_w68l3hAuT8yDG2ZaltpyKr7IGZ10EzetDBBQzjDEOCxMn3zFiykpUqOQ_byiQMvkaMqxEc2Du5tWHB-F2k2Gg2_A&sig=Cg0ArKJSzO8qwjUVGq4rEAE&id=lidar2&mcvt=1000&p=108,270,358,570&tm=2846.8999977111816&tu=1846.8999977111816&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250317&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=827794272&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3833493200&rst=1742402131642&rpt=2538&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 19 Mar 2025 16:35:35 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame 2887 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0mujEgVsB_Y6L59w2Y6824bXOrfmGTvRYkIO5LXB3IRX_y4UoJaao99d_pQ4sb0cddQpbYeUfzQlMobQ79YUNK6ygqZ6k2FOH_m8ywJ6vglsr9nt-FKZY0pqpof_INfbcQQ7TgdR5d_XaePzJ0yRpWan7uO2ILPfT4tCj5jaAr54&sig=Cg0ArKJSzLfr5vwLbCwdEAE&id=lidar2&mcvt=1000&p=108,650,362,950&tm=2883.2000007629395&tu=1883.3999977111816&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20250317&bin=7&avms=nio&bs=1600,1200&mc=0.98&vu=1&app=0&itpl=19&adk=3242553145&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3833493200&rst=1742402131661&rpt=2615&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 19 Mar 2025 16:35:35 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
sodar
ep1.adtrafficquality.google/pagead/ Frame 237D 		0
0
pixel
923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net/ Frame E6AD 		0
0
cm
t.ssp.hinet.net/ Frame F8D6 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:35 GMT
content-type
image/png
vary
Origin
server
nginx
ping
pagead2.googlesyndication.com/pagead/ Frame 237D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/dnpNOk

Response headers
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame F5B4 		106 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
30c45abf57e0285b2e5de1a13f6c3421e07776154c947b8c9dada66841a9ca58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
544 / 20166 / m202503130101 / config-hash: 11785860922430482874
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33520
x-xss-protection
0
server
cafe
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/ Frame F5B4 		523 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
d3e4dec7f8bb0c04ea7afdd3ddec48498dc1485e0ca8ecc10b9bb610e53f7dcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
3959196029401901588
age
15147
x-content-type-options
nosniff
expires
Thu, 19 Mar 2026 12:23:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 12:23:02 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168071
x-xss-protection
0
server
cafe
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 28A4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
2214
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28720
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 15:58:37 GMT
expires
Wed, 19 Mar 2025 16:48:37 GMT
last-modified
Mon, 17 Mar 2025 19:42:52 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame F5B4 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503130101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
cafe /
Resource Hash
b6f98de7386cedf8eb86ed3857283c30c8f1fea0304dd3f281cd14b40c28671c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
12970
date
Wed, 19 Mar 2025 16:35:35 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ Frame F5B4 		36 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1910009401240154&correlator=1450607180329501&eid=83321073&output=ldjh&gdfp_req=1&vrg=202503130101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=2597023774&sfv=1-0-41&sc=1&cookie=ID%3Db19a220630837641%3AT%3D1742402131%3ART%3D1742402131%3AS%3DALNI_Ma1IUhoAmJ4un7Ax9-1NgjPwQ-eZQ&gpic=UID%3D0000107a68dd5cf1%3AT%3D1742402131%3ART%3D1742402131%3AS%3DALNI_MbQ8DBqEi39VDhpNfuWmmu3U7HsnA&abxe=1&dt=1742402135761&lmt=1742402135&adxs=650&adys=108&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=jvbzg4qawy8l&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=6&url=https%3A%2F%2Freurl.cc%2FdnpNOk&ref=https%3A%2F%2Freurl.cc%2FdnpNOk&top=https%3A%2F%2Freurl.cc%2FdnpNOk&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742402135702&idt=22&adks=3360245792&frm=23&eo_id_str=ID%3D826d37fc15bb614d%3AT%3D1742402131%3ART%3D1742402131%3AS%3DAA-Afjat_GjpXBKZWqSMXYVXkQ-S&td=1&egid=6011&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
08378599d569cab24a9ed7749862438418810d85110973700a8f20f0df97c1a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
dcb
google-lineitem-id
6499556608
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 16:35:35 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138462658495
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
7992
x-xss-protection
0
server
cafe
container.html
8ddd594d9c0173489ad7c0ffa5af16ba.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 371A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://8ddd594d9c0173489ad7c0ffa5af16ba.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=6
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.97 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f1.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:36 GMT
expires
Wed, 19 Mar 2025 16:35:36 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ping
pagead2.googlesyndication.com/pagead/ Frame 5728 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/dnpNOk

Response headers
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503180101/ Frame F5B4 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503180101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
b39e05a71f1d102609e37419d18d6ef7afab979a64e6a83f99ca240f29af08c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
7481735638272510099
age
5611
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 15:01:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 19 Mar 2025 15:01:58 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23120
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503180101"
pixel
56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net/ Frame F8D6 		0
0
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame F5B4 		18 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 16:35:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame B777 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
2888
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 15:47:25 GMT
expires
Wed, 19 Mar 2025 16:37:25 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 9A7E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.100 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ZM-Qt2G7B0n9CmfzYZwQ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-ZM-Qt2G7B0n9CmfzYZwQ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Mar 2025 16:35:33 GMT
expires
Wed, 19 Mar 2025 16:35:33 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 7F6D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvhFCX03PajbsAr9uWY1qOhQxxf5cxJBM5LE48dVmUJIYTRAM4GtnZP2Dt8T5u60YDMQm5onxZGogJOO85v8V7MHEksEyADzdQPJIQvkc3Z76b3k67tyAfe6sgM4hUXFWfqQMQWAYLQRbwEQ65f3vBNtSkqgQZiualpZmzxeDZGWjj3LRYuF8WD4cbaZLQKVEPr-uwfQI8lyenfGHDcvbpW8yQmGxVGptlEowmB5-GtaN99FHVEQrGQ8guaRCju9CQF09AyKWeB8YsUaawHOttafqNfAkUx3OT5ilOqsdNHDWc53X837HIsPnz7aDg_FQ7HWfrLx5Ymn8L00IRYLARzv1LcPJLs-tOe0rl9o3TuewiBEMov4E6koGg2yZPPztDBn2v16uhvj6Ylu30vj6ZWxaTUZZa4Etvd6bSuPqWjIk1rQoNfjsETEkldIKqBFJTV7usTff0L-w&sai=AMfl-YRR9mo-jrvd2C1piVe8ShsWEOEc3uhBDTNHwO0kjziF87180xPX9eLnYK0a5elIMnN1uHzPM7IwZPUo1i0r-zh4WLuSn8MPSmCdb9mpdJ63XIUyQE5EZUCmVc0d&sig=Cg0ArKJSzJjURZL6R7A5EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/dnpNOk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 19 Mar 2025 16:35:36 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame 7F6D 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
13
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
p1pneUj8i0bYJHHzQm3og8HgHO3RMlN-kK-FdOXMghImwiI8lXY4-Q==
date
Wed, 19 Mar 2025 16:35:29 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 7F6D 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503130101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
f186eb26bb013dc13d3039942d33fe61d6dfb30685aa204bf847190d379b941c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

content-encoding
br
etag
2474135099193125559
age
1089
x-content-type-options
nosniff
expires
Wed, 19 Mar 2025 17:17:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 19 Mar 2025 16:17:23 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68853
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7F6D 		0
0
truncated
/ Frame 7F6D 		206 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2b9b40a16469674b48b9c17ca84c5bc65a91564de411a028cf41c3b1f556a624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
capmapping.htm
cdn.holmesmind.com/js/ Frame 4CEB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:7e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/dnpNOk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
48
content-length
12184
content-type
text/html
date
Wed, 19 Mar 2025 16:35:11 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-id
1b7DXc0ntAG3zDHSj9tUjZrqC1mcKIx4rflTsCPhIbiwp2DWsABUxQ==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame A93D 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
26
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
gqNStZ-OUyw9z8o8b9EcwmMvCSlSBi7CyjVaOIjFYBnosAnkAzm9Lw==
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7F6D 		0
0
Preset.js
ad.holmesmind.com/adserver/ Frame A93D 		2 KB
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 19 Mar 2025 16:35:36 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame A93D 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
25
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
-EK1JmviyWqdiQZIrQLsbygif7GNMj9RFn8imuyRqXPLukTUE2-VPw==
date
Wed, 19 Mar 2025 16:35:32 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
activeview
pagead2.googlesyndication.com/pcs/ Frame 4A8F 		0
0
ads.js
ad.holmesmind.com/adserver/ Frame A93D 		0
0
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame A93D 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
52
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
k20ND3TMpmB2ynbZcnxDShr4oCvfm91SzhS_8aIGUdgkL2EKrr4FYg==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame A93D 		130 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-2072d"
cross-origin-resource-policy
cross-origin
expires
Thu, 20 Mar 2025 16:35:33 GMT
access-control-allow-origin
*
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
criteoV2.js
cdn.holmesmind.com/js/ Frame A93D 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
52
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
hFLfgEXBauY5tyKN8Acy5dKvEHwST5ZfiETqwBhDpBidSrls2jMs1g==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame A93D 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
46
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
8gLGtp8t6EeY_h3clBSPTUorqi6Pq_b2oi3o6kVAiGghHl5UHrOvHA==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appierV2.js
cdn.holmesmind.com/js/ Frame A93D 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag
"21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age
11
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3446
x-amz-cf-id
npO7qsbXS89_ZAb0TwumEsVJiraC85Ym3H6hP98wmVTUVyMskNw-6A==
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Thu, 14 Dec 2023 06:52:43 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame A93D 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fe00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
RefreshHit from cloudfront
content-length
5467
x-amz-cf-id
XzHI9SxGmNgx9QLaEwVBMKFpUU5vvZxQlkQITbYkPx0Wbp9UNMM7CQ==
date
Wed, 19 Mar 2025 16:35:34 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame A93D 		0
0
prebid.aspx
prebid.scupio.com/recweb/ Frame A93D 		0
0
bid
ad2.apx.appier.net/v1/prebid/ Frame A93D 		0
0
bid
ad2.apx.appier.net/v1/prebid/ Frame A93D 		0
0
cdb
bidder.criteo.com/ Frame A93D 		0
0
utag.js
t.ssp.hinet.net/ Frame A93D 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 19 Mar 2025 16:45:33 GMT
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
sodar
ep1.adtrafficquality.google/pagead/ Frame F5B4 		0
0
pixel.gif
static.criteo.net/images/ Frame F8D6 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 14 Mar 2026 16:35:33 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
pixel.gif
static.criteo.net/images/ Frame F8D6 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 14 Mar 2026 16:35:33 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 19 Mar 2025 16:35:33 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
cm
t.ssp.hinet.net/ Frame A93D 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&mp=56af8b37-6899-4180-ad24-fc0072c6c433
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/dnpNOk

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 19 Mar 2025 16:35:37 GMT
content-type
image/png
vary
Origin
server
nginx
pixel
56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net/ Frame A93D 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
creditcards.com.tw
URL
https://creditcards.com.tw/wp-content/uploads/2019/12/%E6%97%85%E9%81%8A%E6%8A%98%E6%89%A3-KLOOK-kkday-%E6%8E%A8%E8%96%A6%E5%84%AA%E6%83%A0%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg
Domain
blog.alphaloan.co
URL
https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
Domain
bidder.criteo.com
URL
https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=98343824739
Domain
923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net
URL
https://923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net/pixel?bd=923e68ac-322b-4c8a-80e1-f64705a6df42&t=50ef57&referrer=
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20250313&jk=895196632332888&bg=!8fKl8r3NAAYl8RWmBfE7ADQBe5WfOA0NGpFOJ7650YxrLNSKT6VWiXWTRw9DVusHYOxdsPBHKTe9T91V5s5vEIxaShNQAgAAAH9SAAAAA2gBB34ANadIToJj_FcNG34vmlczAY4UDdpOa-3yju-6aizBoZS-DHPTlBrYQ9i65bx62q1t3k6sItrTmQKZIlfwHPCd97Xen0fPknXj-Uv7Id5TYgbhjwlkdoOTy4cmfxGuDUeThp5PaNNJlTV0D1irZ2KTcArUSUW7rDOF3SgRfWk0eP95fcSP1ANNWn-SRQqeC9nX89zNuRpgpETTpiu8-ec9KYNKfy_436y6tIbsRh8X7wiYhZ7hfJ28NA5IqBWeX0WCGWpk_SiFswOGzrnFNwmy9THiOIaprelTJxrPO_T7z9vFLK0lgbwgEM3rGKqcL3AiQLnZSUhH1Tgp7IkcP1EWkMrBT-5Lc5MyLKcEM3uXVNr1cxyxtQYgzbfAuEWJWUwn-7OGMDSPF5uKqeFCIdCiKureayQZe0lJ_jaT_1vHEacyvihqQ1Cpy8pwQS2ei7qro92JaYVpbgy1XrF-W5ldAnJPhIPzyS65fGMflLTbH_daJ1y-ZmHYfb57d_sB2g0ox8YIXWWoj-io-UWwUZHGONXv_QzQGUXykFNQKZl0HFRi-hgCpOm-34nvsZuA5PT4zh6sIlpBmNgtC2TeGI1lr-HvP-NTR03GwotzrvjEWwULAukE3GvvxE2_FS-ZOT-qNsJo-D9yUxQ1BqzwxsXyXaCvJVDoNSMXP3fDpTrJHBJCuzQ67KAOnm0MUCiE9HNEHYcrU1dRjfJJ3YTrZ_S-14mNt4JzzXY8ms3R4d64Izdp1aK8_yce1nSqckCUknvc4stO7ZHD4DPImegNlt8A1jIgcjKXHW4gbXYVipk71NZueQFOYbhW6noGFR6ea5O4Dv_sF39_fO7wfIz6Qo01QGgcF-TUJXt-2eHYolXxuiputMuYngGxf4VfphSWT_wmhn-G_6Xy4K9paPRbMl6Ltbv2yK3P4UkdrPqBVXtqot9lAugFNvzQf63oElbZGhDNsXU
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202503130101&jk=1291578102090319&bg=!vr2lvfLNAAYl8RWmBfE7ADQBe5WfOArsGDDry1MMhjhk3lJHVs_zx73eg0RgQXgMQWhyO-miCH22UQRlHDtYh8oF2OQKAgAAAHJSAAAABGgBB34ANaL3_uZ55iEesExrQ7Cm1Uifw3NtdIq1igaWRQG1GiiglH693ED1pHicELKoQrSzc8RT4NAJmQK-iMKv6FJGz_uxTWymaFpJzl-1MmDeVUVGdaU-N178H8bprnu990CW9D5-etNv2y2dYv3ux8y9sxUqkY4HhlDmT5wG6EFqxCrca6aiXWviyxhKxv4qIAUWNzbgDfC-_qYFvCy2oodxFaQtQF5B2ZtjEVYUvPdOmm2ktF9xx5DNt-tJa6Q0xTPzGk_VJt-5hK6bAqhqwz80xLsZD0VLUP0b8JA8XeKSJnryz5K4eiZeLohXLGOGdCiyKxtgv8yZCEBK-W-A1RIVSgz4A8tnh_bfnmFs4sMNvaTvdC1QQgLYvJASuBxyWVJG0H-Vw91AGkykTnAoeBBL4Ol6PYMHa_03SbuEp5rwhcZmZ5b1kdGMZW9eTbj23Y-RGqn8nDKhqXx7gNNkz9zvFTxhEMxHcOW38mGtvrYVj3m-Ofk5DcE8ISxVRuzVAN69rC6WZb2Xub2tN-q9a73t8EUg3toPhwHaWj7pBqHeiESW4AlbrKG-HxNEnMCrwniSzqk0c4WxGZLkh7uJY8pnHac4kisHAFd1ODiX5sdp7mg4AqpWowmtU39dLu3Vcphm-Jfz8P3VGIBGltXfSyxrFLDu_9gsqi8CcOlypGVtXRV88l5OucECFEaBlQgtoU407_M3_VMsk1cxIVh4yaRq1G1WR_imx6cihGQegEtlopRzPyB_4QZBZUhf6u0uxv3sPvCi2ybepakhH_WadOyBum5L6Irez8kvFOIefdSWhyVKTNAeOz9t6w8IsuPOpbESVxQopOkhJH-V9GzGRu5goKNFIBSRQA7vj4AsMPDjoaDEt0qkJZ8yli5FxAxcOVvttUdLLxk6Y7pBKwuxxYPddqW8nZOdPnH-jwpfZLKlW02Vm5FbpkcWkQq8VCEuzgHzS6hPIpacN2qlbJKIsTJ-rMJSbG3utmontaU-JxeG32b6e6oXWrpS
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202503130101&jk=3361826279694916&bg=!HR6lHlHNAAYl8RWmBfE7ADQBe5WfODP6Xv4oN28CwhWrrByJ5Nk-agrSO7CRQw-aTucpBWIRopy9ZSYK_wmDG22D5y9PAgAAAEhSAAAABGgBB34ANREfTL1a0aNLZE2etGhCQ8fFJXYmrTA7vJTqPmaBffgp4TpQEdyLaCr1Qt6OWfvy_odQgAH5CgAuCl8QEbl02_ca2rfdfT4WjvIZ4XOX_UExXZATdUa9nRk5N-V-pXTrwWgRm3si7pkCzMBMC6b17XSoF9Xzx9blblo2B760a1d0Ps4818WCPXKeS-EYthGPZxfkzUFTL86MQegbCe88ve7K-oZZVBs64sO1VXseYQpLl7XHrmmDWuoxtXy1nDM6lv834km8iNZ2smPKndr9RV5v_R4ddWXb6g4m9phiAe6zYEdHIVwo-fRfRCEOa25JrlwFGAQEJWtD4w9cVrmNzbhOvB0hhWn73E907gA8kKAqS8HjOyUN_iOaVPKmF3X4_IULxptiCGMm8q5Hu5OT0xZ4n6xTcM2IQXfhk_gBIH-LVJbStwdjewVor4rX-OLFSLxXFEzL_ROFSB3p4JUe_ZqWSzI1BoMToYr5MSf99T_7khelfNpXPR2tV9gBMIL31-9R4b7lVBY7CahfDprfOjpuDEEAqAtsIjhZsGHOe6hQHt_fJXeMffIJxPO52KwebWsMMSRR4frnqCTcXWQMHX1tugPb9FwHleh4oY-pdYcJCL0ejwqD8K6AL5oTq9tRwqSl1vIczm__AUqAUYLUeTn-oNxkKSlbKIbAKFickO6R9AQXT4ZCw8ZnxphQ5vi-rydjhTN_PX97Ptamm78uY3g7fUY4gFyuRaM0YgZ6BM5Eg2UkUuiIBAMba_fEnXpoPSjbOv_SgXmCyUiS9ztuYN5t6h3UXoxAJiVUdWxY19GCNZNYSBBuSUa_UwTeg6qOxKlOefWAmHQ1VrYpC1rUFFvSlhklTT7gwM42Do_3F5f_cuKc1c_XXlD-euO8MBLE0Cr-JOsZVhO14IOh7tcfA3ngc6BFCOdA4HgS41pQLdWtWqucNlpLhkhAXfPHl6wQFzHbWbuUeMlpsS2P8lT7-V4axCoclX8VuI6AIcITpE_xwTStiOn5WRVDQmTZJlYcwPQXICpV57VKveRBkEKcbDHz5LHchoyq9U6Ncc-bnI_SXr1JPNKuT37yrjuTs2orC7nTfHgB
Domain
923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net
URL
https://923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net/pixel?bd=923e68ac-322b-4c8a-80e1-f64705a6df42&t=50ef57&referrer=
Domain
56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net
URL
https://56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net/pixel?bd=56af8b37-6899-4180-ad24-fc0072c6c433&t=50ef57&referrer=
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuXTKRkrjPYwRsfzZZa-p6VmgHM3SqrkqAYNMgX__95nBK15YDkGmUhjhWhoMCT7dUw7B_-JgValyHjb4ignjHiBM408afjhJ3IHcO2oQjPhxNx2h1vvRYsQ4cBfC__SrZylBLS4f3qeskqctR0QGAjVNUmXu54Ldyme85oTX6xuvU&sig=Cg0ArKJSzNfZykBuugdUEAE&id=lidar2&mcvt=1000&p=108,650,358,950&tm=1524.3999977111816&tu=524.1999969482422&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250317&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3360245792&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3833493400&rst=1742402134606&rpt=569&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Domain
ad.holmesmind.com
URL
https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FdnpNOk&n=728&o=1&fc=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&d=1&b=2&ts=1&ii=2&FPCK=6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC&fp_uuid=6383-2cedd1a473cfe10b3ede2341c74f478d&initver=230627P
Domain
prebid-asia.creativecdn.com
URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Domain
prebid.scupio.com
URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.4221599534355638
Domain
ad2.apx.appier.net
URL
https://ad2.apx.appier.net/v1/prebid/bid
Domain
ad2.apx.appier.net
URL
https://ad2.apx.appier.net/v1/prebid/bid
Domain
bidder.criteo.com
URL
https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=80989679755
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202503130101&jk=1910009401240154&bg=!nJ-ln9DNAAYl8RWmBfE7ADQBe5WfOLHfnGSxoTkteSL20aw5imfEl4rbH45B84DbrfUvAF9GO2FM-6xKqnZLGYxIhYIQAgAAAFJSAAAABmgBB34ANcK59JPUmgmqR-TLXgjSSLifdU903MlliaY6S76VtbY9FJ2RHakA9c3iHuS-NFKwDD_fweMLCgAyl1xLHR0NMUbllfuKycrRIGzlPgns_FnNZ_pt0NEfmz76so5I8CsQGooQ5aOYapSOvKaZAwnekOlWHleE1TqKTKTfHdmgZMANisV01XSadWLODXzou50GBxZLcPC2-fjGBn7_vBBsEFD5sYhaBRHaaO9HbG3e7XcvIGPioBqQB9ephNk7CsV-lZsaZy4Ba5GUpqhZKOwfQ8p96ZKkLG4TTUHaMtTGY0aSV5ha-on8kEFjhAnRbUmavwe15J0FUJm6R7HVbjULQtj7_ks56htKPtFXsbocGek3cpdTf__I8Ic2wbIAPIlxiWfJP1vAqiQ-RBrq2lXfKW4TDlDCe4GYHHBJU8h5Q-bW0VSCgPO40g97HhvolFLC8rgIz8nOw4TXlCoNLiM_Og6aw7a5wjy2-LuNP-FRUeBHjVNy_frHmmiO2lncMIeQesyQon_SaqtuIgG9Q25OywLn6UhYqTEfj9PpU1w69X56qWSdjPTcSCG37GkQIPXK95ur4ogUlbrnnaZxFAvCuEyZHD347RA3YS-zMHRqSAyGfS8XfJ7Wi3rtmg7ginFuWR8zKAbKt_O-MpowHWU4t1gHxrbJ-DW4R9NbGEFOmafWIboGSY-89U4HfnDBF7wOZwGnWplr5kLimR4k-s53YG6e8NjR4o7rABGXL6N-w-C17ScoegCUaApMYILk5RwOWWzmHZa-lWbahSuU28l8Y7zn_gRV67SjGp-1DTBh7caqW4n2A4tQ6DPzRz9ohzrywIiOvGfe3oxrELAh-VnJrqMZQhwgurcND2mNUjvp2uv_p7iKy4wY6WmzyJD9KqDpMtFw0HVodDBAqoieXACAI0Iv9hkNf-KFUo8R0D536DL1ke_JE8ohCPllNelMaDm3BxRDRYmNqudWqk40EZpPXiexMMjGa6h6w1ZzY6BkX7TbBEMGQCXDOy-gguXOhQOFwGaOo0GXvUp92NvpF-dg8BiqZYM7diic2mELPMBc9pYhfTMbcjum5FE0qqCil6UkQfPyXij9aiuT6laHt82VzaKE8vIXQlYFFy_hk_HVfAdAlXUj44K__5MI97o1RJ7zD7PUUMIX-bi_NJZcw5eybm00Yj5d9rg
Domain
56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net
URL
https://56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net/pixel?bd=56af8b37-6899-4180-ad24-fc0072c6c433&t=50ef57&referrer=

Verdicts & Comments Add Verdict or Comment

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 function| gtag object| dataLayer object| gnshbrequest object| googletag function| custom_call_ND object| ONEAD_TEXT object| ONEAD_text_pubs function| ONEAD_text_response object| ONEAD_TEXT_INFO function| ONEAD_text_response_1ev1c function| text_etag_callback_1ev1c function| custom_call_MIR object| _ONEAD object| ONEAD_pubs function| Vue object| renews function| getRenewsFeeds object| app function| fbq function| _fbq string| labelToken string| category string| GoogleAnalyticsObject function| ga object| ggeac object| google_tag_data object| google_js_reporting_queue boolean| gn_wrapper_executed object| gn_wrapper_queue object| gnpb string| gn_pvid string| gn_native_template object| __gn_config boolean| gnslibincluded boolean| __gnpb_analytics number| __gn_prebid_sampling_rate number| gn_aladdin_vendor_id number| gn_beacon_rate object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| onYouTubeIframeAPIReady object| google_reactive_ads_global_state object| YJ_YADS function| getGnshbrequestSlots object| gecptparams object| YAHOO function| YadsTimelineManager function| yadsTimelinePoolAds object| YJ_UADF function| gAdController function| yadsDispatchDeliverProduct function| yadsRenderAd_v2 object| yadsInnerFuncs function| yadsRequestAsync object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| YTk3NmUzMjkyZTQyZjBlNWxvYWRlcl9qcw== string| YTk3NmUzMjkyZTQyZjBlNWNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| google_tag_topics_state number| google_unique_id object| regeneratorRuntime object| ox_esp object| _33across object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_159 object| Criteo object| Criteo_identitytag_159 boolean| f4e69629-a855-46df-ba43-9e5fe4d06616 number| google_srt object| google_logging_queue object| google_ad_modifications object| google_persistent_state_async object| adsbygoogle string| google_user_agent_client_hint boolean| googFloatingToolbarManagerAsyncPositionUpdate number| google_global_correlator object| google_prev_clients

47 Cookies

Domain/Path Name / Value
onead.onevision.com.tw/ Name: onevision_guid
Value: 2b50c4df-04e0-11f0-8884-0242ac120002
onead.onevision.com.tw/ Name: oid
Value: 2b50c4d3-04e0-11f0-8884-0242ac120002
reurl.cc/ Name: oid
Value: %257B%2522oid%2522%253A%25222b50c4df-04e0-11f0-8884-0242ac120002%2522%252C%2522ts%2522%253A-62135596800%252C%2522v%2522%253A%252220201117%2522%257D
.reurl.cc/ Name: _fbp
Value: fb.1.1742402129821.24844937369814602
.reurl.cc/ Name: _gid
Value: GA1.2.491048179.1742402130
.reurl.cc/ Name: _gat
Value: 1
.reurl.cc/ Name: _ga
Value: GA1.1.1891814378.1742402130
.reurl.cc/ Name: _ga_ZDFZCDVDK1
Value: GS1.1.1742402130.1.0.1742402130.0.0.0
.reurl.cc/ Name: _ga_N394QBRGC0
Value: GS1.1.1742402130.1.0.1742402130.60.0.0
.adsrvr.org/ Name: TDID
Value: e27db76e-6d30-477d-a490-9faaa605e270
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwjolYm12cPzPRAFOAE.
.prnasia.com/ Name: __cf_bm
Value: XD.zazIq9.Dl.JPNs0RdcA1UQe9MEczw8QS6eVaCdCQ-1742402130-1.0.1.1-jGtJnNJvp8w_O5Kbbq02S5Dws0kfO4Vh7zsQG9w_d_RP9lrAmn1l9H5np6s5trdGxwtPv5CiWQQzUblnfil4z.C52TWeVw777Fen4gQcVVc
.eyeota.net/ Name: mako_uid
Value: 195af42935c-334d0000010a495c
.eyeota.net/ Name: SERVERID
Value: 18780~DM
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: 59c120b21f514d7ac333c17387ba837
.yahoo.com/ Name: A3
Value: d=AQABBFPy2mcCEND1rdC4zssc_Gm3UTKu_YIFEgEBAQFD3GfkZ9wr0iMA_eMAAA&S=AQAAAhFBKOYz_K0UCzxwvlqKXl8
.doubleclick.net/ Name: IDE
Value: AHWqTUmtzqepb-JSEdk8yiX77gR9R71_hX_ciNeGzWtN2rwt4Lxm67EiDmvOVeE-u7U
.reurl.cc/ Name: __gads
Value: ID=b19a220630837641:T=1742402131:RT=1742402131:S=ALNI_Ma1IUhoAmJ4un7Ax9-1NgjPwQ-eZQ
.reurl.cc/ Name: __gpi
Value: UID=0000107a68dd5cf1:T=1742402131:RT=1742402131:S=ALNI_MbQ8DBqEi39VDhpNfuWmmu3U7HsnA
.reurl.cc/ Name: __eoi
Value: ID=826d37fc15bb614d:T=1742402131:RT=1742402131:S=AA-Afjat_GjpXBKZWqSMXYVXkQ-S
.analytics.yahoo.com/ Name: IDSYNC
Value: 19d3~2o54
.criteo.com/ Name: uid
Value: 99b61170-90da-4c09-a1c2-cbf6727a2891
.reurl.cc/ Name: ISMD5VERSION
Value: 1
.reurl.cc/ Name: _ss_pp_id
Value: bd6a085d33e6e94d7681742438132688
.reurl.cc/ Name: FCNEC
Value: %5B%5B%22AKsRol_7w8soz4D-49FhqDS9ixM80rD-TpkAravw6unpAOuOvaicTov38RPwnPS9-sQikHmRvKIDLfhQxqJnI9Y7y_7RW9Ov6r-wW5UxSy61eE3MPoHUeLDGGvZsQGr9ttapkidjknFRZ394KiqQhKGBUjbzxtgVgQ%3D%3D%22%5D%5D
.holmesmind.com/ Name: P
Value: 458592-OvJJ7dgItG8vSixTrekKslKMzhxSJTWi
.holmesmind.com/ Name: Vision
Value: 20250320-23:59,20250320-03,20250320-03,20250320-23:59
.holmesmind.com/ Name: C
Value: null
.holmesmind.com/ Name: RK
Value: null
.holmesmind.com/ Name: test_cookie
Value: CheckForPermission
.reurl.cc/ Name: _td
Value: 09b3a182-7e96-4a89-9ff9-eddd4250ed71
.reurl.cc/ Name: CFFPCKUUID
Value: 7027-ntlv7L4OxqxHiWC1wamTIzZKPXlGhjSq
.reurl.cc/ Name: CFFPCKUUIDMAIN
Value: 6383-5WAKoxyvGsYRxhAkooXsswXKnVaUPPlC
.reurl.cc/ Name: FPUUID
Value: 6383-2cedd1a473cfe10b3ede2341c74f478d
.reurl.cc/ Name: _tg_csi
Value: 1
.holmesmind.com/ Name: fcm
Value: 1
.popin.cc/ Name: uid
Value: bd6a085d33e6e94d7681742438132688
.lndata.com/ Name: admckid
Value: 2503200035331419791
track.91app.io/ Name: deviceid
Value: 2b508573-4033-4be2-a1a6-0c36a37d0bb4
.reurl.cc/ Name: _ht_em
Value: 1
.reurl.cc/ Name: _ht_50ef57
Value: 1
.holmesmind.com/ Name: R
Value: null
.holmesmind.com/ Name: G
Value: we3u7ZGJymKY5J47cKd8kQ==
.reurl.cc/ Name: _ht_hi
Value: 1
.hinet.net/ Name: uuid
Value: 56af8b37-6899-4180-ad24-fc0072c6c433
.reurl.cc/ Name: __htid
Value: 56af8b37-6899-4180-ad24-fc0072c6c433

2 Console Messages

Source Level URL
Text
rendering warning URL: https://reurl.cc/dnpNOk(Line 66)
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0404B00A42F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
Message:
Failed to load resource: net::ERR_CONNECTION_REFUSED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3eb2cc337b56bca6a3dd525d22043c25.safeframe.googlesyndication.com
56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net
8ddd594d9c0173489ad7c0ffa5af16ba.safeframe.googlesyndication.com
923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net
9ce807cd7edc19a86b46faea21c90f89.safeframe.googlesyndication.com
ad-specs.guoshipartners.com
ad.holmesmind.com
ad.tagtoo.co
ad2.apx.appier.net
adx.holmesmind.com
analytics.google.com
api.popin.cc
bcp.crwdcntrl.net
bidder.criteo.com
blog.alphaloan.co
cdn-ima.33across.com
cdn.holmesmind.com
cdn.jsdelivr.net
cms.analytics.yahoo.com
connect.facebook.net
cpt.geniee.jp
creditcards.com.tw
ea076ad4b93696117164f6fbc8330d8b.safeframe.googlesyndication.com
ecs.tagtoo.co
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fundingchoicesmessages.google.com
gocm.c.appier.net
googleads.g.doubleclick.net
gum.criteo.com
img.gbyhn.com.tw
img.racingcharger.tw
invstatic101.creativecdn.com
log.popin.cc
match.adsrvr.org
mma.prnasia.com
oa.openxcdn.net
onead.onevision.com.tw
pagead2.googlesyndication.com
prebid-asia.creativecdn.com
prebid.scupio.com
ps.eyeota.net
r.popin.cc
re-news.tw
reurl.cc
s.w.org
securepubads.g.doubleclick.net
static.criteo.net
static.wixstatic.com
stats.g.doubleclick.net
storage.reurl.cc
t.ssp.hinet.net
td.doubleclick.net
trc.taboola.com
tw.popin.cc
uec.tagtoo.co
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
yads.c.yimg.jp
56af8b37-6899-4180-ad24-fc0072c6c433.t.ssp.hinet.net
923e68ac-322b-4c8a-80e1-f64705a6df42.t.ssp.hinet.net
ad.holmesmind.com
ad2.apx.appier.net
bidder.criteo.com
blog.alphaloan.co
creditcards.com.tw
ep1.adtrafficquality.google
pagead2.googlesyndication.com
prebid-asia.creativecdn.com
prebid.scupio.com
100.28.140.230
103.1.220.9
103.132.192.30
104.18.29.101
107.178.241.176
119.63.193.220
119.63.198.143
119.63.198.188
119.63.198.189
142.250.65.194
142.250.80.34
142.250.81.238
142.251.35.161
142.251.35.162
142.251.40.100
142.251.40.129
142.251.40.161
142.251.40.162
142.251.40.97
142.251.41.14
157.240.241.1
157.240.241.35
168.95.245.1
172.104.121.22
183.79.249.124
192.0.77.48
2001:4860:4802:36::181
2001:4998:14:800::1000
203.137.133.156
203.75.214.136
210.59.219.34
2406:2000:98:800::e5
2600:9000:211c:5800:1e:5c56:d400:93a1
2600:9000:247b:4000:0:e06c:e940:93a1
2600:9000:247b:7e00:0:e06c:e940:93a1
2600:9000:247b:fe00:0:e06c:e940:93a1
2606:4700:3034::6815:6009
2606:4700::6812:60e1
2607:f8b0:4004:c07::9d
2607:f8b0:4006:816::2001
2607:f8b0:4006:816::200e
2607:f8b0:4006:817::2002
2607:f8b0:4006:81e::200e
2607:f8b0:4006:822::2008
2620:100:a00b::12
2620:100:a00b::30
2620:100:a00b::5
2a04:4e42:400::485
2a04:4e42::300
34.102.146.192
34.102.218.41
34.107.150.21
34.111.12.34
34.149.98.30
34.160.26.175
34.96.70.87
35.185.130.121
35.190.36.98
50.16.174.192
52.223.40.198
54.64.195.61
04f1a5003bb0f2df327205e8281a581a85a8fcce68688037d589d259cea83e0b
08378599d569cab24a9ed7749862438418810d85110973700a8f20f0df97c1a7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cedf3ea98f252b7f5475f7f884421b822e54796a2fc262af13a79242952b60e
0ed03838d093679e891fcf864f179c5cb765977df5365cb25459323a8a7a327c
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2
12f84fb4571546a90298c446fb4a6b5a70c5e8476bbee96405c51fee209ee4fa
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
18ebba1833b570f5832aa77e77ceab9902919bf55faa8aa433a5a85894cbd5a4
1adc1c30dcd11fa3812e3815c6c9f3ec82194a576a3ffdb0bab61b245458ba62
1bf41ca1364230ce3a9cbbac1110ff4d7d287a9f978fa74297aa30117c4da9c0
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1f5a6a8c7ac2c960d4b1f601ab594a2389ee9bf5a529f1063f2736cec154eb1c
203ed6bcfdb0b5f72ffd8dd519761742265eee57ab895fc0268dc5ded4195733
22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a
2299c048d3c0e81cfccad6b24d0a05ec8e6f16fe10fc1c1eed56ba5d1414ea3f
234c0c89b9e2409fbb4ebb449993aa93c347b2cf57925e8cb0ee5c751ea3dc46
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840
2b9b40a16469674b48b9c17ca84c5bc65a91564de411a028cf41c3b1f556a624
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
30c45abf57e0285b2e5de1a13f6c3421e07776154c947b8c9dada66841a9ca58
3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30
3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
3708bbe4489aefbf64066af6a499c7476cec23bfc6cf53e9d7f2bc88ff185687
370f0929da8f903bc7097f1bbf583ec72dfa421f80664eb49e27bf6710be9f4c
3d84fcf976815278726db8314d21c9901fd972437304675190d78d8cdf0a6c82
3fadf6580ed44d83afca9892803180db824dc3adffa2520b66a6e49a05a56260
407d3204fff33de3b423ecfac301789b78c7290aac0c66c603c072d2b042f942
43a71fb6e8f61126f7dfb3fe8a1a01eba8cfbff5cd7d681bba0e62f64ad924c7
4400bd606b22c548eb8a97de8e6372727db75c21890805dc47cfe499e75174ab
466b4a6c2c47478a104f80a757d2c06af42c6adfec939b18e7990bc1f6fa5460
467e7da308a57852b5c69bfe186f90af9715adcca378bd74b944d6c7c0f0168b
4682b028c9b090ae0abfba536abf9d0cb9231a6d30035f51475ce4f9f77770de
472272816a5c1d481d98da19fdcda43362368e867ac4f9eed17e2e5386fd16ae
490591c52cd60da5e7055c5b77b7ec0b0e96c6035b62f9f2774992c6e2286969
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4e072a61968d69a4d2108a4989b7e7ccf65d90782cb0ab33b7f740bc90d21fa9
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50ac64cdd7252223f04a120a84d55baa4143b6c170281bf57fe5c9181965286f
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd
6035985c69f0b6a191efccc5cc8bf7b7344803185ac7727d54c1cbcc05084b97
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
634e2f9e21977b3b6c2e5724131eaff85895f8a753e06ad3dfc05be18c538e36
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484
6936fb93559b850cbabc65fef3dd59c157dde3cf0bb248570aefaa91f590fed7
698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b
6c42fa631d99c55142ffd215870910cc4f39c9d4a9e18184c1626220c774fb4b
7040fd7374c1bc5bed13a4e532369c03fb62484514b5956508edfb09ede54fb4
72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d
766b91aba7ba20c4f09336f9fb8eff2637435fd18ddc36473fe141b98af814d4
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517
7b02340f2dc45840d3c378e8585638242965427824cfae847cda7f486176c359
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624
87e1375d8b045a0f2527f2b512e2f3725bda59dddef6d2f7da3d86053b5b6d7c
8cb54139d330a83448ba38e725770ba7d57c412202c630eebb2a93034e52d4f3
8d870b6563b5748c4fd69a9588d2742c886a928b4ef7a51a6b384ec3e6dac839
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e
94f0ed92efbedf3732fb80051c9211bd20958ebc130548f97695cbcfdc88da39
9a5c682fb0941773ee7bb519c55f86c919b5664088dae0335740d0464c5c9a6b
9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab4df621caf60937556c492dcc85cf551700cab89badb2672a24b961ae5d2558
b05249514d1235bb32724da7f4d199c558cb40fa178d99f34b622d3440de9f2f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b39e05a71f1d102609e37419d18d6ef7afab979a64e6a83f99ca240f29af08c6
b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448
b6f98de7386cedf8eb86ed3857283c30c8f1fea0304dd3f281cd14b40c28671c
b84e71b8bd8f2715e73682f3a173c9a7ed2debb333966765b6f8f5e80cff5e9a
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22
bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa
cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda
d2a0bd2e7b5e8d09ea538911b017b18aabde6f568eda7e3955864c30ceca0288
d3e4dec7f8bb0c04ea7afdd3ddec48498dc1485e0ca8ecc10b9bb610e53f7dcb
da97be7df6a82d713c3bd5c5e783d0d5d41431e27479b330690b1a04ac3f42b5
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
debc71b7ed41eb5413d11d327895e2016badd0dd40f111a3751a026dcd17fe25
e05fa4272fa689d8aca271000f3d17fffe1684744bb0139548c485de7f163143
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
ea3f1235b245092aa61194a49d0db74194cf202156d5581021e1dbce67114499
ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f186eb26bb013dc13d3039942d33fe61d6dfb30685aa204bf847190d379b941c
f2804ff8a9898e86da5f8aa6c2f0a646e3803b174fe1f7dab4a7347d263581df
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99