reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reurl.cc/XqAx30
Submission: On March 24 via api (March 24th 2025, 12:55:51 pm UTC) from JP — Scanned from US

Summary HTTP 199 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 55 IPs in 5 countries across 39 domains to perform 199 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 192127.
TLS certificate: Issued by R11 on March 14th 2025. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	35.185.130.121 35.185.130.121	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	151.101.1.229 151.101.1.229	54113 (FASTLY) (FASTLY)
5	34.149.98.30 34.149.98.30	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.129.55 151.101.129.55	54113 (FASTLY) (FASTLY)
3	172.253.62.97 172.253.62.97	15169 (GOOGLE) (GOOGLE)
21	172.253.115.155 172.253.115.155	15169 (GOOGLE) (GOOGLE)
3	203.137.133.153 203.137.133.153	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
2	168.95.245.1 168.95.245.1	131660 (CHTCDN Da...) (CHTCDN Data Communication Business Group)
2	157.240.229.1 157.240.229.1	32934 (FACEBOOK) (FACEBOOK)
5	142.251.167.113 142.251.167.113	15169 (GOOGLE) (GOOGLE)
3	172.253.122.113 172.253.122.113	15169 (GOOGLE) (GOOGLE)
23	172.253.62.157 172.253.62.157	15169 (GOOGLE) (GOOGLE)
1	142.251.163.154 142.251.163.154	15169 (GOOGLE) (GOOGLE)
3	172.253.115.156 172.253.115.156	15169 (GOOGLE) (GOOGLE)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	74.119.117.47 74.119.117.47	19750 (AS-CRITEO) (AS-CRITEO)
1	104.18.28.101 104.18.28.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	157.240.229.35 157.240.229.35	32934 (FACEBOOK) (FACEBOOK)
8	172.253.122.101 172.253.122.101	15169 (GOOGLE) (GOOGLE)
1	74.119.117.17 74.119.117.17	19750 (AS-CRITEO) (AS-CRITEO)
5	107.178.241.176 107.178.241.176	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	172.253.122.132 172.253.122.132	15169 (GOOGLE) (GOOGLE)
2	34.160.26.175 34.160.26.175	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	183.79.219.124 183.79.219.124	24572 (YAHOO-JP-...) (YAHOO-JP-AS-AP Yahoo Japan)
1	192.0.78.25 192.0.78.25	2635 (AUTOMATTIC) (AUTOMATTIC)
1	172.67.150.31 172.67.150.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	103.1.220.9 103.1.220.9	131149 (YUANJHEN-...) (YUANJHEN-AS-TW Yuan-Jhen Info.)
1	104.18.95.225 104.18.95.225	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
1	3.161.213.25 3.161.213.25	16509 (AMAZON-02) (AMAZON-02)
3	119.63.193.220 119.63.193.220	38627 (BAIDUJP B...) (BAIDUJP Baidu)
21	18.160.10.127 18.160.10.127	16509 (AMAZON-02) (AMAZON-02)
3 3	69.147.92.11 69.147.92.11	14777 (YAHOO) (YAHOO)
2 2	100.28.140.230 100.28.140.230	14618 (AMAZON-AES) (AMAZON-AES)
2 2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 2	50.16.174.192 50.16.174.192	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
4	18.160.10.56 18.160.10.56	16509 (AMAZON-02) (AMAZON-02)
4	54.64.195.61 54.64.195.61	16509 (AMAZON-02) (AMAZON-02)
1 2	172.253.122.155 172.253.122.155	15169 (GOOGLE) (GOOGLE)
3	142.251.111.155 142.251.111.155	15169 (GOOGLE) (GOOGLE)
6	142.250.31.132 142.250.31.132	15169 (GOOGLE) (GOOGLE)
1	119.63.198.189 119.63.198.189	38627 (BAIDUJP B...) (BAIDUJP Baidu)
1	34.111.12.34 34.111.12.34	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.107.150.21 34.107.150.21	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
11	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
3	119.63.198.143 119.63.198.143	38627 (BAIDUJP B...) (BAIDUJP Baidu)
3	142.251.167.99 142.251.167.99	15169 (GOOGLE) (GOOGLE)
2	103.132.192.30 103.132.192.30	138552 (RTBHOUSE-...) (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD.)
4 8	35.190.36.98 35.190.36.98	15169 (GOOGLE) (GOOGLE)
4 4	139.162.84.221 139.162.84.221	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
4	74.119.117.5 74.119.117.5	19750 (AS-CRITEO) (AS-CRITEO)
1	34.102.218.41 34.102.218.41	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	210.59.219.34 210.59.219.34	3462 (HINET Dat...) (HINET Data Communication Business Group)
1	119.63.198.188 119.63.198.188	38627 (BAIDUJP B...) (BAIDUJP Baidu)
1	192.178.155.132 192.178.155.132	15169 (GOOGLE) (GOOGLE)
1	64.233.180.132 64.233.180.132	15169 (GOOGLE) (GOOGLE)
199	55

1 35.185.130.121 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.149.98.30 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 30.98.149.34.bc.googleusercontent.com

storage.reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.55 (San Francisco, United States)

ASN54113 (FASTLY, US)

anymind360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.62.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 172.253.115.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f155.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 203.137.133.153 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)

cpt.geniee.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 168.95.245.1 (Palo Alto, United States)

ASN131660 (CHTCDN Data Communication Business Group, TW)
PTR: 168-95-245-1.hinet-ip.hinet.net

ad-specs.guoshipartners.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.229.1 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.251.167.113 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f113.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.122.113 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f113.1e100.net

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 172.253.62.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.163.154 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f154.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.115.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f156.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 74.119.117.47 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.28.101 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 157.240.229.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-iad3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.253.122.101 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f101.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.117.17 (United States)

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 107.178.241.176 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.241.178.107.bc.googleusercontent.com

onead.onevision.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f132.1e100.net

1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.160.26.175 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 175.26.160.34.bc.googleusercontent.com

re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 183.79.219.124 (Japan)

ASN24572 (YAHOO-JP-AS-AP Yahoo Japan, JP)

yads.c.yimg.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.25 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.150.31 (United States)

ASN13335 (CLOUDFLARENET, US)

img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.1.220.9 (Taiwan)

ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW)
PTR: ph2.g-dns.com

img.racingcharger.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.95.225 (None, )

ASN13335 (CLOUDFLARENET, US)

mma.prnasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.161.213.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-213-25.yul62.r.cloudfront.net

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 119.63.193.220 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

api.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 18.160.10.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-127.iad12.r.cloudfront.net

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.147.92.11 (Ashburn, United States) 3 redirects

ASN14777 (YAHOO, US)
PTR: e1.ycpi.vip.dca.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 100.28.140.230 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-28-140-230.compute-1.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.16.174.192 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-174-192.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.44 (San Francisco, United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.160.10.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-56.iad12.r.cloudfront.net

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adx.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.64.195.61 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com

ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.122.155 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bh-in-f155.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.111.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f155.1e100.net

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.31.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f132.1e100.net

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.63.198.189 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

tw.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.12.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.12.111.34.bc.googleusercontent.com

ad.tagtoo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.150.21 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 21.150.107.34.bc.googleusercontent.com

uec.tagtoo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10d180c4-2056-4f44-b3d0-2fde99c45f22.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 119.63.198.143 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

log.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.167.99 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net

prebid-asia.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.190.36.98 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 98.36.190.35.bc.googleusercontent.com

ad2.apx.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.162.84.221 (Tokyo, Japan) 4 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1564-221.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.119.117.5 (United States)

ASN19750 (AS-CRITEO, US)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.218.41 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 41.218.102.34.bc.googleusercontent.com

ecs.tagtoo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 210.59.219.34 (Taichung City, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 210-59-219-34.hinet-ip.hinet.net

prebid.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.63.198.188 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

r.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.178.155.132 (United States)

ASN15169 (GOOGLE, US)
PTR: yuiadrs-in-f132.1e100.net

38acab207a35e983f87d9aa227ec7b36.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.180.132 (United States)

ASN15169 (GOOGLE, US)
PTR: pe-in-f132.1e100.net

b50e4f7b7975aa95a80718d7479b2442.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	holmesmind.com cdn.holmesmind.com — Cisco Umbrella Rank: 157153 ad.holmesmind.com — Cisco Umbrella Rank: 107266 adx.holmesmind.com	88 KB
28	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 227 stats.g.doubleclick.net — Cisco Umbrella Rank: 156 td.doubleclick.net — Cisco Umbrella Rank: 177 googleads.g.doubleclick.net — Cisco Umbrella Rank: 46	251 KB
25	googlesyndication.com 1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com Failed pagead2.googlesyndication.com — Cisco Umbrella Rank: 116 38acab207a35e983f87d9aa227ec7b36.safeframe.googlesyndication.com b50e4f7b7975aa95a80718d7479b2442.safeframe.googlesyndication.com	301 KB
14	google.com analytics.google.com — Cisco Umbrella Rank: 155 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 697 www.google.com — Cisco Umbrella Rank: 3	72 KB
12	appier.net 8 redirects ad2.apx.appier.net — Cisco Umbrella Rank: 96423 gocm.c.appier.net — Cisco Umbrella Rank: 3508	3 KB
11	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 76568 10d180c4-2056-4f44-b3d0-2fde99c45f22.t.ssp.hinet.net	5 KB
9	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 388 ep2.adtrafficquality.google — Cisco Umbrella Rank: 402	45 KB
8	popin.cc api.popin.cc — Cisco Umbrella Rank: 16536 tw.popin.cc — Cisco Umbrella Rank: 101331 log.popin.cc — Cisco Umbrella Rank: 79434 r.popin.cc — Cisco Umbrella Rank: 83820	97 KB
7	criteo.net static.criteo.net — Cisco Umbrella Rank: 922	56 KB
6	reurl.cc reurl.cc — Cisco Umbrella Rank: 192127 storage.reurl.cc — Cisco Umbrella Rank: 258034	7 KB
5	onevision.com.tw onead.onevision.com.tw — Cisco Umbrella Rank: 130012	2 KB
5	criteo.com gum.criteo.com — Cisco Umbrella Rank: 470 bidder.criteo.com — Cisco Umbrella Rank: 1215	745 B
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49	21 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	230 B
3	tagtoo.co ad.tagtoo.co — Cisco Umbrella Rank: 127055 uec.tagtoo.co — Cisco Umbrella Rank: 107116 ecs.tagtoo.co — Cisco Umbrella Rank: 99281	62 KB
3	yahoo.com 3 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 1858 ups.analytics.yahoo.com — Cisco Umbrella Rank: 609	935 B
3	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2363 prebid-asia.creativecdn.com — Cisco Umbrella Rank: 25654	3 KB
3	geniee.jp cpt.geniee.jp — Cisco Umbrella Rank: 51056	70 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 44	401 KB
2	scupio.com prebid.scupio.com — Cisco Umbrella Rank: 103735	336 B
2	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 1050	2 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 386	1 KB
2	crwdcntrl.net 2 redirects bcp.crwdcntrl.net — Cisco Umbrella Rank: 1203	730 B
2	re-news.tw re-news.tw	31 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 214	80 KB
2	guoshipartners.com ad-specs.guoshipartners.com — Cisco Umbrella Rank: 149330	24 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 322	58 KB
1	taboola.com trc.taboola.com — Cisco Umbrella Rank: 753	198 B
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 6052	1011 KB
1	w.org s.w.org — Cisco Umbrella Rank: 5142	731 B
1	prnasia.com mma.prnasia.com — Cisco Umbrella Rank: 713621	23 KB
1	racingcharger.tw img.racingcharger.tw	152 KB
1	gbyhn.com.tw img.gbyhn.com.tw	67 KB
1	creditcards.com.tw creditcards.com.tw	65 KB
1	yimg.jp yads.c.yimg.jp — Cisco Umbrella Rank: 40267	58 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1253	7 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2397	8 KB
1	anymind360.com anymind360.com — Cisco Umbrella Rank: 19904	46 KB
0	alphaloan.co Failed blog.alphaloan.co Failed
199	39

	Domain	Requested by
24	cdn.holmesmind.com	securepubads.g.doubleclick.net cdn.holmesmind.com ad.holmesmind.com
24	securepubads.g.doubleclick.net	reurl.cc securepubads.g.doubleclick.net pagead2.googlesyndication.com
22	pagead2.googlesyndication.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
10	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
9	t.ssp.hinet.net	api.popin.cc cdn.holmesmind.com t.ssp.hinet.net
8	ad2.apx.appier.net	4 redirects reurl.cc
7	static.criteo.net	securepubads.g.doubleclick.net cdn.holmesmind.com reurl.cc
6	ep2.adtrafficquality.google	pagead2.googlesyndication.com ep2.adtrafficquality.google securepubads.g.doubleclick.net
5	onead.onevision.com.tw	ad-specs.guoshipartners.com reurl.cc
5	www.google-analytics.com	storage.reurl.cc www.googletagmanager.com www.google-analytics.com reurl.cc
5	storage.reurl.cc	reurl.cc
4	bidder.criteo.com	static.criteo.net
4	gocm.c.appier.net	4 redirects
4	ad.holmesmind.com	cdn.holmesmind.com
4	www.facebook.com	reurl.cc
3	www.google.com	ep2.adtrafficquality.google
3	log.popin.cc	reurl.cc
3	ep1.adtrafficquality.google	pagead2.googlesyndication.com securepubads.g.doubleclick.net reurl.cc
3	api.popin.cc	reurl.cc api.popin.cc
3	cpt.geniee.jp	reurl.cc cpt.geniee.jp
3	www.googletagmanager.com	reurl.cc www.googletagmanager.com
2	10d180c4-2056-4f44-b3d0-2fde99c45f22.t.ssp.hinet.net	reurl.cc t.ssp.hinet.net
2	prebid.scupio.com	cdn.holmesmind.com
2	prebid-asia.creativecdn.com	cdn.holmesmind.com
2	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com
2	ps.eyeota.net	1 redirects reurl.cc
2	match.adsrvr.org	2 redirects
2	bcp.crwdcntrl.net	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	re-news.tw	storage.reurl.cc reurl.cc
2	connect.facebook.net	storage.reurl.cc connect.facebook.net
2	ad-specs.guoshipartners.com	reurl.cc
2	cdn.jsdelivr.net	reurl.cc
1	b50e4f7b7975aa95a80718d7479b2442.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	38acab207a35e983f87d9aa227ec7b36.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	r.popin.cc	reurl.cc
1	ecs.tagtoo.co	ad.tagtoo.co
1	uec.tagtoo.co	api.popin.cc
1	ad.tagtoo.co	api.popin.cc
1	tw.popin.cc	api.popin.cc
1	adx.holmesmind.com	pagead2.googlesyndication.com
1	trc.taboola.com	reurl.cc
1	cms.analytics.yahoo.com	1 redirects
1	static.wixstatic.com	reurl.cc
1	s.w.org	reurl.cc
1	mma.prnasia.com	reurl.cc
1	img.racingcharger.tw	reurl.cc
1	img.gbyhn.com.tw	reurl.cc
1	creditcards.com.tw	reurl.cc
1	yads.c.yimg.jp	cpt.geniee.jp
1	gum.criteo.com	static.criteo.net
1	1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net cdn.jsdelivr.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	anymind360.com	reurl.cc
1	reurl.cc
0	blog.alphaloan.co Failed	reurl.cc
199	61

This site contains links to these domains. Also see Links.

Domain
re-news.tw
youtils.cc
www.comptw.com
stockinfo.tw

Subject Issuer	Validity	Valid
reurl.cc R11	`2025-03-14` - `2025-06-12`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
storage.reurl.cc WR3	`2025-03-14` - `2025-06-12`	3 months	crt.sh
anymind360.com R10	`2025-02-15` - `2025-05-16`	3 months	crt.sh
*.google-analytics.com WR2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
*.g.doubleclick.net WR2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
*.geniee.jp GeoTrust TLS RSA CA G1	`2024-07-30` - `2025-08-30`	a year	crt.sh
ad-specs.guoshipartners.com Go Daddy Secure Certificate Authority - G2	`2025-01-08` - `2026-01-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2025-01-02` - `2025-04-02`	3 months	crt.sh
*.google.com WR2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
*.doubleclick.net WR2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
oa.openxcdn.net WR3	`2025-03-12` - `2025-06-10`	3 months	crt.sh
invstatic101.creativecdn.com WR3	`2025-02-12` - `2025-05-13`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-02-03` - `2025-05-03`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2024-09-05` - `2025-09-30`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-02-09` - `2025-05-10`	3 months	crt.sh
onead.onevision.com.tw R10	`2025-02-03` - `2025-05-04`	3 months	crt.sh
wp.re-news.tw WR3	`2025-03-04` - `2025-06-02`	3 months	crt.sh
edge01.yahoo.co.jp Cybertrust Japan SureServer CA G4	`2025-02-07` - `2026-03-06`	a year	crt.sh
tls.automattic.com E6	`2025-02-14` - `2025-05-15`	3 months	crt.sh
gbyhn.com.tw WE1	`2025-03-06` - `2025-06-04`	3 months	crt.sh
img.racingcharger.tw R11	`2025-02-15` - `2025-05-16`	3 months	crt.sh
*.prnasia.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-23` - `2025-11-23`	a year	crt.sh
s.w.org E6	`2025-02-28` - `2025-05-29`	3 months	crt.sh
*.wixstatic.com R11	`2025-01-23` - `2025-04-23`	3 months	crt.sh
*.popin.cc Secure Site Pro CA G2	`2024-09-23` - `2025-10-24`	a year	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2025-03-06` - `2026-04-07`	a year	crt.sh
*.taboola.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-12-01` - `2025-12-31`	a year	crt.sh
adtrafficquality.google WR2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
ad.tagtoo.co WR3	`2025-02-20` - `2025-05-21`	3 months	crt.sh
uec.tagtoo.co WR3	`2025-02-23` - `2025-05-24`	3 months	crt.sh
*.t.ssp.hinet.net HiPKI OV TLS CA - G1	`2025-02-12` - `2026-02-12`	a year	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2024-04-05` - `2025-04-30`	a year	crt.sh
ecs.tagtoo.co WR3	`2025-03-22` - `2025-06-20`	3 months	crt.sh
*.scupio.com Sectigo RSA Organization Validation Secure Server CA	`2024-09-27` - `2025-10-28`	a year	crt.sh

This page contains 32 frames:

Primary Page: https://reurl.cc/XqAx30
Frame ID: 7F70B762AD14531F92E082A2B74DAA74
Requests: 65 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=1923222759.1742820941&gtm=45je53j1v897965293za200zb9181474282&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102788824~102803279~102813109&z=391736354
Frame ID: 54CE089B9192B66F8409415F51CD36DE
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: A19EE26F15A41B7A58F8CB242A3EA217
Requests: 1 HTTP requests in this frame

Frame: https://1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Frame ID: 041E67D2BE73DDB843A0DB9298AC86F3
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Frame ID: C4CEC6F84DE31A6951CAAE977C08D4A7
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: EB54DD6F3E7E8918B6615FA370226337
Requests: 1 HTTP requests in this frame

Frame: https://1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Frame ID: E5EF710D85E25C950358125E07A5AD8E
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstTs5ygH7sWs1L0EcIZPVIQ58Nf6HbQnMsr4fNzz9eP88koLQ2AxrPxCFPKkn4OAkD5fy8Y9X1YuVH99kGwegSsv1TCZ0Qt7f_7C88sTF2IgVURCUDJdGiNhuYcWA3p9IJ7qK1-3pM-gWVwxbBR40MiE8nYCAletWjM9E4_DMmePszTmdypuIPFTMKepq2JFMzLVt_iydm-O6ccI8o1R1Ugy1R722X5H_p7bmW1_gNHiScF2a451JxkOifOR6IusIu8Qxru_4wgyjBxcbaXSAIXaeqwrhBays71kIKFr-V5WyxIXrElcIvRriLKEbyemortZyFgygl_aHxepHK7CPBXDLNw4Tkbprr3sLrgw2LekKe5_v09_Y_s2_Z9cQZLDZFFQi7QpxwV61IlG-pvwIHEpW1Pp0yG3f-9DfucUPQzxCHL7oIHZMEyDVI&sai=AMfl-YSX9-mRcSe6M3dBcFOhuToYUmZIoj9WZE8Qkl4nwW80kqHaLTmUn7I4Pai1J23m2x64VX4VPtIDxPNsXd428K2TxH2FYhVcjkq1RWrD9RE7lOwQVATpqp4Da435&sig=Cg0ArKJSzDjpoLG9sEA4EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 2910940A8AC07B006FA28672D69C5EA8
Requests: 22 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv8QXN8AVcJA_LR4M8bPbRa_BFZqu5URlIyWjYNaRM07R8nXI9MRh6sd9oO5RoO8Wemy8Wbi7RsAkwGBFuTSU0Mo6N5OOp4UZIa3cT79c2F4ED70evDKSCkrrIXgiadqPllg8L4dboa2pzlknr_GoSU6OdF9rJGVskrO_WwhCunFk_iQcA7sIef3Ppv3fUiA55mwnNSuD8jh8QMIoYJd8KNmPGFLWm-NPBhVomevjScp1rV1eRSnUWRmOFYsj43xLeRisSHIRoiuHIVjLei5kMVIEr5hdRZaJMP65V9ARyVeh4s4aqz6lmNcLAFRh5NnNHBZC7Sf_99PpEM1d5MP7bPwUQBr1R5JMI1yJuzxNlgWi_bCp7TOe8dWUx5tknaG7MK5M4lPwyj9SI3MBUawA0b-dCOE87Nhx109fY-w7BxXPkWo-OroAAEl3I&sai=AMfl-YTOOX2uNej4oOVwEutk7aRlREcMRs-BzrivQFppTKhO57VPEybIJ6tkCXkAHDkcga0vWE0XuGyxfUkXwYTxAK1jKPngGZufsLVC6kS09usUX-j1vrS2Vf517wcP&sig=Cg0ArKJSzEYfpGkryAj8EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 3977ED3D24CDA5269A46810751BE27E7
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuJMyFC6ucrc7UQxjJ0p2IphklYcZqS9xEAjhLUg7D_54cIsgXlZrER6wCZdr28_qYcTNgxRD64tPsNq38ArDlcaUNPRbwDFAGRuifAkKu0wamOWOhBRgA24J7SxINkGZ3NZsd66elPERBtW6FauI0U6ZEU1m54kmtkCDQr8GfVkOEGquT3YnINPsI2glbMfjf8-CJ-L7I6heYQGpMf6MUaC5jBrNix8fA_Nyxc6KvFTmXAjIvYTo8FmEKU617xucP6Ys7TNeswivJ-LnNOHxjGtb46G4Wk9wDYl6FgW_wWQFuhfjJoRMOQc7pVRes_WOUyoDTnJrYIBTZd-SDhnmp6IqxlTaTEN3Co4th8QCsWxJny0l0ZcaewvbXwFO865tsRAH0RyfZAfjr0iDXj0uguETAX5MCtBxGhv6SS_uJXExwpu79ERscz64kb_jHeCof5&sai=AMfl-YRRk-ZCJhEQaTMNRqjpnKMzhbm9iyN_5u-3DoNsZaizr2DtfXkOfQDXXaTG2vtrtUH4TmtsENLrgUdycL0OQEcDtxi1FCUgqlxdXKc1N1czNJDIPZXIzrQ6a1YT&sig=Cg0ArKJSzH1aIxxwTOkbEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 2319F1E849B71DCEAF021FE34283DA7E
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: B588DD84CAC74F892C3FB9CB8D543DDC
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: F6B3B2210470DADB1D9E80F4EE5326A9
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250319/r20190131/zrt_lookup.html
Frame ID: C04780276251E96D8059BAF741DA9265
Requests: 1 HTTP requests in this frame

Frame: https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Frame ID: 40F00957E01777E25FE01A8D33B4C878
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: EB838B49FF88F13F1D3A283091B6AC26
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A58FE2627996FBB2EE67DB9B7E58AEDF
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: C76839B7882D2755F791B6F2197A040E
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: AE687D65260F5627E5A0FC7637349A78
Requests: 1 HTTP requests in this frame

Frame: https://38acab207a35e983f87d9aa227ec7b36.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3
Frame ID: 27B9160FA4B454C55F9ADFDB2A9803E6
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 403750DFB7F4D417BB5D18D0E667D39E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0A0924C2F689D0A89483F40D9F0BBE1A
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssRQz8cKTUNlRSIdB4FAt-UWFAtCkfK4xa8hqASg381NP9wV-foz6Jm0u7nhLxtku7xdg8F4-RUZoWWngu8aCn0UjjcAsENe-GAd8eeBNudcg8pGYUSW0_sz28DPlEjo0fOGYcDXpGDxyhAYL7iD6aQJ8UobKM8wHI7NOfdMYjoN31iHuv7WVSy_Yf0PVN7yn-DuW0-5arpfb6caofgC54chQtpGP6QBeDMRT79ltWexnZVuo3aZA62fBjHE_3at4rtGueYdMF7Y_BTw2FRwIgP14YkyiWP3m6aRdwxaE53WieokeAaYnUlh_TeaYvzmy9YVDtzzwJcBZwZ0SmWuq046MSPpIglTEmQdI6vxYj2FzdECh6Vb8cOz8Js1B9fKZMPggKBRaZjrqAOfouwN32fTn3YH9U2RXfj5-8huqH7TsIeeJkwKCRz87LIcbiU5tlxpVl8yL7dmF0&sai=AMfl-YQzmrwJ6Ar4C-U3ADOqPvVkhiwHJDTLJWImg4tcze4MOTikqpEjXX0iwd2G0ku47sx8hm8lhSRU4Dpqj5gBWkkYM9PdSWM5f-_TiiOpSPRR-eEhVPu8RTs6HB5L&sig=Cg0ArKJSzNCuuTgUhmjAEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 21338070358573DFE7217AF619C30DB8
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=5720-1561cb6450bd93e00cfca5fd9cfa90c4
Frame ID: 183555CBCA256946B00CEA0E78BDE028
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 9AA448A8D29085E42C366A97279E4CE6
Requests: 23 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 53ABAD88EB8E52A43E583F45FF9DE11B
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: B87F71A7BAB3AED87C1C5FE648C7122D
Requests: 1 HTTP requests in this frame

Frame: https://b50e4f7b7975aa95a80718d7479b2442.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=6
Frame ID: 1EB42A0992303D414532F613EE1C416B
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 6A76B58835F7242F959C06566538AC9A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4F49692A9CF6F57A583A8962645AE3DF
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuPjE6iETk3v_im1OLNa7vjlPAlIEMOCMcRhbQGhGjmEolWnQ3R88Sbm15akoSvKWf23G5iS_LN7XSrqI7vo4fsxNR5k3u9K-xkmHOGhBUA9uGv7BHxsCZ4PqYHcgLOqsbG1R4HOMv-ykCV9IH8YwMPqPdfkQUlGahNw1Om8Po4mC0yC74dN_YRCmRM_GmcwomBhvE4zt8RGh_lGfR-_SvLP32eYqgOj45Lv45F6LoY35CC4BqAlWlvl5FGzqEeGYeYvi7iyYYfuMXjbEt4-mGV1_M3PhgX4BcqJ7D8zuEQcCYco40lJbF6X7aWyvbfIDtLvr13KX2AVudmRyAqU6mZctfxm0Oog_VYmuqILtt7WXD8IsLTjZ3aZlh2yVAMGu8eCu3VUE16-y-Ba1tgnHnLEbir2szGP1EN0AnATJVhO7BowCihmxamguiBZmr3vh3rs_bW1PCNkg&sai=AMfl-YS-z-R-sekrtDyQh6Ooc5lOFBdtmvpXVhM-MH82Zh6R1QP3sE8XXRVXrRg5EL4iY5VCi_yLCaq7yPbSbkaQnIRYDQZ2rMnevByM0T2xJaEbLcy2k-nMP9YEt0bD&sig=Cg0ArKJSzMKjVQ3vva-oEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 47774AFE418A0813C29AF064E8A17B4F
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=5720-1561cb6450bd93e00cfca5fd9cfa90c4
Frame ID: E8BFE8AE16A1E54706D6D15D936E54B8
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: E216246DFBB30A648DC34A80FB440535
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dynamics 365 Customer Voice

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

199
Requests

93 %
HTTPS

0 %
IPv6

39
Domains

61
Subdomains

55
IPs

5
Countries

3114 kB
Transfer

9497 kB
Size

46
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://re-news.tw/
Title: Exit

Search URL Search Domain Scan URL

URL: https://re-news.tw/renews/168

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/233069

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/61537

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/54444

Search URL Search Domain Scan URL

URL: https://re-news.tw/prnasia/4647021_TW47021_2

Search URL Search Domain Scan URL

URL: https://re-news.tw/golike/22753

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/664f06a4333c44b7de8afda5

Search URL Search Domain Scan URL

URL: https://re-news.tw/alphaloan/20451

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: Emoji

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: Geo IP

Search URL Search Domain Scan URL

URL: https://youtils.cc/big5gb
Title: Big5/GB Converter

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QR Code

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: Length Converter

Search URL Search Domain Scan URL

URL: https://www.comptw.com/
Title: Taiwan Company

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: Taiwan Stock

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: Word Counter

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: Date Calculator

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: Lunar Calendar

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: UTM tool

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://cms.analytics.yahoo.com/cms?partner_id=OneDATA HTTP 302
https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA HTTP 302
https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true HTTP 302
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-Qy.sRo1E2p_xvE1gvpcQ2uzF.7n2NzkYauXR5w--~A

Request Chain 66

https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
https://onead.onevision.com.tw/v2/pixel/ltm?id=f64d3331b3c0971d442985ad3e6a89d1

Request Chain 67

https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
https://onead.onevision.com.tw/v2/pixel/ttd?id=16265fd6-b9ed-4e9a-8aed-3829f5c4b992

Request Chain 68

https://ps.eyeota.net/pixel?pid=3m51m51&uid=4b29c54c-08af-11f0-a254-0242ac120002&t=ajs HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=4b29c54c-08af-11f0-a254-0242ac120002&t=ajs

Request Chain 95

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=776186312&pi=t.ma~as.2784%2F13803&w=300&lmt=1742820943&url=https%3A%2F%2Freurl.cc%2FXqAx30&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1742820942651&bpp=519&bdt=151&idt=616&shv=r20250319&mjsv=m202503180101&ptt=5&saldr=sd&cookie=ID%3Deb78c0b1b52b10ee%3AT%3D1742820941%3ART%3D1742820941%3AS%3DALNI_MaTXILdeoeqTQ9H7J7svId2DZK6Cg&gpic=UID%3D00001000d582680b%3AT%3D1742820941%3ART%3D1742820941%3AS%3DALNI_MbsPLsiOuwiAF_FTsgU606zQ7E4Hw&eo_id_str=ID%3D77c251e73d9ab7c4%3AT%3D1742820941%3ART%3D1742820941%3AS%3DAA-Afjbrx8bHZ0u_7Q2uLdTl-N_o&correlator=8746114836722&frm=23&ife=4&pv=2&nhd=1&u_tz=-600&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=270&ady=172&biw=1600&bih=1200&isw=300&ish=250&ifk=3231471538&scr_x=0&scr_y=0&eid=95355340%2C31091181%2C95344788%2C95356499%2C95356505%2C95355300&oid=2&pvsid=4188951136537809&tmod=2147047400&uas=0&nvt=1&fc=640&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=1.k74iok185xcw&fsb=1&dtd=691 HTTP 302
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html

Request Chain 116

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=iy3JhikCC-yUiTCKUVbhZw

Request Chain 125

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=NmlPqJQvB8W0ZdRwUVbhZw

Request Chain 165

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=QYNVZZX-A52gcAhuUlbhZw

Request Chain 166

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=xCka37fDBa6kZ9sAUlbhZw

199 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request XqAx30 Show response
reurl.cc/ 15 KB
4 KB 667ms
227ms Document
text/html 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e50d22b5eeec9dac3bc9087a1879128c48bd4598de3d65771e8735ccbbf3c6f7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 24 Mar 2025 12:55:40 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx/1.18.0 (Ubuntu)
target: https://ecv.microsoft.com/dDTk9Vwh4y
vary: Accept-Encoding Origin
x-request-id: cf9549d9-0ddc-4d68-9bd9-34a83642ef86

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
26 KB 46ms
11ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
age: 3392447
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-eddf8230028-FRA, cache-ewr-kewr1740027-EWR
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25648
x-jsd-version: 4.3.1

GET
H2 200 style.css
storage.reurl.cc/stylesheets/rwd/ 2 KB
1 KB 74ms
15ms Stylesheet
text/css 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/stylesheets/rwd/style.css?v=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: abfcf7d5-2cd9-4c9b-8ad9-2b182287e8b2
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
age: 7895
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 10:44:05 GMT
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=28800
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 904

GET
H2 200 ats.js Show response
anymind360.com/js/9479/ 186 KB
46 KB 50ms
12ms Script
application/javascript 151.101.129.55
FASTLY

General

Check archive.org

Download Go to

Full URL

https://anymind360.com/js/9479/ats.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.55 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a6a132211fe21475c262557eeb7c3efad716f5ece2f3552e2894e097a9fd7bf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
content-encoding: gzip
x-goog-hash: crc32c=jUf8sg==, md5=XZKb74lEVE/od15TDzGdTQ==
etag: "5d929bef8944544fe8775e530f319d4d"
age: 34482
x-goog-stored-content-encoding: gzip
expires: Mon, 24 Mar 2025 03:20:59 GMT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-goog-stored-content-length: 46393
x-cache: HIT, HIT
date: Mon, 24 Mar 2025 12:55:40 GMT
last-modified: Thu, 12 Dec 2024 05:32:33 GMT
content-type: application/javascript; charset=UTF-8
x-served-by: cache-tyo11968-TYO, cache-lga21940-LGA
x-cache-hits: 308, 0
x-guploader-uploadid: AKDAyItGzjf3YcOIf0uq9n4prQHBFE8cdZGAdbHvIPTJmAs9PyRx90c4Bd54AU9TSDfOC6Re
strict-transport-security: max-age=31557600
vary: Accept-Encoding
cache-control: max-age=1200
x-goog-storage-class: STANDARD
x-timer: S1742820941.658202,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1733981553094287
content-length: 46393
server: UploadServer

GET
H2 200 pixel.js Show response
storage.reurl.cc/javascripts/ 429 B
530 B 16ms
13ms Script
text/javascript 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/javascripts/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: 91adb3f6-7e06-4b4a-b9fd-10be5b1662a2
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
age: 13809
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 429
date: Mon, 24 Mar 2025 09:05:31 GMT
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/javascript; charset=utf-8
vary: Origin

GET
H2 200 ga2.js Show response
storage.reurl.cc/javascripts/ 536 B
631 B 67ms
64ms Script
text/javascript 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/javascripts/ga2.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: 27997e94-ed89-4f50-9511-18febd13ced1
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
age: 12381
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 536
date: Mon, 24 Mar 2025 09:29:19 GMT
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/javascript; charset=utf-8
vary: Origin

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 356 KB
119 KB 87ms
41ms Script
application/javascript 172.253.62.97
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

71b61a813bd27dd2b39f517f7f20e157c4dac2045125b63b8e9a1fb2befdbedf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires: Mon, 24 Mar 2025 12:55:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
content-length: 121121
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 437 KB
141 KB 99ms
54ms Script
application/javascript 172.253.62.97
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

974af83638132aad9897e4f0a0ac0bf03e838231d0d627ee5891c8504e79857a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires: Mon, 24 Mar 2025 12:55:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
content-length: 144224
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 106 KB
33 KB 70ms
36ms Script
text/javascript 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

f54417dc932e3e432d8c4730b204456d1e76ebe29e93afe191bb5888f62c9da5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 429 / 20171 / m202503180101 / config-hash: 136281761097716162
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33537
x-xss-protection: 0
server: cafe

GET
H2 200 wrapper.min.js Show response
cpt.geniee.jp/hb/v1/219632/1441/ 12 KB
4 KB 862ms
406ms Script
application/javascript 203.137.133.153
IDCF IDC Frontier...

General

Check archive.org

Download Go to

Full URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 203.137.133.153 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 234c0c89b9e2409fbb4ebb449993aa93c347b2cf57925e8cb0ee5c751ea3dc46

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=3600, private
content-encoding: gzip
etag: W/"67e10108-2f10"
cross-origin-resource-policy: cross-origin
expires: Mon, 24 Mar 2025 13:55:41 GMT
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: application/javascript
last-modified: Mon, 24 Mar 2025 06:51:52 GMT
server: nginx

GET
H2 200 ad-serv.min.js Show response
ad-specs.guoshipartners.com/static/js/ 50 KB
16 KB 702ms
137ms Script
application/javascript 168.95.245.1
CHTCDN Data Commu...

General

Check archive.org

Download Go to

Full URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 168.95.245.1 Palo Alto, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS: 168-95-245-1.hinet-ip.hinet.net
Software: HiNetCDN / OneAD
Resource Hash: 8aad7f034c2e39ee145189b327d6b1df64240486e08c7eba41d399e7e72797a6

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: W/"67dbbf75-c7b9"
age: 0
x-varnish: 79110905
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 20 Mar 2025 07:10:45 GMT
cache-control: public, max-age=360
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-powered-by: OneAD
server: HiNetCDN

GET
H2 200 onead-lib.min.js Show response
ad-specs.guoshipartners.com/static/js/ 24 KB
7 KB 766ms
201ms Script
application/javascript 168.95.245.1
CHTCDN Data Commu...

General

Check archive.org

Download Go to

Full URL: https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 168.95.245.1 Palo Alto, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS: 168-95-245-1.hinet-ip.hinet.net
Software: HiNetCDN / OneAD
Resource Hash: 1bf41ca1364230ce3a9cbbac1110ff4d7d287a9f978fa74297aa30117c4da9c0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: W/"67b5a55f-6100"
age: 0
x-varnish: 107515587
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 19 Feb 2025 09:33:19 GMT
cache-control: public, max-age=360
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-powered-by: OneAD
server: HiNetCDN

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 84 KB
33 KB 53ms
19ms Script
application/javascript 151.101.1.229
FASTLY

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
age: 887695
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230020-FRA, cache-ewr-kewr1740027-EWR
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33184
x-jsd-version: 2.5.16

GET
H2 200 renews.js Show response
storage.reurl.cc/javascripts/ 404 B
401 B 79ms
21ms Script
text/javascript 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/javascripts/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: d703b555-1a73-4ec3-80b8-040ed7d15f57
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
age: 25104
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 05:57:16 GMT
last-modified: Tue, 09 Jul 2024 09:45:35 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=28800
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 282

GET
H2 200 loading.js Show response
storage.reurl.cc/javascripts/ 134 B
253 B 78ms
21ms Script
text/javascript 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/javascripts/loading.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: e63faf80-ff73-481a-a12c-d83647d1f96d
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
age: 23871
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 06:17:49 GMT
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=28800
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 134

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 242 KB
62 KB 43ms
18ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/pixel.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

7b02340f2dc45840d3c378e8585638242965427824cfae847cda7f486176c359

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;script-src 'nonce-UJCxQDiL' .facebook.com .fbcdn.net .facebook.net blob: data: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com .cdninstagram.com;font-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;img-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;media-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;child-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;frame-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;manifest-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;object-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;worker-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;script-src 'nonce-UJCxQDiL' *.facebook.com *.fbcdn.net *.facebook.net blob: data: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com *.cdninstagram.com;font-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;img-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;media-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;child-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;frame-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;manifest-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;object-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;worker-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=15, rtx=0, c=23, mss=1232, tbw=4597, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: jbw9dtA4RGOZuTlnEPE/qCpwoBX112nV+ecUmJFeJfQsfDJgWx9SdB4bPfhi8/CKzN3IolkvLcKzC4tvTiugbA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
content-length: 63126
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 96ms
22ms Script
text/javascript 142.251.167.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/ga2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.113 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
age: 3800
report-to: {"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 13:52:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 11:52:20 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:225:0
content-length: 20994
server: Golfe2

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/ 524 KB
164 KB 18ms
16ms Script
text/javascript 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

24c55f7fd45388e8a6c4fb7fc8bdae53992181227bb8f77f1d4dc04be9f15556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 8549058430066818552
age: 3433
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 11:58:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 11:58:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 168179
x-xss-protection: 0
server: cafe

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/ 63 KB
23 KB 21ms
19ms Other
text/plain 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/gpt

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

724bf9b6cead6b42a8435c2dd63959f95a2868fc29d0c19f44b7f26c83a18cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 6636832657936373745
age: 80682
x-content-type-options: nosniff
expires: Sun, 30 Mar 2025 14:30:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Sun, 23 Mar 2025 14:30:58 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23172
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202503200101"

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 28ms
23ms Fetch
text/plain 142.251.167.113
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je53j1h1v9181474282za200&_p=1742820940709&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109&cid=1923222759.1742820941&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1742820940&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=968
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.167.113 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ww-in-f113.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:87:0
report-to: {"group":"ascnsrsggc:87:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:87:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:87:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 437 KB
141 KB 93ms
87ms Script
application/javascript 172.253.62.97
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0&l=dataLayer&cx=c&gtm=45je53j1h1v9181474282za200&tag_exp=102482433~102788824~102803279~102813109

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

bb2623d5302c13b0fa5e883b167d941279852cb50118493533062becdaace7f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires: Mon, 24 Mar 2025 12:55:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
content-length: 144250
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 81 KB
18 KB 221ms
220ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.189&r=stable&domain=reurl.cc&hme=c1f2cecb0bd2e60711f2156ceae0254b57f69ec526dbc6c13633615b2168eda4&ex_m=71%2C124%2C109%2C113%2C62%2C4%2C102%2C70%2C16%2C98%2C90%2C51%2C55%2C178%2C181%2C193%2C189%2C190%2C192%2C29%2C103%2C53%2C78%2C191%2C173%2C176%2C186%2C187%2C194%2C135%2C41%2C199%2C196%2C197%2C34%2C148%2C15%2C50%2C203%2C202%2C137%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C110%2C52%2C112%2C39%2C111%2C30%2C95%2C26%2C174%2C177%2C145%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C104%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C106%2C105%2C107%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C2%2C36%2C64%2C42%2C108%2C45%2C80%2C69%2C114%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C101%2C115

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

466b4a6c2c47478a104f80a757d2c06af42c6adfec939b18e7990bc1f6fa5460

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-ooG8oGhE' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-ooG8oGhE' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=79, mss=1232, tbw=72970, tp=70, tpl=0, uplat=203, ullat=0
pragma: public
x-fb-debug: 0hMmLfGhiqrkbKLDM105+q6pYIfJAIbCMLIvZlSAQkh2f2Kal/ancq4yreByg5UAyWvBq9EW/YNmXS9o9G2aEw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 204 collect
analytics.google.com/g/ 0
0 124ms
72ms Fetch
text/plain 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je53j1v897965293za200zb9181474282&_p=1742820940709&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109&cid=1923222759.1742820941&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1742820940&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1053
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f113.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
report-to: {"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:137:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
552 B 128ms
75ms Ping
text/plain 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N394QBRGC0&cid=1923222759.1742820941&gtm=45je53j1v897965293za200zb9181474282&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=102482433~102788824~102803279~102813109
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bc-in-f157.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:112:0
report-to: {"group":"ascnsrsggc:112:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:112:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:112:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 54CE 0
0 107ms
72ms Document
text/html 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=1923222759.1742820941&gtm=45je53j1v897965293za200zb9181474282&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102788824~102803279~102813109&z=391736354

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:41 GMT
expires: Mon, 24 Mar 2025 12:55:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 128002626 Show response
fundingchoicesmessages.google.com/i/ 196 KB
64 KB 60ms
53ms Script
application/javascript 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/128002626?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

34b9dedc33c291dd905b40f25686445d6805a941b54874fc0a074c90801772b3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gL0JL6C7gDHjeEL4EIVP5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw0pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFuDnOrmndzyYwYVKvjpJGUn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUbyRgZGpgbGRgZ6BUXyBAQC9NyrB"
content-security-policy: script-src 'report-sample' 'nonce-gL0JL6C7gDHjeEL4EIVP5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

POST
H3 200 collect Show response
www.google-analytics.com/j/ 3 B
26 B 25ms
25ms XHR
text/plain 142.251.167.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1217853779&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FXqAx30&ul=en-us&de=UTF-8&dt=Dynamics%20365%20Customer%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IADAAEABAAAAACAAI~&jid=400651373&gjid=272820382&cid=1923222759.1742820941&tid=UA-102456694-1&_gid=1835144211.1742820941&_r=1&_slc=1&z=347550845

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.113 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

report-to: {"group":"ascnsrsgac:175:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:41 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:175:0
content-length: 3
server: Golfe2

GET
H3 200 collect
www.google-analytics.com/ 35 B
58 B 18ms
18ms Image
image/gif 142.251.167.113
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1217853779&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FXqAx30&ul=en-us&de=UTF-8&dt=Dynamics%20365%20Customer%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=3&el=MTUxLjI0My4xNDEuNDI&ev=1&_u=IADAAEABAAAAACAAI~&jid=&gjid=&cid=1923222759.1742820941&tid=UA-102456694-1&_gid=1835144211.1742820941&z=1511826587

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.113 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

age: 66625
report-to: {"group":"ascnsrsgac:163:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 23 Mar 2025 18:25:16 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:163:0
content-length: 35
server: Golfe2

GET
H2 200 AGSKWxVrDo1C0WaVdsZM58WQ4zXgNt7j8N6BONy88krOXUVAiLtCo4knXkSFbJNEygvsakmU6LIJW4KGDz1r4pL2v3Sd235pu5JO7D09tEp6vecmredYflvZs5OEd9mkZGoK2XTA1ufvXw== Show response
fundingchoicesmessages.google.com/f/ 2 KB
2 KB 50ms
49ms Script
application/javascript 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVrDo1C0WaVdsZM58WQ4zXgNt7j8N6BONy88krOXUVAiLtCo4knXkSFbJNEygvsakmU6LIJW4KGDz1r4pL2v3Sd235pu5JO7D09tEp6vecmredYflvZs5OEd9mkZGoK2XTA1ufvXw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyODIwOTQxLDE4MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLG51bGwsW1s4LCJEbFctTC0zS0pyTSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.DlW-L-3KJrM.es5.O/d=1/rs=AJlcJMyHfBuFMSM37TeF1dE1vzw9gpOtNA/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

428b4d763209c5b65c1c05f915dde026fbd233486fa2e9554ad1c0131dd336b6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-prCptIWAjKSQPnKVVQctMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw0pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFuDnOrmndzyYw48nCNCWNpPzC-OT8vJKizKTSkvyitOS01OLUorLUongjAyNTA2MjAz0Do_gCAwDaPytp"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-prCptIWAjKSQPnKVVQctMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame A19E 0
0 68ms
17ms Document
text/html 172.253.115.156
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 2595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 28720
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:12:26 GMT
expires: Mon, 24 Mar 2025 13:02:26 GMT
last-modified: Mon, 17 Mar 2025 19:42:52 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 81ms
16ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag: "df5542b88bc0e368c6999754a5b9e2ba"
age: 206044
x-goog-stored-content-encoding: gzip
expires: Sun, 22 Mar 2026 03:41:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 7927
date: Sat, 22 Mar 2025 03:41:37 GMT
last-modified: Thu, 27 May 2021 18:30:51 GMT
content-type: application/javascript
x-guploader-uploadid: AKDAyIubjrGGNcKZxA_9DTKSBxKddJhKgQKxQNwGYaFk9fhVfCU8bTQYR4sG3gh52fJx-zOF
cache-control: no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1622140251693895
content-length: 7927
server: UploadServer

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 3 KB
3 KB 159ms
104ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: 861bdaf24bda5c0db45c6ebe1c94a9eb
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2729
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 05 Feb 2025 14:45:21 GMT
server: Google Frontend
x-cloud-trace-context: 66301d507a48e962b99deaf7d0397329

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 100ms
31ms Script
text/javascript 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"67c8043f-a641"
cross-origin-resource-policy: cross-origin
expires: Tue, 25 Mar 2025 12:55:41 GMT
access-control-allow-origin: *
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: text/javascript
last-modified: Wed, 05 Mar 2025 07:58:55 GMT
server: nginx

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 17 KB
7 KB 88ms
23ms Script
application/javascript 104.18.28.101
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: public, max-age=259200
content-encoding: gzip
cf-cache-status: HIT
etag: W/"678fc4ec-4599"
age: 272478
cf-ray: 92565302ff00424f-EWR
expires: Thu, 27 Mar 2025 12:55:41 GMT
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: application/javascript
last-modified: Tue, 21 Jan 2025 16:01:48 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 184 KB
14 KB 1200ms
1199ms Fetch
text/plain 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3735408822166826&correlator=3087191957657292&eid=31090593%2C83321073%2C95347486&output=ldjh&gdfp_req=1&vrg=202503180101&ptt=17&impl=fifs&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C13848%2C18535%2C13856%2C13860%2C14209%2C14210&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7&prev_iu_szs=300x250%2C1x1%7C320x480%2C300x250%2C300x250%2C1x1%7C320x50%7C300x100%7C320x100%2C300x250&ifi=1&didk=3663017418~954026992~3220679602~2335188262~1073006158~4279657583&dids=div-gpt-ad-1692339097859-0~div-gpt-ad-1706005027566-0~div-gpt-ad-1682415009667-0~div-gpt-ad-1682415043506-0~div-gpt-ad-1683598631228-0~div-gpt-ad-1683598657711-0&adfs=916259745~~2578326023~~~2287716272&sfv=1-0-41&sc=1&cookie_enabled=1&abxe=1&dt=1742820941207&lmt=1742820941&adxs=1005%2C-9%2C245%2C-9%2C-9%2C625&adys=171%2C-9%2C171%2C-9%2C-9%2C171&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C-1%7C0%7C-1%7C-1%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=380x250%7C0x-1%7C380x250%7C0x-1%7C0x-1%7C380x250&msz=350x250%7C0x-1%7C350x250%7C0x-1%7C0x-1%7C350x250&fws=0%2C2%2C0%2C2%2C2%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742820940609&idt=397&cust_params=url%3D%252FXqAx30%26ref%3Dnull&adks=1451399479%2C4066066610%2C827794272%2C3475397127%2C3271617715%2C3242553145&frm=20&eoidce=1&td=1&egid=44937&tdf=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

4c5af1acfdbf1968462d6274d8e2f3c7f8eb9709b425239cf8560b08d9e13638

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: dcb
google-lineitem-id: 6424070779,6405456366,6690069789,-2,6499557592,6499556608
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2,-2,-2,-2,-2,-2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: 138456634296,138452341869,138468304473,-2,138462658624,138462658495
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 14601
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
400 B 144ms
143ms Fetch
text/plain 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3735408822166826&correlator=3087191957657292&eid=31090593%2C83321073%2C95347486&output=ldjh&gdfp_req=1&vrg=202503180101&ptt=17&impl=fifs&gdpr=0&iu_parts=21787810958%2CTW_reurl.cc_res_all_truvid_1x1%2CTW_reurl.cc_res_allsite_top_avs&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%7C336x280%7C1x1%2C1x1&ifi=7&didk=3347717449~2825456951&dids=ats-slider-10~ats-insert_ads-8&adfs=948047239~3992581161&sfv=1-0-41&sc=1&cookie_enabled=1&abxe=1&dt=1742820941219&lmt=1742820941&adxs=15%2C800&adys=33%2C171&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=7%7C8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=1570x0%7C1600x0&msz=1570x0%7C1600x0&fws=0%2C0&ohw=0%2C0&topics=9&tps=9&htps=10&a3p=Eh0KDmVzcC5jcml0ZW8uY29tGJK75MHcMkgAUgIIZBIbCgwzM2Fjcm9zcy5jb20YkrvkwdwySABSAghkEhcKCHJ0YmhvdXNlGJK75MHcMkgAUgIIZBIUCgVvcGVueBiSu-TB3DJIAFICCGQ.&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742820940609&idt=397&cust_params=url%3D%252FXqAx30%26ref%3Dnull&adks=3936558959%2C940499867&frm=20&eoidce=1&td=1&egid=44937&tdf=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

1a86be36dc7c2e38ceda87849f8d7d26e7dcd24336a12aba1d43eec97a17d6c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: dcb
google-lineitem-id: -2,-2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2,-2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2,-2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 368
x-xss-protection: 0
server: cafe

GET container.html
1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 041E 0
0

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 839ms
21ms Image
text/plain 157.240.229.35
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742820941258&sw=1600&sh=1200&v=2.9.189&r=stable&ec=0&o=4252&fbp=fb.1.1742820941253.98546902425466842&cs_est=true&pm=1&hrl=d962bb&ler=empty&cdl=API_unavailable&it=1742820940922&coo=false&cs_cc=1&exp=k0&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=23, mss=1232, tbw=4921, tp=15, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
198 B 956ms
139ms Image
image/png 157.240.229.35
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742820941258&sw=1600&sh=1200&v=2.9.189&r=stable&ec=0&o=4252&fbp=fb.1.1742820941253.98546902425466842&cs_est=true&pm=1&hrl=d962bb&ler=empty&cdl=API_unavailable&it=1742820940922&coo=false&cs_cc=1&exp=k0&rqm=FGET

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-SdsQ995K' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7485358950617344433&cpp=C3&cv=1021181347&st=1742820942103"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7485358950617344433&cpp=C3&cv=1021181347&st=1742820942103", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-SdsQ995K' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: CPeRe3WYrKWUfUwSiD6zfRAbQIAFQF483mNaYLEQ0TfLrxJ0BcWHXoHazFcMnwTTCAIcqowm7FBZFotoDTWmsA==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=24, mss=1232, tbw=5289, tp=18, tpl=0, uplat=118, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 AGSKWxWWJZYvxtA0xnDAvNiGFGn11WAW7rrBiIEi0i3GPE3zH6_zTgd07ROYNAEaZNhiE4qCz9Gzy-jQjUS8Pz_bMBO2PzopRhQBMCnlLnn-KhiKlf_8KarA-ntWAr1y-i27QH4fype2Pg== Show response
fundingchoicesmessages.google.com/f/ 10 KB
4 KB 46ms
46ms Script
application/javascript 172.253.122.101
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWWJZYvxtA0xnDAvNiGFGn11WAW7rrBiIEi0i3GPE3zH6_zTgd07ROYNAEaZNhiE4qCz9Gzy-jQjUS8Pz_bMBO2PzopRhQBMCnlLnn-KhiKlf_8KarA-ntWAr1y-i27QH4fype2Pg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyODIwOTQxLDI5NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcmV1cmwuY2MvWHFBeDMwIixudWxsLFtbOCwiRGxXLUwtM0tKck0iXSxbOSwiZW4tVVMiXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwiIl0sWzI5LCJmYWxzZSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

ESF /

Resource Hash

93040fe62b73694ff9fdd8fe5c4c8818e8d96a692dc25eb4177afda44f17be13

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-d7EKJSwlCphmLlNC0WpJag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmII0JBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDjOrmndzyZwo3PTbEYljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjUwNjIwM9A6P4AgMABTMrpA"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-d7EKJSwlCphmLlNC0WpJag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 syncframe
gum.criteo.com/ Frame C4CE 0
0 134ms
25ms Document
text/html 74.119.117.17
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.17 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

cache-control: private, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:41 GMT
server: Kestrel
server-processing-duration-in-ticks: 365611
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H2 200 oid Show response
onead.onevision.com.tw/v2/et/ 371 B
979 B 891ms
194ms Script
application/javascript 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://onead.onevision.com.tw/v2/et/oid?cb=window.text_etag_callback_mlm0
Requested by: Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: a9bd7d8be3fc5672b4bc407076ca1291d5e47ef073d1244f0c55bb5703223150

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
etag: 4b29c542-08af-11f0-a254-0242ac120002
age: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 309002863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: application/javascript
last-modified: Mon, 24 Mar 2025 12:55:42 GMT
cache-control: max-age=600
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 371
x-onead-backend: onead-http-event-csbv-gohttp
server: gws
x-powered-by: OneAD

GET
H3 200 page.php
www.facebook.com/plugins/ Frame EB54 0
0 169ms
109ms Document
text/html 157.240.229.35
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-L52P6J4n' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-L52P6J4n' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:42 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
priority: u=0,i
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7485358948677243805&cpp=C3&cv=1021181347&st=1742820942103"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7485358948677243805&cpp=C3&cv=1021181347&st=1742820942103", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=15, rtx=0, c=23, mss=1232, tbw=4654, tp=10, tpl=0, uplat=92, ullat=0
x-fb-debug: aB9HsA7fw/jwb1/REFsD2TNeaJfyIvBy7c1sm8iUJT3ZiuiSykh452M5Y9l8PR9/jniOi/EtvuKL6b1oSGZrgA==
x-xss-protection: 0

GET
H3 200 container.html
1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame E5EF 0
0 46ms
29ms Document
text/html 172.253.122.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3024
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:42 GMT
expires: Mon, 24 Mar 2025 12:55:42 GMT
last-modified: Thu, 30 Jan 2025 19:28:58 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 feeds Show response
re-news.tw/ 6 KB
7 KB 672ms
17ms XHR
text/html 34.160.26.175
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://re-news.tw/feeds
Requested by: Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 175.26.160.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 2dc74ece4c0c5336b68860806e82e273e51c9ea0e15ff85462cffc975f6dbd4a

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: public,max-age=3600
etag: W/"198d-x6H3eYWPm6Pr0efcMQRUKuKmZuc"
age: 1659
via: 1.1 google
access-control-allow-origin: https://reurl.cc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6541
date: Mon, 24 Mar 2025 12:28:03 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
vary: Origin

GET
H2 200 yads-async.js Show response
yads.c.yimg.jp/js/ 210 KB
58 KB 870ms
356ms Script
text/javascript 183.79.219.124
YAHOO-JP-AS-AP Ya...

General

Check archive.org

Download Go to

Full URL

https://yads.c.yimg.jp/js/yads-async.js

Requested by

Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

183.79.219.124 , Japan, ASN24572 (YAHOO-JP-AS-AP Yahoo Japan, JP),

Reverse DNS

Software

Resource Hash

e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
etag: "fad34f610280b86070657d734b70d7bc"
age: 598
x-content-type-options: nosniff
date: Mon, 24 Mar 2025 12:45:44 GMT
content-type: text/javascript
last-modified: Tue, 18 Mar 2025 07:38:42 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cache-control: public, max-age=600, stale-while-revalidate=1200
accept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
ats-carp-promotion: 1
x-amz-request-id: e40605b2-8b7c-44ed-adea-6e18ef73d63a
permissions-policy: ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
accept-ranges: bytes
content-length: 58654
x-xss-protection: 1; mode=block
x-amz-server-side-encryption: AES256

GET
H2 200 gnshbrequest-v4.23.3.js Show response
cpt.geniee.jp/hb/v1/lib/ 181 KB
66 KB 391ms
390ms Script
application/javascript 203.137.133.153
IDCF IDC Frontier...

General

Check archive.org

Download Go to

Full URL: https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Requested by: Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 203.137.133.153 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=86400, private
content-encoding: gzip
etag: W/"67d140eb-2d3d7"
cross-origin-resource-policy: cross-origin
expires: Tue, 25 Mar 2025 12:55:41 GMT
date: Mon, 24 Mar 2025 12:55:41 GMT
content-type: application/javascript
last-modified: Wed, 12 Mar 2025 08:08:11 GMT
server: nginx

GET
H3 200 renews-title1.png
re-news.tw/images/ 24 KB
24 KB 34ms
12ms Image
image/png 34.160.26.175
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://re-news.tw/images/renews-title1.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 175.26.160.34.bc.googleusercontent.com
Software: / Express
Resource Hash: e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: public,max-age=3600
etag: W/"5fad-191b5b37a20"
age: 658
via: 1.1 google
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24493
date: Mon, 24 Mar 2025 12:44:44 GMT
last-modified: Tue, 03 Sep 2024 02:25:24 GMT
x-powered-by: Express
content-type: image/png

GET
H2 200 %E5%8F%B0%E7%81%A3-Pay-%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6%E8%88%87%E6%8C%87%E5%AE%9A%E9%80%9A%E8%B7%AF%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2020/10/ 65 KB
65 KB 978ms
11ms Image
image/webp 192.0.78.25
AUTOMATTIC

General

Check archive.org

Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2020/10/%E5%8F%B0%E7%81%A3-Pay-%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6%E8%88%87%E6%8C%87%E5%AE%9A%E9%80%9A%E8%B7%AF%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4-1080x630.jpg?crop=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

92f9f001e9f335dc3ba11338e516af016b641679e9195f7aeb9a753b05ee750a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "251aef38d12d2b34"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Wed, 03 Mar 2027 02:56:22 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 24 Mar 2025 12:55:43 GMT
content-type: image/webp
last-modified: Sun, 02 Mar 2025 14:56:22 GMT
vary: Accept
strict-transport-security: max-age=31536000
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT bur 7
access-control-allow-origin: *
content-length: 66404
x-ac: 2.jfk _atomic_dca HIT
server: nginx

GET
H3 200 1742800023-1384b5e7572f24a117a0ac78b2d642f2-840x525.jpg
img.gbyhn.com.tw/2025/03/ 66 KB
67 KB 359ms
18ms Image
image/jpeg 172.67.150.31
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://img.gbyhn.com.tw/2025/03/1742800023-1384b5e7572f24a117a0ac78b2d642f2-840x525.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.150.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 395afb1491e62cb0666325882b2d9ffd6258f76bc2da4f8c163e0b484d82927e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cf-cache-status: HIT
age: 18597
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9mF%2F7b8G4OKNi91PoXk3VWmjHedaoJ5oqD5eC5Jnc8S8xMBtGkh%2Bwtd5nIUC6fSDd2xEXqZAxL3WKv8wabJZWY1rde01NjVFX%2F9u%2FH2VzAyq0b%2Ba9d6lSEfgffTbi%2BLcFl41"}],"group":"cf-nel","max_age":604800}
expires: Mon, 31 Mar 2025 07:08:29 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=12616&min_rtt=12600&rtt_var=4757&sent=12&recv=8&lost=0&retrans=0&sent_bytes=4189&recv_bytes=4436&delivery_rate=208001&cwnd=12000&unsent_bytes=0&cid=83a6509c509972e7&ts=93&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: image/jpeg
last-modified: Mon, 24 Mar 2025 07:07:03 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 9256530a6a7e1dcc-EWR
accept-ranges: bytes
content-length: 67916
x-turbo-charged-by: LiteSpeed
server: cloudflare

GET
H2 200 2025032402565924.jpg
img.racingcharger.tw/wp-content/uploads/ 152 KB
152 KB 1544ms
612ms Image
image/jpeg 103.1.220.9
YUANJHEN-AS-TW Yu...

General

Check archive.org

Download Go to Show image

Full URL: https://img.racingcharger.tw/wp-content/uploads/2025032402565924.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.1.220.9 , Taiwan, ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW),
Reverse DNS: ph2.g-dns.com
Software: Apache /
Resource Hash: 95634eb651772e9ecc489c8a2e12cccb71cd06089ae3f03f8dab3654ce669c8c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

accept-ranges: bytes
content-length: 155748
date: Mon, 24 Mar 2025 12:55:42 GMT
last-modified: Mon, 24 Mar 2025 02:57:04 GMT
content-type: image/jpeg
server: Apache

GET
H2 200 Evolve_Logo.jpg
mma.prnasia.com/media2/2647258/5228549/ 22 KB
23 KB 92ms
33ms Image
image/jpeg 104.18.95.225
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://mma.prnasia.com/media2/2647258/5228549/Evolve_Logo.jpg?p=medium600
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.18.95.225 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 57250b21405f09290d1577382611d5179da12bfcbd1257289e9c96e9dd8b6116

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cf-bgj: h2pri
cf-cache-status: HIT
age: 44421
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 24 Mar 2025 00:35:22 GMT
server-timing: intid;desc=d57476eaa2c23b48
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: image/jpeg
last-modified: Mon, 24 Mar 2025 00:35:21 GMT
vary: *, Accept-Encoding
access-control-allow-headers: Content-Type
cache-control: public, max-age=1
cf-ray: 92565308ae4349c1-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 22634
x-powered-by: ASP.NET
server: cloudflare

GET
H2 200 1f449.png
s.w.org/images/core/emoji/15.0.3/72x72/ 423 B
731 B 102ms
59ms Image
image/png 192.0.77.48
AUTOMATTIC

General

Check archive.org

Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/15.0.3/72x72/1f449.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=315360000
x-nc: HIT jfk 2
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 423
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: image/png
last-modified: Tue, 30 Jan 2024 01:21:05 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 file.png
static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 1010 KB
1011 KB 729ms
162ms Image
image/png 3.161.213.25
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-25.yul62.r.cloudfront.net
Software: openresty/1.27.1.1 /
Resource Hash: 76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-cf-id: PV7_mAzud0j0XL0AOJvgHigB37nnatKJTC_25P_67LtHVcfhO--JVQ==
cache-control: public, max-age=15552000, immutable
timing-allow-origin: *
age: 5790824
via: 1.1 google, 1.1 fbdc01f132101cb05310363b09502a86.cloudfront.net (CloudFront)
x-wixmp-trace: projects/wix-media-infrastructure/traces/2ri7cBp46xWd33dO3u9uPvVzHvF
access-control-allow-origin: *
x-seen-by: image-manipulator-79c6fd85fd-gsnqc
content-length: 1033732
alt-svc: h3=":443"; ma=86400
date: Thu, 16 Jan 2025 12:21:58 GMT
content-type: image/png
x-cache: Hit from cloudfront
server: openresty/1.27.1.1
x-amz-cf-pop: YUL62-P1

GET %E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
blog.alphaloan.co/wp-content/uploads/2021/04/ 0
0

GET
H2 200 adsrv Show response
onead.onevision.com.tw/v2/ 174 B
459 B 206ms
200ms Script
application/javascript 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://onead.onevision.com.tw/v2/adsrv?version=20240208&uid=1000480&category=-1&cookie=true&ip=&guid=4b29c54c-08af-11f0-a254-0242ac120002&channel=0&volume=0.5&r=&adid=&response_freq_multiple=native-drive.0&web_location=https%3A%2F%2Freurl.cc%2FXqAx30&title=Dynamics%20365%20Customer%20Voice&fp=04c6d3e15a52f9e0d5fe2d47f4a29cde&_t=1742820942282&cb=ONEAD_text_response_mlm0&pb=0&spid=&bgid=0
Requested by: Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: ddd47146e422eade725fde4598b99c5de853959bf5e5882dfe916038be7b56fa

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
age: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 68191147
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-onead-guid: 4b29c54c-08af-11f0-a254-0242ac120002
access-control-allow-credentials: true
x-onead-message: browser_incompatible
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 174
x-onead-backend: onead-http-query-4x0s-gohttp
server: gws
x-powered-by: OneAD

GET
H2 200 policy-check Show response
cpt.geniee.jp/hb/v1/ 12 B
162 B 879ms
455ms XHR
application/json 203.137.133.153
IDCF IDC Frontier...

General

Check archive.org

Download Go to

Full URL: https://cpt.geniee.jp/hb/v1/policy-check?loc=https%3A%2F%2Freurl.cc%2FXqAx30&list_id=mid-219632&gam_id=gam-424536528%2Cgam-0
Requested by: Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 203.137.133.153 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: *
cache-control: max-age=10800, private
content-length: 12
date: Mon, 24 Mar 2025 12:55:43 GMT
content-type: application/json
server: nginx
cross-origin-resource-policy: cross-origin

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2910 0
0 54ms
53ms Fetch
image/gif 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstTs5ygH7sWs1L0EcIZPVIQ58Nf6HbQnMsr4fNzz9eP88koLQ2AxrPxCFPKkn4OAkD5fy8Y9X1YuVH99kGwegSsv1TCZ0Qt7f_7C88sTF2IgVURCUDJdGiNhuYcWA3p9IJ7qK1-3pM-gWVwxbBR40MiE8nYCAletWjM9E4_DMmePszTmdypuIPFTMKepq2JFMzLVt_iydm-O6ccI8o1R1Ugy1R722X5H_p7bmW1_gNHiScF2a451JxkOifOR6IusIu8Qxru_4wgyjBxcbaXSAIXaeqwrhBays71kIKFr-V5WyxIXrElcIvRriLKEbyemortZyFgygl_aHxepHK7CPBXDLNw4Tkbprr3sLrgw2LekKe5_v09_Y_s2_Z9cQZLDZFFQi7QpxwV61IlG-pvwIHEpW1Pp0yG3f-9DfucUPQzxCHL7oIHZMEyDVI&sai=AMfl-YSX9-mRcSe6M3dBcFOhuToYUmZIoj9WZE8Qkl4nwW80kqHaLTmUn7I4Pai1J23m2x64VX4VPtIDxPNsXd428K2TxH2FYhVcjkq1RWrD9RE7lOwQVATpqp4Da435&sig=Cg0ArKJSzDjpoLG9sEA4EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 24 Mar 2025 12:55:42 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H/1.1 200
OK cf_reurl_tw_gam.js Show response
api.popin.cc/searchbox/ Frame 2910 129 KB
37 KB 1103ms
523ms Script
text/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Download Go to

Full URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Content-Encoding: gzip
ETag: W/"84c303c8957ac66aa38f2a88e2291b99"
x-amz-version-id: u2A0lYWFB7No0ZP_ZBKUcX5kfrhgSMHf
Expires: Mon, 24 Mar 2025 13:55:43 GMT
Date: Mon, 24 Mar 2025 12:55:43 GMT
Last-Modified: Wed, 19 Mar 2025 07:07:58 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Transfer-Encoding: chunked
X-Cache-Status: HIT from 10.252.55.25
x-amz-replication-status: PENDING
Cache-Control: max-age=3600
Timing-Allow-Origin: *
Connection: keep-alive
Cross-Origin-Resource-Policy: cross-origin
Server: nginx
x-amz-server-side-encryption: AES256

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 2910 218 KB
67 KB 76ms
22ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

93155c81b70401839a5573d0374b8a2fa72bf0f9796249368674301b787f3782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 8765629121096803701
age: 3284
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 13:00:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 24 Mar 2025 12:00:58 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68860
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3977 0
0 46ms
43ms Fetch
image/gif 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv8QXN8AVcJA_LR4M8bPbRa_BFZqu5URlIyWjYNaRM07R8nXI9MRh6sd9oO5RoO8Wemy8Wbi7RsAkwGBFuTSU0Mo6N5OOp4UZIa3cT79c2F4ED70evDKSCkrrIXgiadqPllg8L4dboa2pzlknr_GoSU6OdF9rJGVskrO_WwhCunFk_iQcA7sIef3Ppv3fUiA55mwnNSuD8jh8QMIoYJd8KNmPGFLWm-NPBhVomevjScp1rV1eRSnUWRmOFYsj43xLeRisSHIRoiuHIVjLei5kMVIEr5hdRZaJMP65V9ARyVeh4s4aqz6lmNcLAFRh5NnNHBZC7Sf_99PpEM1d5MP7bPwUQBr1R5JMI1yJuzxNlgWi_bCp7TOe8dWUx5tknaG7MK5M4lPwyj9SI3MBUawA0b-dCOE87Nhx109fY-w7BxXPkWo-OroAAEl3I&sai=AMfl-YTOOX2uNej4oOVwEutk7aRlREcMRs-BzrivQFppTKhO57VPEybIJ6tkCXkAHDkcga0vWE0XuGyxfUkXwYTxAK1jKPngGZufsLVC6kS09usUX-j1vrS2Vf517wcP&sig=Cg0ArKJSzEYfpGkryAj8EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 24 Mar 2025 12:55:42 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 3977 40 KB
15 KB 91ms
46ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

1bb712cb8e9095116e97f89243ae164313e4d8d88eb1571662c0ed31c73dbefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 13859487614377592041
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 15141
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 3977 218 KB
0 81ms
81ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

93155c81b70401839a5573d0374b8a2fa72bf0f9796249368674301b787f3782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 8765629121096803701
age: 3284
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 13:00:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 24 Mar 2025 12:00:58 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68860
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2319 0
0 45ms
37ms Fetch
image/gif 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuJMyFC6ucrc7UQxjJ0p2IphklYcZqS9xEAjhLUg7D_54cIsgXlZrER6wCZdr28_qYcTNgxRD64tPsNq38ArDlcaUNPRbwDFAGRuifAkKu0wamOWOhBRgA24J7SxINkGZ3NZsd66elPERBtW6FauI0U6ZEU1m54kmtkCDQr8GfVkOEGquT3YnINPsI2glbMfjf8-CJ-L7I6heYQGpMf6MUaC5jBrNix8fA_Nyxc6KvFTmXAjIvYTo8FmEKU617xucP6Ys7TNeswivJ-LnNOHxjGtb46G4Wk9wDYl6FgW_wWQFuhfjJoRMOQc7pVRes_WOUyoDTnJrYIBTZd-SDhnmp6IqxlTaTEN3Co4th8QCsWxJny0l0ZcaewvbXwFO865tsRAH0RyfZAfjr0iDXj0uguETAX5MCtBxGhv6SS_uJXExwpu79ERscz64kb_jHeCof5&sai=AMfl-YRRk-ZCJhEQaTMNRqjpnKMzhbm9iyN_5u-3DoNsZaizr2DtfXkOfQDXXaTG2vtrtUH4TmtsENLrgUdycL0OQEcDtxi1FCUgqlxdXKc1N1czNJDIPZXIzrQ6a1YT&sig=Cg0ArKJSzH1aIxxwTOkbEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 24 Mar 2025 12:55:42 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame 2319 9 KB
10 KB 154ms
34ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: 7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag: "2b18447e41c64d14195cefd72eb57400"
age: 52
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 9645
x-amz-cf-id: ERWwJ4IlL4su12594Nd41XxLaNGwy_07KqwVAHx6l5C7yV2xiNt2gQ==
date: Mon, 24 Mar 2025 12:54:50 GMT
content-type: application/javascript
last-modified: Fri, 14 Mar 2025 09:01:33 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 2319 218 KB
0 84ms
84ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

93155c81b70401839a5573d0374b8a2fa72bf0f9796249368674301b787f3782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 8765629121096803701
age: 3284
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 13:00:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 24 Mar 2025 12:00:58 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68860
x-xss-protection: 0
server: cafe

GET
H3

200

vzn
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=OneDATA
https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA
https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-Qy.sRo1E2p_xvE1gvpcQ2uzF.7n2NzkYauXR5w--~A

170 B
200 B

190ms
189ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://onead.onevision.com.tw/v2/pixel/vzn?id=y-Qy.sRo1E2p_xvE1gvpcQ2uzF.7n2NzkYauXR5w--~A
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
x-vendor: vzn
age: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 303007276
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 24 Mar 2025 12:55:43 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: y-Qy.sRo1E2p_xvE1gvpcQ2uzF.7n2NzkYauXR5w--~A
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-csbv-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

strict-transport-security: max-age=31536000
location: https://onead.onevision.com.tw/v2/pixel/vzn?id=y-Qy.sRo1E2p_xvE1gvpcQ2uzF.7n2NzkYauXR5w--~A
age: 0
referrer-policy: no-referrer-when-downgrade
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/html
server: ATS

GET
H3

200

ltm
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
https://onead.onevision.com.tw/v2/pixel/ltm?id=f64d3331b3c0971d442985ad3e6a89d1

170 B
200 B

208ms
193ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://onead.onevision.com.tw/v2/pixel/ltm?id=f64d3331b3c0971d442985ad3e6a89d1
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
x-vendor: ltm
age: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 293602930
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: f64d3331b3c0971d442985ad3e6a89d1
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-csbv-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

expires: 0
cache-control: no-cache
location: https://onead.onevision.com.tw/v2/pixel/ltm?id=f64d3331b3c0971d442985ad3e6a89d1
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 0
date: Mon, 24 Mar 2025 12:55:42 GMT
pragma: no-cache

GET
H3

200

ttd
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1
https://onead.onevision.com.tw/v2/pixel/ttd?id=16265fd6-b9ed-4e9a-8aed-3829f5c4b992

170 B
200 B

348ms
341ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://onead.onevision.com.tw/v2/pixel/ttd?id=16265fd6-b9ed-4e9a-8aed-3829f5c4b992
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
x-vendor: ttd
age: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 5707262
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 24 Mar 2025 12:55:43 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: 16265fd6-b9ed-4e9a-8aed-3829f5c4b992
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-d11z-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

location: https://onead.onevision.com.tw/v2/pixel/ttd?id=16265fd6-b9ed-4e9a-8aed-3829f5c4b992
content-length: 197
date: Mon, 24 Mar 2025 12:55:42 GMT
server: Kestrel

GET
H/1.1

200
OK

/
ps.eyeota.net/pixel/bounce/
Redirect Chain

https://ps.eyeota.net/pixel?pid=3m51m51&uid=4b29c54c-08af-11f0-a254-0242ac120002&t=ajs
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=4b29c54c-08af-11f0-a254-0242ac120002&t=ajs

1 KB
1 KB

68ms
63ms

Image
application/javascript

50.16.174.192
AMAZON-AES

General

Check archive.org

Download Go to Show image

Full URL: https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=4b29c54c-08af-11f0-a254-0242ac120002&t=ajs
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: HTTP/1.1
Server: 50.16.174.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-174-192.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Content-Length: 1228
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Mon, 24 Mar 2025 12:55:42 GMT
Content-Type: application/javascript

Redirect headers

Location: /pixel/bounce/?pid=3m51m51&uid=4b29c54c-08af-11f0-a254-0242ac120002&t=ajs
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Mon, 24 Mar 2025 12:55:42 GMT

GET
H2 200 cm
trc.taboola.com/sg/onedata/1/ 0
198 B 148ms
74ms Image
text/plain 151.101.65.44
FASTLY

General

Check archive.org

Download Go to Show image

Full URL: https://trc.taboola.com/sg/onedata/1/cm
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-fastly-to-nlb-rtt: 64930
x-timer: S1742820943.605317,VS0,VE66
x-vcl-time-ms: 66
via: 1.1 varnish
accept-ranges: bytes
x-cache: MISS
content-length: 0
date: Mon, 24 Mar 2025 12:55:42 GMT
x-service-version: v1
server: nginx
x-cache-hits: 0
x-served-by: cache-ewr-kewr1740092-EWR

GET
H3 200 ads_topbar_ Show response
fundingchoicesmessages.google.com/f/AGSKWxU2R31Mu929ga-7RDdtCkl7uFiz7ZjxzgiGXVZ3I7IoVmDTYsRA5QXV8QXjPpJjtFO4NCKqYcfcsLVGN93JCmyDMeqayczk5eDRQEl7J7G0RB-PR9cn9aTD7-6vPGpgG7yuX0N-PIvR8S3-Hrg5dWUNK9OZL... 54 B
109 B 49ms
44ms Script
application/javascript 172.253.122.101
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxU2R31Mu929ga-7RDdtCkl7uFiz7ZjxzgiGXVZ3I7IoVmDTYsRA5QXV8QXjPpJjtFO4NCKqYcfcsLVGN93JCmyDMeqayczk5eDRQEl7J7G0RB-PR9cn9aTD7-6vPGpgG7yuX0N-PIvR8S3-Hrg5dWUNK9OZL3kYDTH49aT6T41zc41SPfAK5GqZSiyt/_/adreclaim-/ads_topbar_?ad_number=-seasonal-ad./carousel_ads.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.DlW-L-3KJrM.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMyHfBuFMSM37TeF1dE1vzw9gpOtNA/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

ESF /

Resource Hash

2621d065b3f4690e89592e90e01673d4e57b6a4560b897eb897c23a8529fd6bf

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-c6bH3rOpr6uNAlupYC9rPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmII1pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDjOrWndzybQsGHtTiYljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjUwNjIwM9A6P4AgMAAfgrkQ"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-c6bH3rOpr6uNAlupYC9rPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ 61 B
76 B 25ms
21ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.DlW-L-3KJrM.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMyHfBuFMSM37TeF1dE1vzw9gpOtNA/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 16023549773543154165
age: 2409
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 13:15:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 24 Mar 2025 12:15:33 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 51
x-xss-protection: 0
server: cafe

POST
H3 204 AGSKWxWrNR5HQQQCx0P19F9bD-U7urKjZbHhmijjVAh8BLxQ5uwp4xgUa7cqy26FU7fb4Zti0oxcVvq_21P20ZMB3R9sslBIbdTnrY8NxRBdcq7h7rZbJQfiN5bh8sBAvB7jL4Mq5dmI1A== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 65ms
40ms XHR
text/html 172.253.122.101
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrNR5HQQQCx0P19F9bD-U7urKjZbHhmijjVAh8BLxQ5uwp4xgUa7cqy26FU7fb4Zti0oxcVvq_21P20ZMB3R9sslBIbdTnrY8NxRBdcq7h7rZbJQfiN5bh8sBAvB7jL4Mq5dmI1A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-2CE01eDtKP1hHBzn-4d6fQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmJw1pBi-FB_mfUHEAvxcJxb07qfTWDD9l0HmJRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxkYGegVl8gQEAZUwkew"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-2CE01eDtKP1hHBzn-4d6fQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3977 185 KB
59 KB 114ms
99ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

e1a88944839c9a9a2901a448d23a62bf47fb36cd7b50ebf145e020c82633a984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 6347705398477108903
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 60661
x-xss-protection: 0
server: cafe

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrNR5HQQQCx0P19F9bD-U7urKjZbHhmijjVAh8BLxQ5uwp4xgUa7cqy26FU7fb4Zti0oxcVvq_21P20ZMB3R9sslBIbdTnrY8NxRBdcq7h7rZbJQfiN5bh8sBAvB7jL4Mq5dmI1A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-vulCBcGgeC5hggCfvRkB8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmJw1pBi-FB_mfUHEAvxcJxb07qfTeDFzllnmZRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxkYGegVl8gQEAcNAkog"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-vulCBcGgeC5hggCfvRkB8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrNR5HQQQCx0P19F9bD-U7urKjZbHhmijjVAh8BLxQ5uwp4xgUa7cqy26FU7fb4Zti0oxcVvq_21P20ZMB3R9sslBIbdTnrY8NxRBdcq7h7rZbJQfiN5bh8sBAvB7jL4Mq5dmI1A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-P0iiT8AQf9FRTi2LuokI3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmII0pBi-FB_mfUHEAvxcJxb07qfTWDFwwdXmJRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxkYGegVl8gQEAhS4k5g"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-P0iiT8AQf9FRTi2LuokI3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrNR5HQQQCx0P19F9bD-U7urKjZbHhmijjVAh8BLxQ5uwp4xgUa7cqy26FU7fb4Zti0oxcVvq_21P20ZMB3R9sslBIbdTnrY8NxRBdcq7h7rZbJQfiN5bh8sBAvB7jL4Mq5dmI1A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OgokvSQvBC2KimCoSat46A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw1JBi-FB_mfUHEAvxcJxb07qfTWDHjD1XmZRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxkYGegVl8gQEAZ2gkgQ"
content-security-policy: script-src 'report-sample' 'nonce-OgokvSQvBC2KimCoSat46A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxXq0IGBo481WoT0DQfSZZ5jH7sddp6mXoSLiyUIUzWYFRRxKsDMwoPPF_1UD3EP0ry1Y6wHi21sIe8mUubUSXLgfj-Y7z3gKmi-GpcM2ILI1QaR0ApbMbWNegv5dYjJyeqppR5t-A== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 81ms
77ms Script
application/javascript 172.253.122.101
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXq0IGBo481WoT0DQfSZZ5jH7sddp6mXoSLiyUIUzWYFRRxKsDMwoPPF_1UD3EP0ry1Y6wHi21sIe8mUubUSXLgfj-Y7z3gKmi-GpcM2ILI1QaR0ApbMbWNegv5dYjJyeqppR5t-A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyODIwOTQyLDY4NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLG51bGwsW1s4LCJEbFctTC0zS0pyTSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

ESF /

Resource Hash

75ee5b8579ccdd4addd453e5f03adcfd7f5c07575208312cd4f02672c792284e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LK2vJkU6TEnjGQJLi-XR-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw1pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDjOrWndzyZw49DlW0xKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGpgbGRgZ6BkbxBQYAGvYsMg"
content-security-policy: script-src 'report-sample' 'nonce-LK2vJkU6TEnjGQJLi-XR-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 capmapping.htm
cdn.holmesmind.com/js/ Frame B588 0
0 105ms
18ms Document
text/html 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 30
content-length: 12184
content-type: text/html
date: Mon, 24 Mar 2025 12:55:16 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-amz-cf-id: tJafFgwKdoAhpex4tk7jDuTPoyUwd8BThBpsuDIOCDm7rPhoLFRVmA==
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame F6B3 11 KB
11 KB 68ms
15ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 33
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: W6-Q6_rei67zpRDnffKB7X48dVIduTLiUTENMtUHJevs9xZ9rhnFIw==
date: Mon, 24 Mar 2025 12:55:24 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

POST
H3 204 AGSKWxXZiTShuen4lpYr8QxbHkfweL2WRGpIImFuwLUsr_btmbBDVmju4_vM5Ghqc_q-YNg-1AWXjMuVd3mwc4_PoPE2USod5-DWLm3n55Aar2WIUld8mGdaeoHYaxTANyD5DvbJepQB8w== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 50ms
38ms XHR
text/html 172.253.122.101
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXZiTShuen4lpYr8QxbHkfweL2WRGpIImFuwLUsr_btmbBDVmju4_vM5Ghqc_q-YNg-1AWXjMuVd3mwc4_PoPE2USod5-DWLm3n55Aar2WIUld8mGdaeoHYaxTANyD5DvbJepQB8w==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-D863xLZxWT_V-0rMR06Fww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:42 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw1ZBi-FB_mfUHEAvxcJxb07qfTWDCv9W9zEouSfmF8cn5eSWpeSW6iSnFuiB2UWZSaUl-EQo7tQykIic_PT0zLz3eyMDI1MDYyEDPwCy-wAAAYdokaw"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-D863xLZxWT_V-0rMR06Fww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame F6B3 2 KB
795 B 1040ms
446ms Script
text/html 54.64.195.61
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: d87bdde5b93ccd6b28df30f6841ec9ab4114de022f8ec3abf45be89f9f9d867e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 24 Mar 2025 12:55:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame F6B3 30 KB
30 KB 31ms
20ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 51
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: Sk2cw2-MMzyhw-oy7xrZlCpIQC1p2cQI9ZdFNXakKqVtjKwGizpV2Q==
date: Mon, 24 Mar 2025 12:54:57 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2910 0
0 38ms
35ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3977 0
0 44ms
29ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2319 0
0 60ms
25ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
DATA 200
OK truncated
/ Frame 2910 212 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc030c460d4e482131bcfbf4f39c7bb05e04c99e7e508b2030e72b170f42d8bf

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3977 210 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f2cd84611253bf9a1fecac6f381da91a3daf8ea5e23590dfc891b2e142823031

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2319 212 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c02ce64001b6783e089db88bd56ebc14c06995779af8a825d94615e71e91742

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2910 0
0 29ms
28ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3977 0
0 57ms
30ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2319 0
0 89ms
41ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503180101/ Frame 3977 501 KB
160 KB 19ms
17ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503180101/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

a0488164a8e38f8b9d943ced442f639d2af110b20e97299930eeafedb0f00c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 9215872711054938096
age: 66184
x-content-type-options: nosniff
expires: Sun, 06 Apr 2025 18:32:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Sun, 23 Mar 2025 18:32:39 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 163535
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3977 0
0 35ms
35ms Fetch
image/gif 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssA68MWxBvmsSJFjw48bC32IsQNpIZb7OtQLTBE0_Pz0W1W9-k9SzRErqQ5z1BBsKltuJXeAPFGtIQ0y_XEawC4AYybHruAk1vxPdylOSYfX6sKMbXLFS2avCHTXu9mbgI8Wa_SL_QB7nnGVodr5sMp4KbCm-S4NjlwEWXFNa2cKA3E7MwzedEmq5H1FmyqcTCmi2W_QpQsfRaaK9o7w82IojOOtgL9dhEekKgUxinWx42sDMeYNhz8ZZfPeep7mReUsCSO2tgJOKUA68QuEbCOLIDLS8EPTa8RK0gTcgrsj8QmZ05nIjKcvUrwB0VySqxacPKDaG6vs7_yU-uKeQig00TXg_fpi7kQ3af-vq86tQlGs_ZZbdDP37x3Lh-5kQRRnkVPSX7r-g3w3XxJ0eR4FxRMSVw2tBqfrVWXdaGennUvVQchA_GjlNzGkA&sai=AMfl-YSoCy8A4TKhanHHBXVqwFS1lIjE7pmwfs-6Jx6qD7U-glLEFeERXEOT2rOjntes87nq8fcvSQtjHKyT54mEwSqjmfLaKqMyno7hnt7Ly2HaD9BR7aUHDfZl3Y0J&sig=Cg0ArKJSzAwipjbRY4x-EAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:43 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 24 Mar 2025 12:55:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20250319/r20190131/ Frame C047 0
0 86ms
28ms Document
text/html 172.253.122.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20250319/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503180101/show_ads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

age: 5689
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4228
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 11:20:54 GMT
etag: 2080659458937595761
expires: Mon, 07 Apr 2025 11:20:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

404

DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
adx.holmesmind.com/adx-file/20220715/ Frame 40F0
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=776186312&pi=t.ma~as.2784%2F13803&w=300&lmt=174282094...
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html

0
0

722ms
499ms

Document
application/xml

18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503180101/show_ads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://reurl.cc/XqAx30
Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

content-type: application/xml
date: Mon, 24 Mar 2025 12:55:44 GMT
server: AmazonS3
via: 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-amz-cf-id: LWGWjjw3DQS9mR5ApU8yD5DrBG2-ej6xLjRX0ZWOK6POJ06Rsqc3ZQ==
x-amz-cf-pop: IAD12-P3
x-cache: Error from cloudfront

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:43 GMT
location: https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ Frame 3977 17 KB
13 KB 111ms
47ms XHR
application/json 142.251.111.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250319&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503180101/show_ads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f155.1e100.net

Software

cafe /

Resource Hash

9a9b9d44067529ee0d47b9222376a936fbd9309a9160afdc4ae27130c16c9011

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12998
date: Mon, 24 Mar 2025 12:55:43 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ Frame 3977 18 KB
7 KB 243ms
35ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503180101/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK td_js_sdk_171.js Show response
api.popin.cc/ Frame 2910 68 KB
16 KB 363ms
363ms Script
application/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Download Go to

Full URL: https://api.popin.cc/td_js_sdk_171.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Transfer-Encoding: chunked
X-Cache-Status: HIT from 10.252.55.25
Cache-Control: max-age=3600
Timing-Allow-Origin: *
Content-Encoding: gzip
ETag: W/"d7d7ebc58d77dc27a2c068acdf41021d"
Connection: keep-alive
Cross-Origin-Resource-Policy: cross-origin
Expires: Mon, 24 Mar 2025 13:55:43 GMT
Date: Mon, 24 Mar 2025 12:55:43 GMT
Last-Modified: Tue, 28 May 2024 09:22:02 GMT
Content-Type: application/javascript
Vary: Accept-Encoding
Server: nginx
x-amz-server-side-encryption: AES256

GET
H2 200 recommend Show response
tw.popin.cc/popin_discovery/ Frame 2910 690 B
893 B 937ms
341ms Script
application/javascript 119.63.198.189
BAIDUJP Baidu

General

Check archive.org

Download Go to

Full URL: https://tw.popin.cc/popin_discovery/recommend?mode=new&url=https%3A%2F%2Freurl.cc%2FXqAx30&&device=pc&media=reurl.cc&extra=windows&agency=popinag&topn=50&ad=10&r_category=all&country=tw&redirect=true&uid=34221ae58058254e8da1742856944002&info=eyJ1c2VyX3RkX29zIjoiV2luZG93cyIsInVzZXJfdGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsInVzZXJfdGRfYnJvd3NlciI6IkNocm9tZSIsInVzZXJfdGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidXNlcl90ZF9zY3JlZW4iOiIxNjAweDEyMDAiLCJ1c2VyX3RkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInVzZXJfdGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiIsInVzZXJfdGRfcmVmZXJyZXIiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInVzZXJfdGRfcGF0aCI6Ii9YcUF4MzAiLCJ1c2VyX3RkX2NoYXJzZXQiOiJ1dGYtOCIsInVzZXJfdGRfbGFuZ3VhZ2UiOiJlbi11cyIsInVzZXJfdGRfY29sb3IiOiIyNC1iaXQiLCJ1c2VyX3RkX3RpdGxlIjoiIiwidXNlcl90ZF91cmwiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInVzZXJfdGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ1c2VyX3RkX2hvc3QiOiJyZXVybC5jYyIsInVzZXJfZGV2aWNlIjoicGMiLCJ1c2VyX3RpbWUiOjE3NDI4MjA5NDQwMDQsImZydWl0X2JveF9wb3NpdGlvbiI6IiIsImZydWl0X3N0eWxlIjoiIn0=&alg=ltr&uis=%7B%22ss_fl_pp%22%3Anull%2C%22ss_yh_tag%22%3Anull%2C%22ss_pub_pp%22%3Anull%2C%22ss_im_pp%22%3Anull%2C%22ss_im_id%22%3Anull%2C%22ss_gn_pp%22%3Anull%7D&callback=_p6_9e823653d552
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.189 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: c0ffbdc3094973d82e8c2b4dc95777c6a11add910200bff47a11e0c90c3457ea

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-length: 690
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: application/javascript;charset=UTF-8
server: nginx/1.13.5
cross-origin-resource-policy: cross-origin

GET
H2 200 track.js Show response
ad.tagtoo.co/media/ad/ Frame 2910 7 KB
2 KB 365ms
30ms Script
text/javascript 34.111.12.34
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ad.tagtoo.co/media/ad/track.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.12.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 34.12.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 80279f6baf172b794e35da391ac30711c57a3276abda4280d170920df9cca9b1

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type,Access-Control-Allow-Origin
content-encoding: gzip
x-goog-hash: crc32c=wTuGGA==, md5=5ROst+pHZlGo3jXf0Ga7EA==
etag: "e513acb7ea476651a8de35dfd066bb10"
age: 2491
x-goog-stored-content-encoding: gzip
expires: Tue, 08 Apr 2025 12:14:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 1810
date: Mon, 24 Mar 2025 12:14:13 GMT
last-modified: Thu, 20 Mar 2025 09:18:49 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-guploader-uploadid: AKDAyIv8rmjx25ayZ4oxVoYL3pisd-E0l8iIl1aySzjB1qo1DZ7wZ0FfqqbMf3NAVdvB6Ful
cache-control: public, max-age=1296000
x-goog-storage-class: STANDARD
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1742462329152868
content-length: 1810
server: UploadServer

GET
H2 200 tuec.js Show response
uec.tagtoo.co/ Frame 2910 10 KB
4 KB 458ms
14ms Script
application/javascript 34.107.150.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://uec.tagtoo.co/tuec.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.150.21 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 21.150.107.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=IxwxIw==, md5=L6Ez21DNgdh7j/uHKaarNQ==
etag: "2fa133db50cd81d87b8ffb8729a6ab35"
age: 1333
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 3770
date: Mon, 24 Mar 2025 12:33:31 GMT
last-modified: Tue, 12 Dec 2023 09:08:46 GMT
content-type: application/javascript
vary: Accept-Encoding
x-guploader-uploadid: AKDAyIvMYvK5BXGLg7iPHG9jppc_S9ikYSMblGa29ayAoWSUVakvYw7ulh_orsVbpPEPxYA
cache-control: public,max-age=3600
x-goog-storage-class: STANDARD
accept-ranges: bytes
x-goog-generation: 1702372126688115
content-length: 3770
server: UploadServer

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 2910 5 KB
3 KB 793ms
382ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Mon, 24 Mar 2025 13:05:44 GMT
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H/1.1 200
OK popin_discovery5-min.js Show response
api.popin.cc/ Frame 2910 156 KB
43 KB 484ms
351ms Script
application/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Download Go to

Full URL: https://api.popin.cc/popin_discovery5-min.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 46e977bd2e693545c10424af0ca8ae2061ce096d8e5658d997fa9ca60471e26d

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Content-Encoding: gzip
ETag: W/"51910bb1cd9873a17caea8588a900e56"
x-amz-version-id: MCe3oXQalSYt2eLBNz01lVj92TQAzYxl
Expires: Mon, 24 Mar 2025 13:55:44 GMT
Date: Mon, 24 Mar 2025 12:55:44 GMT
Last-Modified: Mon, 24 Mar 2025 06:26:46 GMT
Content-Type: application/javascript
Vary: Accept-Encoding
Transfer-Encoding: chunked
X-Cache-Status: HIT from 10.252.55.25
x-amz-replication-status: PENDING
Cache-Control: max-age=3600
Timing-Allow-Origin: *
Connection: keep-alive
Cross-Origin-Resource-Policy: cross-origin
Server: nginx
x-amz-server-side-encryption: AES256

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ Frame 2910 66 B
223 B 754ms
164ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNCwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJsb2MiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInRkX29zIjoiV2luZG93cyIsInRkX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJ0ZF9vc192ZXJzaW9uIjoiMTAuMC4wIiwidGRfYnJvd3NlciI6IkNocm9tZSIsInRkX2Jyb3dzZXJfdmVyc2lvbiI6Ijg4LjAuNDMyNCJ9&t=1742820944007
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "5e186130-42"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: image/jpeg
last-modified: Fri, 10 Jan 2020 11:34:08 GMT
server: nginx/1.13.5

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ Frame 2910 66 B
223 B 753ms
164ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjowLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ1aWQiOiIzNDIyMWFlNTgwNTgyNTRlOGRhMTc0Mjg1Njk0NDAwMiIsInRkX3RpdGxlIjoiIiwiZXh0cmEiOiIiLCJpbnRlcmFjdGlvbl9udW1iZXIiOjAsInBvcGluX3ZlcnNpb24iOjYsInRkX29zIjoiV2luZG93cyIsInRkX29zX3ZlcnNpb24iOiIxMC4wLjAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiJ9&t=1742820944010
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "5e186130-42"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: image/jpeg
last-modified: Fri, 10 Jan 2020 11:34:08 GMT
server: nginx/1.13.5

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame EB83 0
0 74ms
18ms Document
text/html 142.250.31.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 1310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:33:54 GMT
expires: Mon, 24 Mar 2025 13:23:54 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame A58F 0
0 385ms
35ms Document
text/html 142.251.167.99
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.99 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f99.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cipQHZdyXd9-IEtijbO6ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-cipQHZdyXd9-IEtijbO6ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:44 GMT
expires: Mon, 24 Mar 2025 12:55:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame F6B3 2 KB
1 KB 286ms
281ms Script
text/html 54.64.195.61
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=225&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=5720-Btl669Drddz6VavWXzfehujn4G04K0to&fp_uuid=5720-1561cb6450bd93e00cfca5fd9cfa90c4&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8cba9e3ed08ea32eb9ef7a8004ad0a0a3a43d46d665fbfbd6251f9a44d866440

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame F6B3 3 KB
3 KB 32ms
27ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag: "519bf06eca29382b4ee4cc4f1dace214"
age: 24
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2905
x-amz-cf-id: Fir_bGmleDBfEN15HcLKUmTN9VaoMtaEeedzNAw2QZlvZULlWmlZVg==
date: Mon, 24 Mar 2025 12:55:26 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame F6B3 130 KB
42 KB 29ms
24ms Script
text/javascript 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"67c8043f-2072d"
cross-origin-resource-policy: cross-origin
expires: Tue, 25 Mar 2025 12:55:44 GMT
access-control-allow-origin: *
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: text/javascript
last-modified: Wed, 05 Mar 2025 07:58:55 GMT
server: nginx

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame F6B3 3 KB
4 KB 31ms
27ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag: "13519f9e63c9828d93a698c47992e115"
age: 36
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3197
x-amz-cf-id: Ygm_N7S9GO0O3yVK9KDyWiUJZyMenrdyq4_H9xzTccDaVqK5qyJoUQ==
date: Mon, 24 Mar 2025 12:55:09 GMT
content-type: application/javascript
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame F6B3 3 KB
4 KB 528ms
524ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 3470
x-amz-cf-id: AiLnPptL90bTh9xLOo-TciwDuiWcfTT-3s-A4XUVU__gqNVsBSfvQQ==
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: application/javascript
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame F6B3 3 KB
4 KB 511ms
507ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag: "21253aa5d7ee0c3b700ce5f1a4a1b4d1"
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 3446
x-amz-cf-id: 9ORFDtfNlZbO_EgW3MxJplbcTs9fUBoVwhkzgNAHefzQc1DjUMmK4w==
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: application/javascript
last-modified: Thu, 14 Dec 2023 06:52:43 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame F6B3 5 KB
6 KB 38ms
34ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag: "ec9ddd169f5fd01f28f9b31866cd4701"
age: 24
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 5467
x-amz-cf-id: dqStQf0NfgHWSQ7lzCBPKmXteQRj5oTjxEa-K6x2GNNsDid2lQSpRQ==
date: Mon, 24 Mar 2025 12:55:26 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:15:25 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame F6B3 0
171 B 1060ms
463ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:45 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame F6B3
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=iy3JhikCC-yUiTCKUVbhZw

2 B
160 B

194ms
192ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=iy3JhikCC-yUiTCKUVbhZw
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=iy3JhikCC-yUiTCKUVbhZw
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 24 Mar 2025 12:55:45 GMT
Server: nginx

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame F6B3 0
187 B 387ms
25ms XHR
text/plain 74.119.117.5
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=72191376756

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.5 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:43 GMT
vary: Origin
server: Kestrel
access-control-allow-credentials: true

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame F6B3 5 KB
0 578ms
578ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Mon, 24 Mar 2025 13:05:44 GMT
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3977 42 B
65 B 34ms
33ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstVjYpRmIvc8KvHlF8TI3py9INBC_8ImUSQYPd7V-bNfNzTeeqHhSRGOkO1mQNFzgIzGEdG2VDskD2qyFBLMFVTb9XahiMCfeWtvlOdYAAJ-6ucks2XDUS8sqdPBu1Iuv2cDByfvv4cTBL7o2Eb-rkjHpHCyCFg_O0Mf27GYnlSM64O&sig=Cg0ArKJSzN-WHXRfioqJEAE&id=lidar2&mcvt=1000&p=172,270,422,570&tm=1222.6999998092651&tu=222.9000005722046&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250319&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=827794272&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3875374300&rst=1742820942500&rpt=777&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 24 Mar 2025 12:55:44 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame F6B3 13 KB
13 KB 34ms
34ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=225&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=5720-Btl669Drddz6VavWXzfehujn4G04K0to&fp_uuid=5720-1561cb6450bd93e00cfca5fd9cfa90c4&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 47
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: yGp-aJ0pW8yzPAan_bVdV6McL7yW4rfOFBFxDm0xOTSTJCDNqw94zA==
date: Mon, 24 Mar 2025 12:55:04 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 0.js Show response
ecs.tagtoo.co/js/ Frame 2910 201 KB
56 KB 269ms
11ms Script
text/javascript 34.102.218.41
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ecs.tagtoo.co/js/0.js
Requested by: Host: ad.tagtoo.co
URL: https://ad.tagtoo.co/media/ad/track.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.218.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 41.218.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type, Access-Control-Allow-Origin
content-encoding: gzip
x-goog-hash: crc32c=2mAcSQ==, md5=ijKbxOP20q6Aq4WlmoGeCA==
etag: "8a329bc4e3f6d2ae80ab85a59a819e08"
age: 3151
x-goog-stored-content-encoding: gzip
expires: Mon, 24 Mar 2025 13:33:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 56322
date: Mon, 24 Mar 2025 12:03:13 GMT
last-modified: Fri, 14 Feb 2025 14:16:26 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-guploader-uploadid: AKDAyIt8SsjAcu8Wem8wrwF5oPrXgNKQ1uPP-I07Ut4OQRC_WFHrr59S2jEltoObTkCPc80_
cache-control: public, max-age=5400
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1739542586669957
content-length: 56322
server: UploadServer

POST
H2 204 events
bidder.criteo.com/csm/ Frame F6B3 0
186 B 83ms
76ms Ping
text/plain 74.119.117.5
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.5 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:43 GMT
vary: Origin
server: Kestrel
access-control-allow-credentials: true

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame F6B3 43 B
365 B 23ms
16ms Image
image/gif 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=31104000, public
timing-allow-origin: *
etag: "493ea254-2b"
cross-origin-resource-policy: cross-origin
expires: Thu, 19 Mar 2026 12:55:44 GMT
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: image/gif
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame F6B3 43 B
365 B 33ms
27ms Image
image/gif 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=31104000, public
timing-allow-origin: *
etag: "493ea254-2b"
cross-origin-resource-policy: cross-origin
expires: Thu, 19 Mar 2026 12:55:44 GMT
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: image/gif
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame F6B3
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=NmlPqJQvB8W0ZdRwUVbhZw

2 B
20 B

234ms
220ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=NmlPqJQvB8W0ZdRwUVbhZw
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=NmlPqJQvB8W0ZdRwUVbhZw
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 24 Mar 2025 12:55:45 GMT
Server: nginx

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame F6B3 0
168 B 885ms
413ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.14555104916029316
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

Access-Control-Allow-Origin: https://reurl.cc
Date: Mon, 24 Mar 2025 12:55:45 GMT
Server: Kestrel
Access-Control-Allow-Credentials: true

GET
H3 200 /
www.facebook.com/tr/ Frame 2910 0
16 B 25ms
16ms Image
text/plain 157.240.229.35
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?eid=1742820944693&id=404012299753340&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FXqAx30&rl=https%3A%2F%2Freurl.cc%2FXqAx30&if=true&ts=1742820944692&sw=1600&sh=1200&v=2.9.44&r=stable&fbp=fb.1.1742820941253.98546902425466842&it=1742820944684&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=27, rtx=0, c=27, mss=1232, tbw=9017, tp=23, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 2910 36 B
401 B 411ms
410ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

d91f68a62d07782eb88bc13fd12acfab8c06f2ac2a9106a18544f6bca1532060

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame F6B3 36 B
401 B 612ms
202ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

d91f68a62d07782eb88bc13fd12acfab8c06f2ac2a9106a18544f6bca1532060

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ Frame 2910 66 B
223 B 171ms
170ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjoyLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ1aWQiOiIzNDIyMWFlNTgwNTgyNTRlOGRhMTc0Mjg1Njk0NDAwMiIsInRkX3ZlcnNpb24iOiIxLjcuMSIsInRkX2NsaWVudF9pZCI6IjZjMWJjNmM4LTczMjgtNDNhNC1iZDA1LTQ4MGFiY2ZjZDAxYiIsInRkX2NoYXJzZXQiOiJ1dGYtOCIsInRkX2xhbmd1YWdlIjoiZW4tdXMiLCJ0ZF9jb2xvciI6IjI0LWJpdCIsInRkX3NjcmVlbiI6IjE2MDB4MTIwMCIsInRkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInRkX3RpdGxlIjoiIiwidGRfdXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ0ZF91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgSGVhZGxlc3NDaHJvbWUvODguMC40MzI0LjE5MCBTYWZhcmkvNTM3LjM2IiwidGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0ZF9ob3N0IjoicmV1cmwuY2MiLCJ0ZF9wYXRoIjoiL1hxQXgzMCIsInRkX3JlZmVycmVyIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfb3MiOiJXaW5kb3dzIiwidGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsImNsaWVudF9pZCI6IjZjMWJjNmM4LTczMjgtNDNhNC1iZDA1LTQ4MGFiY2ZjZDAxYiIsImV4dHJhIjoiIiwiaW50ZXJhY3Rpb25fbnVtYmVyIjowLCJwb3Bpbl92ZXJzaW9uIjo2fQ==&t=1742820944948
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "5e186130-42"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: image/jpeg
last-modified: Fri, 10 Jan 2020 11:34:08 GMT
server: nginx/1.13.5

GET
H2 200 log.gif
r.popin.cc/ Frame 2910 35 B
186 B 821ms
357ms Image
image/gif 119.63.198.188
BAIDUJP Baidu

General

Check archive.org

Download Go to Show image

Full URL: https://r.popin.cc/log.gif?type=related-tw&uid=34221ae58058254e8da1742856944002&url=https%3A%2F%2Freurl.cc%2FXqAx30&t=1742820944950
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.188 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "6142e195-23"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: image/gif
last-modified: Thu, 16 Sep 2021 06:17:57 GMT
server: nginx

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame C768 106 KB
0 0ms
0ms Script
text/javascript 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

f54417dc932e3e432d8c4730b204456d1e76ebe29e93afe191bb5888f62c9da5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 429 / 20171 / m202503180101 / config-hash: 136281761097716162
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33537
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/ Frame C768 524 KB
0 0ms
0ms Script
text/javascript 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

24c55f7fd45388e8a6c4fb7fc8bdae53992181227bb8f77f1d4dc04be9f15556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 8549058430066818552
age: 3433
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 11:58:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 11:58:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 168179
x-xss-protection: 0
server: cafe

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/ Frame C768 63 KB
0 0ms
0ms Other
text/plain 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/gpt

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

724bf9b6cead6b42a8435c2dd63959f95a2868fc29d0c19f44b7f26c83a18cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 6636832657936373745
age: 80682
x-content-type-options: nosniff
expires: Sun, 30 Mar 2025 14:30:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Sun, 23 Mar 2025 14:30:58 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23172
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202503200101"

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame AE68 0
0 1ms
1ms Document
text/html 172.253.115.156
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 2595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 28720
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:12:26 GMT
expires: Mon, 24 Mar 2025 13:02:26 GMT
last-modified: Mon, 17 Mar 2025 19:42:52 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ Frame C768 17 KB
13 KB 35ms
34ms XHR
application/json 142.251.111.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f155.1e100.net

Software

cafe /

Resource Hash

0aaa38bb8e4bb6f7b4a6af08de0d02d376f4fd76664a70e73f976b0675de3c4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13078
date: Mon, 24 Mar 2025 12:55:45 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame C768 36 KB
8 KB 114ms
113ms Fetch
text/plain 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=419945875229302&correlator=3941417938005724&eid=31090592%2C31091202%2C95355263%2C95347233%2C83321073&output=ldjh&gdfp_req=1&vrg=202503180101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=3758817454&sfv=1-0-41&sc=1&cookie=ID%3Deb78c0b1b52b10ee%3AT%3D1742820941%3ART%3D1742820941%3AS%3DALNI_MaTXILdeoeqTQ9H7J7svId2DZK6Cg&gpic=UID%3D00001000d582680b%3AT%3D1742820941%3ART%3D1742820941%3AS%3DALNI_MbsPLsiOuwiAF_FTsgU606zQ7E4Hw&abxe=1&dt=1742820945044&lmt=1742820945&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=7gxt3qfxbb1o&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=3&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742820944954&idt=66&adks=3360245792&frm=23&eo_id_str=ID%3D77c251e73d9ab7c4%3AT%3D1742820941%3ART%3D1742820941%3AS%3DAA-Afjbrx8bHZ0u_7Q2uLdTl-N_o&td=1&egid=5512&tdf=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

e07b89b32652ade8fb7527421b6d15ca09f01be80ea9221e52f977372aaab8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: dcb
google-lineitem-id: 6499556608
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: 138462658495
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 7991
x-xss-protection: 0
server: cafe

GET
H3 200 container.html
38acab207a35e983f87d9aa227ec7b36.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 27B9 0
0 303ms
18ms Document
text/html 192.178.155.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://38acab207a35e983f87d9aa227ec7b36.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

192.178.155.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yuiadrs-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3024
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:45 GMT
expires: Mon, 24 Mar 2025 12:55:45 GMT
last-modified: Thu, 30 Jan 2025 19:28:58 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ Frame C768 18 KB
0 0ms
0ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 4037 0
0 0ms
0ms Document
text/html 142.250.31.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 1310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:33:54 GMT
expires: Mon, 24 Mar 2025 13:23:54 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 0A09 0
0 0ms
0ms Document
text/html 142.251.167.99
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.99 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f99.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cipQHZdyXd9-IEtijbO6ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-cipQHZdyXd9-IEtijbO6ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:44 GMT
expires: Mon, 24 Mar 2025 12:55:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 2910 30 B
271 B 391ms
391ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=10d180c4-2056-4f44-b3d0-2fde99c45f22

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: nginx

GET sodar
ep1.adtrafficquality.google/pagead/ Frame 3977 0
0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2133 0
0 39ms
39ms Fetch
image/gif 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssRQz8cKTUNlRSIdB4FAt-UWFAtCkfK4xa8hqASg381NP9wV-foz6Jm0u7nhLxtku7xdg8F4-RUZoWWngu8aCn0UjjcAsENe-GAd8eeBNudcg8pGYUSW0_sz28DPlEjo0fOGYcDXpGDxyhAYL7iD6aQJ8UobKM8wHI7NOfdMYjoN31iHuv7WVSy_Yf0PVN7yn-DuW0-5arpfb6caofgC54chQtpGP6QBeDMRT79ltWexnZVuo3aZA62fBjHE_3at4rtGueYdMF7Y_BTw2FRwIgP14YkyiWP3m6aRdwxaE53WieokeAaYnUlh_TeaYvzmy9YVDtzzwJcBZwZ0SmWuq046MSPpIglTEmQdI6vxYj2FzdECh6Vb8cOz8Js1B9fKZMPggKBRaZjrqAOfouwN32fTn3YH9U2RXfj5-8huqH7TsIeeJkwKCRz87LIcbiU5tlxpVl8yL7dmF0&sai=AMfl-YQzmrwJ6Ar4C-U3ADOqPvVkhiwHJDTLJWImg4tcze4MOTikqpEjXX0iwd2G0ku47sx8hm8lhSRU4Dpqj5gBWkkYM9PdSWM5f-_TiiOpSPRR-eEhVPu8RTs6HB5L&sig=Cg0ArKJSzNCuuTgUhmjAEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 24 Mar 2025 12:55:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame 2133 9 KB
0 1ms
0ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: 7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag: "2b18447e41c64d14195cefd72eb57400"
age: 52
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 9645
x-amz-cf-id: ERWwJ4IlL4su12594Nd41XxLaNGwy_07KqwVAHx6l5C7yV2xiNt2gQ==
date: Mon, 24 Mar 2025 12:54:50 GMT
content-type: application/javascript
last-modified: Fri, 14 Mar 2025 09:01:33 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 2133 218 KB
0 1ms
1ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

93155c81b70401839a5573d0374b8a2fa72bf0f9796249368674301b787f3782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 8765629121096803701
age: 3284
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 13:00:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 24 Mar 2025 12:00:58 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68860
x-xss-protection: 0
server: cafe

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame F6B3 0
187 B 344ms
341ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=5720-Btl669Drddz6VavWXzfehujn4G04K0to

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H2 200 capmapping.htm
cdn.holmesmind.com/js/ Frame 1835 0
0 34ms
24ms Document
text/html 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=5720-1561cb6450bd93e00cfca5fd9cfa90c4
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 33
content-length: 12184
content-type: text/html
date: Mon, 24 Mar 2025 12:55:16 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-amz-cf-id: YlImTzSqFCA5tNDrtO9tFzusFi1XnElTqYJKnWKMAQ3MEfgmE31ERA==
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 9AA4 11 KB
0 11ms
11ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 33
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: W6-Q6_rei67zpRDnffKB7X48dVIduTLiUTENMtUHJevs9xZ9rhnFIw==
date: Mon, 24 Mar 2025 12:55:24 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2133 0
0 32ms
29ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
DATA 200
OK truncated
/ Frame 2133 211 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d8ec71222318b195413a9c14eeeb1972c2ae3c67214ce7bec9ce10e2099c1cf

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2133 0
0 35ms
30ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H/1.1 200
OK pixel
10d180c4-2056-4f44-b3d0-2fde99c45f22.t.ssp.hinet.net/ Frame F6B3 0
177 B 1191ms
395ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://10d180c4-2056-4f44-b3d0-2fde99c45f22.t.ssp.hinet.net/pixel?bd=10d180c4-2056-4f44-b3d0-2fde99c45f22&t=50ef57&referrer=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Mon, 24 Mar 2025 12:55:46 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame 9AA4 2 KB
794 B 227ms
218ms Script
text/html 54.64.195.61
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: d87bdde5b93ccd6b28df30f6841ec9ab4114de022f8ec3abf45be89f9f9d867e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame 9AA4 30 KB
0 4ms
4ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 51
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: Sk2cw2-MMzyhw-oy7xrZlCpIQC1p2cQI9ZdFNXakKqVtjKwGizpV2Q==
date: Mon, 24 Mar 2025 12:54:57 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 9AA4 2 KB
1 KB 273ms
255ms Script
text/html 54.64.195.61
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=346&o=1&fc=5720-Btl669Drddz6VavWXzfehujn4G04K0to&d=1&b=2&ts=1&ii=2&FPCK=5720-Btl669Drddz6VavWXzfehujn4G04K0to&fp_uuid=5720-1561cb6450bd93e00cfca5fd9cfa90c4&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.64.195.61 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-64-195-61.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 4600e57269e2d3a8cd62ed8014764c8cc4d2094700a3db54721c952ff41ba879

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 9AA4 3 KB
0 7ms
7ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag: "519bf06eca29382b4ee4cc4f1dace214"
age: 24
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2905
x-amz-cf-id: Fir_bGmleDBfEN15HcLKUmTN9VaoMtaEeedzNAw2QZlvZULlWmlZVg==
date: Mon, 24 Mar 2025 12:55:26 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 9AA4 130 KB
0 8ms
8ms Script
text/javascript 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"67c8043f-2072d"
cross-origin-resource-policy: cross-origin
expires: Tue, 25 Mar 2025 12:55:44 GMT
access-control-allow-origin: *
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: text/javascript
last-modified: Wed, 05 Mar 2025 07:58:55 GMT
server: nginx

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 9AA4 3 KB
0 9ms
9ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag: "13519f9e63c9828d93a698c47992e115"
age: 36
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3197
x-amz-cf-id: Ygm_N7S9GO0O3yVK9KDyWiUJZyMenrdyq4_H9xzTccDaVqK5qyJoUQ==
date: Mon, 24 Mar 2025 12:55:09 GMT
content-type: application/javascript
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame 9AA4 3 KB
0 9ms
9ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 3470
x-amz-cf-id: AiLnPptL90bTh9xLOo-TciwDuiWcfTT-3s-A4XUVU__gqNVsBSfvQQ==
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: application/javascript
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 9AA4 3 KB
0 9ms
9ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag: "21253aa5d7ee0c3b700ce5f1a4a1b4d1"
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 3446
x-amz-cf-id: 9ORFDtfNlZbO_EgW3MxJplbcTs9fUBoVwhkzgNAHefzQc1DjUMmK4w==
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: application/javascript
last-modified: Thu, 14 Dec 2023 06:52:43 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame 9AA4 5 KB
0 8ms
8ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag: "ec9ddd169f5fd01f28f9b31866cd4701"
age: 24
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 5467
x-amz-cf-id: dqStQf0NfgHWSQ7lzCBPKmXteQRj5oTjxEa-K6x2GNNsDid2lQSpRQ==
date: Mon, 24 Mar 2025 12:55:26 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:15:25 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 9AA4 0
170 B 479ms
458ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:46 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 9AA4 0
168 B 404ms
391ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.6105528081931615
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

Access-Control-Allow-Origin: https://reurl.cc
Date: Mon, 24 Mar 2025 12:55:45 GMT
Server: Kestrel
Access-Control-Allow-Credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 9AA4
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=QYNVZZX-A52gcAhuUlbhZw

2 B
20 B

192ms
190ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=QYNVZZX-A52gcAhuUlbhZw
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Mon, 24 Mar 2025 12:55:46 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=QYNVZZX-A52gcAhuUlbhZw
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 24 Mar 2025 12:55:46 GMT
Server: nginx

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 9AA4
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=xCka37fDBa6kZ9sAUlbhZw

2 B
20 B

189ms
187ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=xCka37fDBa6kZ9sAUlbhZw
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Mon, 24 Mar 2025 12:55:46 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=xCka37fDBa6kZ9sAUlbhZw
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 24 Mar 2025 12:55:46 GMT
Server: nginx

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 9AA4 0
186 B 89ms
81ms XHR
text/plain 74.119.117.5
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=30511827491

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.5 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:45 GMT
vary: Origin
server: Kestrel
access-control-allow-credentials: true

GET sodar
ep1.adtrafficquality.google/pagead/ Frame C768 0
0

POST
H2 204 events
bidder.criteo.com/csm/ Frame 9AA4 0
186 B 163ms
140ms Ping
text/plain 74.119.117.5
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.5 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:44 GMT
vary: Origin
server: Kestrel
access-control-allow-credentials: true

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 9AA4 43 B
0 7ms
7ms Image
image/gif 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=31104000, public
timing-allow-origin: *
etag: "493ea254-2b"
cross-origin-resource-policy: cross-origin
expires: Thu, 19 Mar 2026 12:55:44 GMT
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: image/gif
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 9AA4 43 B
0 8ms
8ms Image
image/gif 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=2
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=31104000, public
timing-allow-origin: *
etag: "493ea254-2b"
cross-origin-resource-policy: cross-origin
expires: Thu, 19 Mar 2026 12:55:44 GMT
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: image/gif
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2910 0
0 43ms
37ms Fetch
image/gif 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstaJVbK_AYOl2iofH_gY_53JVr0cMQRyAqANZO3K4I-ntu3irBM7oj5h7Mb54-EqJllPP-QQBt9ujMEkckPwfD4hXNCf-Cy2YQwBzcTR7Zjwwb5bCR9mC0yHNg6b2Pc3XIChoz7tYAaZV-S_PEjoac5ukdcVYnr-0f3c9ukENE1pUrqJnWiDh6wlG1y-Ddi2PGXFDFypeYIwmkiRNQTvssCVMGIn8t32D6-k-FfMpzIv-WscGfjUXKJSDTY12yDyTzR87OmfQuRlRqlTWEcL-KV4tmEK0TKBf1Db6n1edfryaYgPeUd-cy14YG1wq3Ngy19gTIJrRLbUohOSeSTkVAUyZKU5CjiZMtvn0BsS3yViYHFaTFWRxFW2fydWVv0nyBxWCfEOz-Q62UpNOYqAHRcimB0vaIdGMd4QhHUt6EfmWN1VBFyTUrszmaBDw&sai=AMfl-YS_bbTo8pbU0em85b7shrOh7t7y6tWJ8L2oqqQyEKQrDMXmA8lBKn4qL5x5lzUuR4aY_pX_xHCfi8FThM1hHsFs6vhpfwKOZhDaQpCzo3GsbGKqXETSUpGnCsHO&sig=Cg0ArKJSzCUU6e_DqURUEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:45 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 24 Mar 2025 12:55:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 9AA4 5 KB
0 6ms
6ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Mon, 24 Mar 2025 13:05:44 GMT
date: Mon, 24 Mar 2025 12:55:44 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 9AA4 36 B
401 B 350ms
344ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

d91f68a62d07782eb88bc13fd12acfab8c06f2ac2a9106a18544f6bca1532060

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 36ms
35ms Fetch
text/plain 142.251.167.113
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je53j1h1v9181474282za200&_p=1742820940709&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109&cid=1923222759.1742820941&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1742820940&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=scroll&epn.percent_scrolled=90&_et=51&tfd=6023
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.167.113 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ww-in-f113.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:87:0
report-to: {"group":"ascnsrsggc:87:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:87:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:87:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:45 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 9AA4 13 KB
0 6ms
6ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=346&o=1&fc=5720-Btl669Drddz6VavWXzfehujn4G04K0to&d=1&b=2&ts=1&ii=2&FPCK=5720-Btl669Drddz6VavWXzfehujn4G04K0to&fp_uuid=5720-1561cb6450bd93e00cfca5fd9cfa90c4&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 47
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: yGp-aJ0pW8yzPAan_bVdV6McL7yW4rfOFBFxDm0xOTSTJCDNqw94zA==
date: Mon, 24 Mar 2025 12:55:04 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK pixel
10d180c4-2056-4f44-b3d0-2fde99c45f22.t.ssp.hinet.net/ Frame 9AA4 0
177 B 634ms
201ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://10d180c4-2056-4f44-b3d0-2fde99c45f22.t.ssp.hinet.net/pixel?bd=10d180c4-2056-4f44-b3d0-2fde99c45f22&t=50ef57&referrer=

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Mon, 24 Mar 2025 12:55:46 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 9AA4 0
187 B 211ms
210ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=5720-Btl669Drddz6VavWXzfehujn4G04K0to&mp=10d180c4-2056-4f44-b3d0-2fde99c45f22

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Mon, 24 Mar 2025 12:55:46 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2133 0
0 42ms
41ms Fetch
image/gif 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZ5ExGbyA-fCAnVRfGnzFaGv2olnxBo4ku_CMWScBnuu8UYWvVFFQveLCrlaWmajLtDlNk6uiP9QzE_Z08YAi1A39bpfZu2RAaQ7cK20-KsXbLpPqLQnRLwE8sOW520ehUv5BR78DN5iR8OWcsLiuWVqzNXNAe3LFPFHwigkAAe5MlD6-lOmoHDyE5xZcNTYHvwe02pu5U919b3a4UqHwW5Rtn0uRDM2VMPRcZOCgq2A0CBVymj5nOjp-oVwTqyHEbov1MA6nbLB64k1itGzb7HzOfZiRrGuwkkrOnBNGkdx3gOwSMvhH1g5Rs5CopYiEF0T1Nv_G5UyScXxY6lkegzllIiEo-VxIF2LZfX5Oxu2Bxa97PhAJH4vUXkhlMu3njYyZQ_u4AXUnxxXWS3O3lKvdPQhLIek5cm5k7iOvEyeqkiqVzzMN7KNnD653uRvBzm7S98JPjilRECQ&sai=AMfl-YR4L-xB-5sLslLBHJfCdyCt9cy2TQhdpROpKqwjGymJKcH8JQ0D_0lyko9ZkV3c0MdgQkaFlLMYG0aFU_RAcohIyFI9YhkUoAuzocc0F0qqawfdYBpruZTrXLc1&sig=Cg0ArKJSzAoEl_vEGeyUEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:46 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 24 Mar 2025 12:55:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 53AB 106 KB
0 0ms
0ms Script
text/javascript 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

f54417dc932e3e432d8c4730b204456d1e76ebe29e93afe191bb5888f62c9da5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 429 / 20171 / m202503180101 / config-hash: 136281761097716162
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 12:55:40 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33537
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/ Frame 53AB 524 KB
0 0ms
0ms Script
text/javascript 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

24c55f7fd45388e8a6c4fb7fc8bdae53992181227bb8f77f1d4dc04be9f15556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 8549058430066818552
age: 3433
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 11:58:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 11:58:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 168179
x-xss-protection: 0
server: cafe

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame B87F 0
0 0ms
0ms Document
text/html 172.253.115.156
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 2595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 28720
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:12:26 GMT
expires: Mon, 24 Mar 2025 13:02:26 GMT
last-modified: Mon, 17 Mar 2025 19:42:52 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ Frame 53AB 17 KB
13 KB 37ms
36ms XHR
application/json 142.251.111.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f155.1e100.net

Software

cafe /

Resource Hash

cf06b11142a595c5afc11b3f763bb83a72338fe3dfd994d89fd5c05cc8833ce7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12962
date: Mon, 24 Mar 2025 12:55:47 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 53AB 36 KB
8 KB 102ms
102ms Fetch
text/plain 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1654360009876680&correlator=569688486886538&eid=83321072&output=ldjh&gdfp_req=1&vrg=202503180101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=2044026222&sfv=1-0-41&sc=1&cookie=ID%3Deb78c0b1b52b10ee%3AT%3D1742820941%3ART%3D1742820941%3AS%3DALNI_MaTXILdeoeqTQ9H7J7svId2DZK6Cg&gpic=UID%3D00001000d582680b%3AT%3D1742820941%3ART%3D1742820941%3AS%3DALNI_MbsPLsiOuwiAF_FTsgU606zQ7E4Hw&abxe=1&dt=1742820946990&lmt=1742820946&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=chf7m332bdeg&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=6&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742820946625&idt=34&adks=3360245792&frm=23&eo_id_str=ID%3D77c251e73d9ab7c4%3AT%3D1742820941%3ART%3D1742820941%3AS%3DAA-Afjbrx8bHZ0u_7Q2uLdTl-N_o&td=1&egid=5512&tdf=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

55a6aecd4e7de3a51bf9a825abdb0e77a56a1a4b12b9a5b2402d056a152f0e1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: dcb
google-lineitem-id: 6499556608
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 12:55:47 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: 138462658495
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 7971
x-xss-protection: 0
server: cafe

GET
H3 200 container.html
b50e4f7b7975aa95a80718d7479b2442.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 1EB4 0
0 202ms
19ms Document
text/html 64.233.180.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://b50e4f7b7975aa95a80718d7479b2442.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=6

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3024
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:47 GMT
expires: Mon, 24 Mar 2025 12:55:47 GMT
last-modified: Thu, 30 Jan 2025 19:28:58 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2910 42 B
65 B 61ms
58ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstzVl7n85RVBybcNSMexVrYG0n4FvSmIv-VFuClY5Wi49rcItOXEYyC2aamxtjG6qPszfFZLEmWdOMPoIjwJl6074pI32wYpjaiILsGeMId4Bwp17QUZXHHQ8GUuwDJVllQcMe2fguDS79omqL-Zub3JFNHF44tzFsElT5i2PEEHLhH&sig=Cg0ArKJSzOhnYhIHovMkEAE&id=lidar2&mcvt=1228&p=172,1030,422,1330&tm=4016.800000190735&tu=2788.9000005722046&mtos=1228,1228,1228,1228,1228&tos=1228,0,0,0,0&v=20250319&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1451399479&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3875374300&rst=1742820942488&rpt=3330&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 24 Mar 2025 12:55:47 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ Frame 53AB 18 KB
0 0ms
0ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 12:55:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 12:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 6A76 0
0 0ms
0ms Document
text/html 142.250.31.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 1310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:33:54 GMT
expires: Mon, 24 Mar 2025 13:23:54 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 4F49 0
0 25ms
25ms Document
text/html 142.251.167.99
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.99 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f99.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cipQHZdyXd9-IEtijbO6ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-cipQHZdyXd9-IEtijbO6ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 12:55:44 GMT
expires: Mon, 24 Mar 2025 12:55:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/ Frame 53AB 63 KB
0 0ms
0ms Other
text/plain 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/gpt

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

724bf9b6cead6b42a8435c2dd63959f95a2868fc29d0c19f44b7f26c83a18cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 6636832657936373745
age: 80682
x-content-type-options: nosniff
expires: Sun, 30 Mar 2025 14:30:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Sun, 23 Mar 2025 14:30:58 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23172
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202503200101"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4777 0
0 34ms
33ms Fetch
image/gif 172.253.115.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuPjE6iETk3v_im1OLNa7vjlPAlIEMOCMcRhbQGhGjmEolWnQ3R88Sbm15akoSvKWf23G5iS_LN7XSrqI7vo4fsxNR5k3u9K-xkmHOGhBUA9uGv7BHxsCZ4PqYHcgLOqsbG1R4HOMv-ykCV9IH8YwMPqPdfkQUlGahNw1Om8Po4mC0yC74dN_YRCmRM_GmcwomBhvE4zt8RGh_lGfR-_SvLP32eYqgOj45Lv45F6LoY35CC4BqAlWlvl5FGzqEeGYeYvi7iyYYfuMXjbEt4-mGV1_M3PhgX4BcqJ7D8zuEQcCYco40lJbF6X7aWyvbfIDtLvr13KX2AVudmRyAqU6mZctfxm0Oog_VYmuqILtt7WXD8IsLTjZ3aZlh2yVAMGu8eCu3VUE16-y-Ba1tgnHnLEbir2szGP1EN0AnATJVhO7BowCihmxamguiBZmr3vh3rs_bW1PCNkg&sai=AMfl-YS-z-R-sekrtDyQh6Ooc5lOFBdtmvpXVhM-MH82Zh6R1QP3sE8XXRVXrRg5EL4iY5VCi_yLCaq7yPbSbkaQnIRYDQZ2rMnevByM0T2xJaEbLcy2k-nMP9YEt0bD&sig=Cg0ArKJSzMKjVQ3vva-oEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 24 Mar 2025 12:55:47 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame 4777 9 KB
0 1ms
0ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: 7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag: "2b18447e41c64d14195cefd72eb57400"
age: 52
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 9645
x-amz-cf-id: ERWwJ4IlL4su12594Nd41XxLaNGwy_07KqwVAHx6l5C7yV2xiNt2gQ==
date: Mon, 24 Mar 2025 12:54:50 GMT
content-type: application/javascript
last-modified: Fri, 14 Mar 2025 09:01:33 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 4777 218 KB
0 1ms
1ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

93155c81b70401839a5573d0374b8a2fa72bf0f9796249368674301b787f3782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 8765629121096803701
age: 3284
x-content-type-options: nosniff
expires: Mon, 24 Mar 2025 13:00:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 24 Mar 2025 12:00:58 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68860
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4777 0
0 33ms
32ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:47 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
DATA 200
OK truncated
/ Frame 4777 214 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 782ad28047e3a8afa1421dbe7f8fbb37597cf3f1297d2a4b5a661ef7a3b1a0b0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 capmapping.htm
cdn.holmesmind.com/js/ Frame E8BF 0
0 1ms
1ms Document
text/html 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=5720-1561cb6450bd93e00cfca5fd9cfa90c4
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 33
content-length: 12184
content-type: text/html
date: Mon, 24 Mar 2025 12:55:16 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-amz-cf-id: YlImTzSqFCA5tNDrtO9tFzusFi1XnElTqYJKnWKMAQ3MEfgmE31ERA==
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame E216 11 KB
0 11ms
11ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 33
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: W6-Q6_rei67zpRDnffKB7X48dVIduTLiUTENMtUHJevs9xZ9rhnFIw==
date: Mon, 24 Mar 2025 12:55:24 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4777 0
0 25ms
25ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 24 Mar 2025 12:55:47 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET Preset.js
ad.holmesmind.com/adserver/ Frame E216 0
0

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame E216 30 KB
0 4ms
4ms Script
application/javascript 18.160.10.127
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-127.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 51
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: Sk2cw2-MMzyhw-oy7xrZlCpIQC1p2cQI9ZdFNXakKqVtjKwGizpV2Q==
date: Mon, 24 Mar 2025 12:54:57 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2133 42 B
65 B 37ms
37ms Fetch
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstorFCbXGXUkU5eOY8jWy-dd9dJt_VhN3Q4EFvsKmJbpng8ZBXtPnZ06P3npy_P5PfTfLJ1N7i7zYPpP8CHFUMzSobfDTFajQoVpubHZYKxdjZTDYP-dqgZOmkzai_plP2nBGh3KgsHCsA0-C_eZJgh6yXMQDB1FlgiSZvnJ_ar7Ln8&sig=Cg0ArKJSzMqW5PoCVHalEAE&id=lidar2&mcvt=1000&p=172,650,422,950&tm=2091&tu=1090.6000003814697&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250319&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3360245792&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3875374500&rst=1742820945313&rpt=1170&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 24 Mar 2025 12:55:47 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET sodar
ep1.adtrafficquality.google/pagead/ Frame 53AB 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com
URL: https://1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html

Domain: blog.alphaloan.co
URL: https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20250319&jk=4188951136537809&bg=!4-Cl4K_NAAaCZO-FomQ7ADQBe5WfOEufnNqBz-eal-8p8nA0Pd2tw8OFjwErtbv_UJfYPLrG0oymZUE68EeRjNXVFf_iAgAAAGJSAAAABGgBB34ANZyFzMAIRwDJcdfTCCPhkOUK3QOztHAMr9F1xaj4-dIL1iwipkP8E_0k5FOyjnUeuS6KWmrYCgAdsC4_DRz7fBYfdG4wxLHB2Mkhhe6aSJv1F2kWKwSZAqk7tIn71tgiQIH_DtJhsDhK0-BQqjAZK7SVh4ab9Zv7-j6RQSy_97ihsPy7nej7_b7dq97Rt7MolVs2KCZo0sCDDx8HNKhb5n0eVRom9h7RePIUPRsgnrye0nxp3xJ8-oI0XuvTk4lJfg5AdmrH9IOa_y0ARS0kv6v6sD5CBAwWSxS1xYYzeFWVj9Q7RpeFYgYAdMxzDihBEkB5-_TWQO95s0JJtXC07l14f59T9Zyw6Domtw5YGXcezVlB9zVBbM7UZYxmuzoZ2pSvPOxg9l70L69xHfWOdfLgnGMKzMBN1NAHSHEJ4v7Nn6sCLUiDs-lZ66f_urLw5B_lSktG3OiK6aMmtXxNRPg27VHsNu8-yGbGgN640nlR4UJpC_04ic-__PKNE_wGU5BEcZr81g8qCqnLzuxG_Ja9A3GieWNSZ5yyIzgGzGnJCSh5p1-bcinbp9S9L3O79nIISNsm4y3CtjVZXD07bEjxxFnfc_Yw2cBo3kDiPpqIAbu5_EOvdhMxHJa7Pjx_1hGb4kDaAukZzOLTpiMAqoP0MPArx3Tr-1fZ7vWCnVhWDZbDzCmIPDHptVd2whSzm0aMu3M3lCetcFp4lpOEmvGygOOmv_D5LIqtmouLr5IJCrNPyp_BgGe2bnX2B8ZqdLYBz2s_ufAz7JY1G4mmHjCWNKYaAO0E4XEPST5F8uzlnfan53vCnpHRwISZ0JjwNdClxJmjrmmxRG86LgbLsXFYe8N890jTszsO1XQ24TY8HQEa2gl5-O9GFU7BhZ7Pvym5icI3XbN8qPBKshHn4x4IZ8LRarFvPSQIO4GhkcQ1JXE-QW9Z5C67W-aGP_J_e_q42kdLq0R3ASOGdk5RI9pZ5I6fPkB2dKD7cqczen70nZI1QEaihFfE2Tnysm3m3jI

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202503180101&jk=419945875229302&bg=!S0ilSAfNAAaCZO-FomQ7ADQBe5WfON-xw3XyrO9LBWIAXgG6qp0in3WSbfrLWplm-YyzG-c1uhZSxxOO5-b-yYav_GcuAgAAAE9SAAAAB2gBB34ANbdETDm-1watuYNQKpwYZc5Yc_IVm1pmWi-9KcjKw3MRvlZe86x_CPDVKq3JmLHgnjhBxo2bmQK2J-9SC-arZm6XFmPiFOc9Rw81PhAOKWpb10WkxpYTduIWSsAStQi9VsWF39rcA19RUbVaOth70JwE67XZNzbUy7sCkyL0nQBYR77up2PQ57q8qBRHPB95-A5SUNJsBFrIlR_6xo62TWgEacNzuFqVlMyjFCOmxX1lLPBAWmN34QpC7jeTYUSvIk_ZTAwA4AuNY4Fw5AGWGLW0Wkj5TMXgAuQu3luDd2pzCAps_b_sWAtcgtMRuu3VhsC_Xv59HCLBkGeLBlyslBbyQtmSlJwo64CpCFwENk7qTXr_YSV0o_7N-vi_aScnbMuBAWHPQFtuoD3R1OL8eosz1GuozMIjowPhQbG-HD81HrMmx8AqhvV47LktS2Nj978LkrEXdLGsMq6GrfTPPi3ytvxUGuyS1CvvPiraJC6o2d_yB4ofFxMiJ3ze2jNbGZ3dRj3tg1jLuHoueQkfLZoYKLOuaM1GOQgvvomkaeLOT7qj0mXODKbSXdr0PVFzGCqa4Eyt9DuObJwNACah64hDglpU0pLl2MxlGG0edjeifTNnH3yVhB6YD9LzLkhtzocOMctekIo4MoznnXcJAuYiOCAHHcqy0jpPsgUXNMDjGEMEK7kkzuH2IwLlKAetnP0CNQFgIkAu1baE6ltCIj1Wlh8ijxu4i1Zm96EMymTyZAeDNkJHLVWxH2pmZv78HeyYmM-63H3jAoz1eK8t5XQm0WRj7X98WcUq_3K0r8SY0Xv5Exm9qYC4ECqlBeENMx_lgGJlgixRPTDQ_12GSEJXe0iTMpcRZWFkV_kxFl4GlwytrgpiQVocU0O0TsRcj7me_AFoyfHaIVXn67bzqF-6K8TF6mH30uXC7KlALD75FMzcUXWPZyD3Xzo_0_xUWZM_Q4coycyWfXl3LvdiLzCV5AyQZMxoDmxG-3guvg

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/Preset.js?z=14210

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202503180101&jk=1654360009876680&bg=!JiWlJWrNAAaCZO-FomQ7ADQBe5WfOGEUdwYbZFQKODQWHdIyjdG3aRxspp_N8TTEht1-2F--6mgdHQSydmkJrr8r6RhNAgAAAGJSAAAABmgBB34ANdzex1-9D-DwuK8g4WyxPr60jVvUGiL9p2-fYKGsVNDrgt1PRqkk36Ta0efqbIM2djAhwqdPCgAZDnE34IL4X_bhcAVa5XPi20bqoUHD-OJP8ZkC9843QG9ePh6H7VkaPE9c69R-smWwIkWbozPOLYWS6bTWPIgV7Sx-xlLoZ4mWWEeG3UKNw3VSdH3DxDV6avesDA4nRkTrZ2v4VC6o2l70KBnqasnUpf_aTUfig-VioYSW1pGrgmGoLlULVL4x539FVCSpttJkYCRAwHWUqF6wybS31uZN0CxkrL7lELm5FhQMkuYT5ZqcRetlt5WxBpk5Na7ImxGE1xLEDqCWgYIpNyvCueSvl3JyxeBkVs57e0GkzkOfA25JC7zYqPqcnboE5nQ1J5YV540l4_oblV_9rnpA4u_fFC1h9nzBZJVGVZQO11EQd_2EyUsy_bkCm8xkHQchEdkt50EQNjPP6P2UZlmqHlu4J1mLfv_ELZZDgk9vdQB-KHngkWxF7wauT5c24mzYdczFBKcK5Cth7YpG-gbBf47pJgkBCUBDwCzRNNT9ZVf6vw7x4Tz1ate6O_oVcJDD7H5mOds-n32yAVX8DHS0fbsKWIHmvns2W3E5HuEx1rggBQpeDtc1FnLlSe0hojxhwZaCdgOy5lC7XgwRHoFOql0s6COabTjk75Ck7bR6ufI8CPkJ48VSm4gz6RqmZk6R_CnOzCKHDAfXPsuVHZsK9Ak27BXKZ6L-Tk3BMuC2zp-KigUcqZKrv6VJEIGaBGxj5RuJpRX6-fXohvpTu8_D_OY78HjtLJidM5oR4zOH4qWTVqxUzpo5uSeOpkE6oW0ACBmkprnHw0XIdv8jTvn95yL18gqV_Pa2_G4mE3Sgz1_wDeyckusdRGFed_qow4AZ94i_eWkeORXvajpIQXAtK1U5Xnyj4_4H10_MdKk9HmheYJhYtDbheEEAHnO2ELecBfPvtCdnY_gbT6y-zuGRkH8RIjprYud1Q6Lf1uRYXL6ivNJIXPfS79kWJLL31Me81kbO8P7Snh_UbKadi5rc6VvVYrs-FxNgOIMhhm5lccGzqsszLLr9urk-rE72cTUyJdqrYnk7jfDAja_WMKBgtLTHBcGYLw

Verdicts & Comments Add Verdict or Comment

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reurl.cc/	1970-01-21 13:43:00	Name: _ga_ZDFZCDVDK1 Value: GS1.1.1742820940.1.0.1742820940.0.0.0
.reurl.cc/	1970-01-21 13:43:00	Name: _ga_N394QBRGC0 Value: GS1.1.1742820940.1.0.1742820940.60.0.0
.reurl.cc/	1970-01-21 13:43:00	Name: _ga Value: GA1.2.1923222759.1742820941
.reurl.cc/	1970-01-21 04:08:27	Name: _gid Value: GA1.2.1835144211.1742820941
.reurl.cc/	1970-01-21 04:07:01	Name: _gat Value: 1
.reurl.cc/	1970-01-21 06:16:36	Name: _fbp Value: fb.1.1742820941253.98546902425466842
.criteo.com/	1970-01-21 13:28:36	Name: uid Value: d650903f-ed01-4f22-8891-4349401bdad9
.prnasia.com/	1970-01-21 04:07:02	Name: __cf_bm Value: 88yO_Nc.bSBGfRLl67OiVeYmUFKuqBGesatn39fe34E-1742820942-1.0.1.1-qV7ntl5Hv_0LGW1QiBOjtHwqnN6O5cT9bJXvWWm8LBkwUhOS4.G1xh0M0n9w_79Cp2f49XynUF17yO8nbW0IqPj0aY7UnWxMQkFUA4wlopc
onead.onevision.com.tw/	1970-01-21 12:52:36	Name: onevision_guid Value: 4b29c54c-08af-11f0-a254-0242ac120002
onead.onevision.com.tw/	1970-01-21 12:52:36	Name: oid Value: 4b29c542-08af-11f0-a254-0242ac120002
reurl.cc/	1970-01-21 12:52:36	Name: oid Value: %257B%2522oid%2522%253A%25224b29c54c-08af-11f0-a254-0242ac120002%2522%252C%2522ts%2522%253A-62135596800%252C%2522v%2522%253A%252220201117%2522%257D
.doubleclick.net/	1970-01-21 13:43:00	Name: IDE Value: AHWqTUnUxCL-YFdfF4jhF0ePLtIGbXhBYfrcmQuYgps5__WBFqSoNr1gKOmDuN0B3Vc
.reurl.cc/	1970-01-21 13:28:36	Name: __gads Value: ID=eb78c0b1b52b10ee:T=1742820941:RT=1742820941:S=ALNI_MaTXILdeoeqTQ9H7J7svId2DZK6Cg
.reurl.cc/	1970-01-21 13:28:36	Name: __gpi Value: UID=00001000d582680b:T=1742820941:RT=1742820941:S=ALNI_MbsPLsiOuwiAF_FTsgU606zQ7E4Hw
.reurl.cc/	1970-01-21 08:26:12	Name: __eoi Value: ID=77c251e73d9ab7c4:T=1742820941:RT=1742820941:S=AA-Afjbrx8bHZ0u_7Q2uLdTl-N_o
.adsrvr.org/	1970-01-21 12:52:36	Name: TDID Value: 16265fd6-b9ed-4e9a-8aed-3829f5c4b992
.eyeota.net/	1970-01-21 12:52:36	Name: mako_uid Value: 195c839234e-5f500000010a52ef
.eyeota.net/	1970-01-21 04:07:01	Name: SERVERID Value: 21231~DM
.crwdcntrl.net/	1970-01-21 10:35:46	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-21 10:35:46	Name: _cc_id Value: f64d3331b3c0971d442985ad3e6a89d1
.adsrvr.org/	1970-01-21 12:52:36	Name: TDCPM Value: CAEYBSABKAIyCwiYw_Crvbf1PRAFOAE.
.yahoo.com/	1970-01-21 12:52:58	Name: A3 Value: d=AQABBE5W4WcCEAPDzkOLppQYJWcx2zrt8w4FEgEBAQGn4mfrZ9wv0iMA_eMAAA&S=AQAAAj4GBWmwFGxK7qCWlCVamCU
.reurl.cc/	1970-01-21 12:52:36	Name: FCNEC Value: %5B%5B%22AKsRol-57hg5MD_1nCXlnqtVZgN-V0jixK7fkkoAumx1And1xkKeHONe4_hcFOgQqQiIycm99pk8gxt54_mIFacGBFLNRZ9gc4rYRdzTWb8F-XugdDH9gCq7Sl-QfZDeQyo2Vd1rFLj7_2RNY3WOfuY1rsa82som7w%3D%3D%22%5D%5D
.analytics.yahoo.com/	1970-01-21 12:52:36	Name: IDSYNC Value: 19d3~2o8c
.reurl.cc/	1970-01-21 04:50:12	Name: ISMD5VERSION Value: 1
.holmesmind.com/	1970-01-21 13:43:00	Name: P Value: 271437-ni6RqqL8DR8SCGGz7aYlhTU25j1aVTaJ
.holmesmind.com/	1970-01-21 04:28:08	Name: Vision Value: 20250324-23:59,20250324-23,20250324-23,20250324-23:59
.holmesmind.com/	1970-01-21 04:28:08	Name: C Value: null
.holmesmind.com/	1970-01-21 06:31:58	Name: RK Value: null
.reurl.cc/	1970-01-21 12:52:36	Name: _ss_pp_id Value: 34221ae58058254e8da1742856944002
.reurl.cc/	1970-01-21 04:50:12	Name: CFFPCKUUID Value: 1719-ooqo766MkU84iebyzh3a13WUfUYj7NlG
.reurl.cc/	1970-01-21 04:50:12	Name: CFFPCKUUIDMAIN Value: 5720-Btl669Drddz6VavWXzfehujn4G04K0to
.reurl.cc/	1970-01-21 04:50:12	Name: FPUUID Value: 5720-1561cb6450bd93e00cfca5fd9cfa90c4
.holmesmind.com/	1970-01-21 04:08:27	Name: fcm Value: 1
.reurl.cc/	1970-01-21 13:43:00	Name: _td Value: 6c1bc6c8-7328-43a4-bd05-480abcfcd01b
track.91app.io/	1970-01-21 13:43:00	Name: deviceid Value: 9b285899-5cfd-4b6d-bf48-a24337790473
.lndata.com/	1970-01-21 12:53:05	Name: admckid Value: 2503242055431417263
.hinet.net/	1970-01-21 13:43:00	Name: uuid Value: 10d180c4-2056-4f44-b3d0-2fde99c45f22
.reurl.cc/	1970-01-21 04:07:00	Name: _tg_csi Value: 1
.popin.cc/	1970-01-21 12:52:36	Name: uid Value: 34221ae58058254e8da1742856944002
.reurl.cc/	1970-01-21 12:52:36	Name: __htid Value: 10d180c4-2056-4f44-b3d0-2fde99c45f22
.reurl.cc/	1970-01-21 04:07:04	Name: _ht_em Value: 1
.reurl.cc/	1970-01-21 04:08:27	Name: _ht_50ef57 Value: 1
.holmesmind.com/	1970-01-21 04:28:08	Name: R Value: null
.holmesmind.com/	1970-01-21 06:31:58	Name: G Value: we3u7ZGJymKY5J47cKd8kQ==
.reurl.cc/	1970-01-21 04:08:27	Name: _ht_hi Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://reurl.cc/XqAx30(Line 75) Message: [GroupMarkerNotSet(crbug.com/242999)!:A0B0570DB4110000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network	error	URL: https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg Message: Failed to load resource: net::ERR_CONNECTION_RESET

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10d180c4-2056-4f44-b3d0-2fde99c45f22.t.ssp.hinet.net
1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com
38acab207a35e983f87d9aa227ec7b36.safeframe.googlesyndication.com
ad-specs.guoshipartners.com
ad.holmesmind.com
ad.tagtoo.co
ad2.apx.appier.net
adx.holmesmind.com
analytics.google.com
anymind360.com
api.popin.cc
b50e4f7b7975aa95a80718d7479b2442.safeframe.googlesyndication.com
bcp.crwdcntrl.net
bidder.criteo.com
blog.alphaloan.co
cdn-ima.33across.com
cdn.holmesmind.com
cdn.jsdelivr.net
cms.analytics.yahoo.com
connect.facebook.net
cpt.geniee.jp
creditcards.com.tw
ecs.tagtoo.co
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fundingchoicesmessages.google.com
gocm.c.appier.net
googleads.g.doubleclick.net
gum.criteo.com
img.gbyhn.com.tw
img.racingcharger.tw
invstatic101.creativecdn.com
log.popin.cc
match.adsrvr.org
mma.prnasia.com
oa.openxcdn.net
onead.onevision.com.tw
pagead2.googlesyndication.com
prebid-asia.creativecdn.com
prebid.scupio.com
ps.eyeota.net
r.popin.cc
re-news.tw
reurl.cc
s.w.org
securepubads.g.doubleclick.net
static.criteo.net
static.wixstatic.com
stats.g.doubleclick.net
storage.reurl.cc
t.ssp.hinet.net
td.doubleclick.net
trc.taboola.com
tw.popin.cc
uec.tagtoo.co
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
yads.c.yimg.jp
1bc0cd46610d101fec67156c6b1485c1.safeframe.googlesyndication.com
ad.holmesmind.com
blog.alphaloan.co
ep1.adtrafficquality.google
100.28.140.230
103.1.220.9
103.132.192.30
104.18.28.101
104.18.95.225
107.178.241.176
119.63.193.220
119.63.198.143
119.63.198.188
119.63.198.189
139.162.84.221
142.250.31.132
142.251.111.155
142.251.163.154
142.251.167.113
142.251.167.99
151.101.1.229
151.101.129.55
151.101.65.44
157.240.229.1
157.240.229.35
168.95.245.1
172.253.115.155
172.253.115.156
172.253.122.101
172.253.122.113
172.253.122.132
172.253.122.155
172.253.62.157
172.253.62.97
172.67.150.31
18.160.10.127
18.160.10.56
183.79.219.124
192.0.77.48
192.0.78.25
192.178.155.132
203.137.133.153
203.75.214.136
210.59.219.34
3.161.213.25
34.102.146.192
34.102.218.41
34.107.150.21
34.111.12.34
34.149.98.30
34.160.26.175
34.96.70.87
35.185.130.121
35.190.36.98
50.16.174.192
52.223.40.198
54.64.195.61
64.233.180.132
69.147.92.11
74.119.117.17
74.119.117.47
74.119.117.5
0aaa38bb8e4bb6f7b4a6af08de0d02d376f4fd76664a70e73f976b0675de3c4a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
1a86be36dc7c2e38ceda87849f8d7d26e7dcd24336a12aba1d43eec97a17d6c7
1bb712cb8e9095116e97f89243ae164313e4d8d88eb1571662c0ed31c73dbefd
1bf41ca1364230ce3a9cbbac1110ff4d7d287a9f978fa74297aa30117c4da9c0
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d8ec71222318b195413a9c14eeeb1972c2ae3c67214ce7bec9ce10e2099c1cf
22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a
234c0c89b9e2409fbb4ebb449993aa93c347b2cf57925e8cb0ee5c751ea3dc46
24c55f7fd45388e8a6c4fb7fc8bdae53992181227bb8f77f1d4dc04be9f15556
2621d065b3f4690e89592e90e01673d4e57b6a4560b897eb897c23a8529fd6bf
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840
2dc74ece4c0c5336b68860806e82e273e51c9ea0e15ff85462cffc975f6dbd4a
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30
3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe
34b9dedc33c291dd905b40f25686445d6805a941b54874fc0a074c90801772b3
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
395afb1491e62cb0666325882b2d9ffd6258f76bc2da4f8c163e0b484d82927e
428b4d763209c5b65c1c05f915dde026fbd233486fa2e9554ad1c0131dd336b6
4600e57269e2d3a8cd62ed8014764c8cc4d2094700a3db54721c952ff41ba879
466b4a6c2c47478a104f80a757d2c06af42c6adfec939b18e7990bc1f6fa5460
46e977bd2e693545c10424af0ca8ae2061ce096d8e5658d997fa9ca60471e26d
4c5af1acfdbf1968462d6274d8e2f3c7f8eb9709b425239cf8560b08d9e13638
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a6aecd4e7de3a51bf9a825abdb0e77a56a1a4b12b9a5b2402d056a152f0e1f
57250b21405f09290d1577382611d5179da12bfcbd1257289e9c96e9dd8b6116
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484
698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b
71b61a813bd27dd2b39f517f7f20e157c4dac2045125b63b8e9a1fb2befdbedf
72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3
724bf9b6cead6b42a8435c2dd63959f95a2868fc29d0c19f44b7f26c83a18cdd
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d
75ee5b8579ccdd4addd453e5f03adcfd7f5c07575208312cd4f02672c792284e
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517
782ad28047e3a8afa1421dbe7f8fbb37597cf3f1297d2a4b5a661ef7a3b1a0b0
7b02340f2dc45840d3c378e8585638242965427824cfae847cda7f486176c359
80279f6baf172b794e35da391ac30711c57a3276abda4280d170920df9cca9b1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8aad7f034c2e39ee145189b327d6b1df64240486e08c7eba41d399e7e72797a6
8cba9e3ed08ea32eb9ef7a8004ad0a0a3a43d46d665fbfbd6251f9a44d866440
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e
92f9f001e9f335dc3ba11338e516af016b641679e9195f7aeb9a753b05ee750a
93040fe62b73694ff9fdd8fe5c4c8818e8d96a692dc25eb4177afda44f17be13
93155c81b70401839a5573d0374b8a2fa72bf0f9796249368674301b787f3782
95634eb651772e9ecc489c8a2e12cccb71cd06089ae3f03f8dab3654ce669c8c
974af83638132aad9897e4f0a0ac0bf03e838231d0d627ee5891c8504e79857a
9a9b9d44067529ee0d47b9222376a936fbd9309a9160afdc4ae27130c16c9011
9c02ce64001b6783e089db88bd56ebc14c06995779af8a825d94615e71e91742
9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf
a0488164a8e38f8b9d943ced442f639d2af110b20e97299930eeafedb0f00c0c
a6a132211fe21475c262557eeb7c3efad716f5ece2f3552e2894e097a9fd7bf0
a9bd7d8be3fc5672b4bc407076ca1291d5e47ef073d1244f0c55bb5703223150
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22
bb2623d5302c13b0fa5e883b167d941279852cb50118493533062becdaace7f0
bc030c460d4e482131bcfbf4f39c7bb05e04c99e7e508b2030e72b170f42d8bf
bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa
c0ffbdc3094973d82e8c2b4dc95777c6a11add910200bff47a11e0c90c3457ea
c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac
cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda
cf06b11142a595c5afc11b3f763bb83a72338fe3dfd994d89fd5c05cc8833ce7
d87bdde5b93ccd6b28df30f6841ec9ab4114de022f8ec3abf45be89f9f9d867e
d91f68a62d07782eb88bc13fd12acfab8c06f2ac2a9106a18544f6bca1532060
ddd47146e422eade725fde4598b99c5de853959bf5e5882dfe916038be7b56fa
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e07b89b32652ade8fb7527421b6d15ca09f01be80ea9221e52f977372aaab8fd
e1a88944839c9a9a2901a448d23a62bf47fb36cd7b50ebf145e020c82633a984
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50d22b5eeec9dac3bc9087a1879128c48bd4598de3d65771e8735ccbbf3c6f7
e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2cd84611253bf9a1fecac6f381da91a3daf8ea5e23590dfc891b2e142823031
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b
f54417dc932e3e432d8c4730b204456d1e76ebe29e93afe191bb5888f62c9da5
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

reurl.cc Open in urlscan Pro 35.185.130.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

199 Requests

93 %HTTPS

0 %IPv6

39 Domains

61 Subdomains

55 IPs

5 Countries

3114 kBTransfer

9497 kBSize

46 Cookies

20 Outgoing links

Redirected requests

199 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Screenshot
Live screenshot

Full Image

199
Requests

93 %
HTTPS

0 %
IPv6

39
Domains

61
Subdomains

55
IPs

5
Countries

3114 kB
Transfer

9497 kB
Size

46
Cookies

199 HTTP transactions
5 data transactions