reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reurl.cc/XqAx30
Submission: On March 25 via api (March 25th 2025, 6:25:00 am UTC) from JP — Scanned from US

Summary HTTP 206 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 54 IPs in 5 countries across 39 domains to perform 206 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 200657.
TLS certificate: Issued by R11 on March 14th 2025. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	35.185.130.121 35.185.130.121	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	104.18.186.31 104.18.186.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	34.149.98.30 34.149.98.30	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.1.55 151.101.1.55	54113 (FASTLY) (FASTLY)
3	64.233.180.97 64.233.180.97	15169 (GOOGLE) (GOOGLE)
23	172.253.62.154 172.253.62.154	15169 (GOOGLE) (GOOGLE)
3	203.137.133.156 203.137.133.156	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
2	168.95.246.2 168.95.246.2	131660 (CHTCDN Da...) (CHTCDN Data Communication Business Group)
2	31.13.66.19 31.13.66.19	32934 (FACEBOOK) (FACEBOOK)
4	142.251.179.100 142.251.179.100	15169 (GOOGLE) (GOOGLE)
5	107.178.241.176 107.178.241.176	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	157.240.229.35 157.240.229.35	32934 (FACEBOOK) (FACEBOOK)
2	34.160.26.175 34.160.26.175	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	182.22.28.252 182.22.28.252	23816 (YAHOO Yah...) (YAHOO Yahoo Japan Corporation)
2	216.239.34.181 216.239.34.181	15169 (GOOGLE) (GOOGLE)
1	142.251.16.157 142.251.16.157	15169 (GOOGLE) (GOOGLE)
1	142.251.167.156 142.251.167.156	15169 (GOOGLE) (GOOGLE)
10	172.253.122.113 172.253.122.113	15169 (GOOGLE) (GOOGLE)
3 3	69.147.92.12 69.147.92.12	14777 (YAHOO) (YAHOO)
2 2	18.235.184.124 18.235.184.124	14618 (AMAZON-AES) (AMAZON-AES)
2 2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 2	18.214.54.215 18.214.54.215	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8	74.119.117.47 74.119.117.47	19750 (AS-CRITEO) (AS-CRITEO)
1	104.18.29.101 104.18.29.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.251.163.132 142.251.163.132	15169 (GOOGLE) (GOOGLE)
1	104.18.96.225 104.18.96.225	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.78.25 192.0.78.25	2635 (AUTOMATTIC) (AUTOMATTIC)
1	104.21.96.9 104.21.96.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	103.1.220.9 103.1.220.9	131149 (YUANJHEN-...) (YUANJHEN-AS-TW Yuan-Jhen Info.)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
1	18.160.18.18 18.160.18.18	16509 (AMAZON-02) (AMAZON-02)
3	119.63.193.220 119.63.193.220	38627 (BAIDUJP B...) (BAIDUJP Baidu)
21	142.251.163.154 142.251.163.154	15169 (GOOGLE) (GOOGLE)
26	18.160.10.56 18.160.10.56	16509 (AMAZON-02) (AMAZON-02)
1	74.119.117.17 74.119.117.17	19750 (AS-CRITEO) (AS-CRITEO)
4	18.160.10.29 18.160.10.29	16509 (AMAZON-02) (AMAZON-02)
5	54.178.103.138 54.178.103.138	16509 (AMAZON-02) (AMAZON-02)
1	119.63.198.189 119.63.198.189	38627 (BAIDUJP B...) (BAIDUJP Baidu)
1	34.111.12.34 34.111.12.34	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.107.150.21 34.107.150.21	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
11	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
3	119.63.198.143 119.63.198.143	38627 (BAIDUJP B...) (BAIDUJP Baidu)
1 2	64.233.180.156 64.233.180.156	15169 (GOOGLE) (GOOGLE)
2	142.251.163.155 142.251.163.155	15169 (GOOGLE) (GOOGLE)
1	34.102.218.41 34.102.218.41	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	142.251.167.132 142.251.167.132	15169 (GOOGLE) (GOOGLE)
1	119.63.198.188 119.63.198.188	38627 (BAIDUJP B...) (BAIDUJP Baidu)
2	103.132.192.30 103.132.192.30	138552 (RTBHOUSE-...) (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD.)
4 8	35.190.36.98 35.190.36.98	15169 (GOOGLE) (GOOGLE)
4 4	139.162.84.221 139.162.84.221	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
4	74.119.117.5 74.119.117.5	19750 (AS-CRITEO) (AS-CRITEO)
2	210.59.219.34 210.59.219.34	3462 (HINET Dat...) (HINET Data Communication Business Group)
2	172.253.63.99 172.253.63.99	15169 (GOOGLE) (GOOGLE)
1	64.233.180.132 64.233.180.132	15169 (GOOGLE) (GOOGLE)
206	54

1 35.185.130.121 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.186.31 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.149.98.30 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 30.98.149.34.bc.googleusercontent.com

storage.reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.55 (San Francisco, United States)

ASN54113 (FASTLY, US)

anymind360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.233.180.97 (United States)

ASN15169 (GOOGLE, US)
PTR: pe-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 172.253.62.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f154.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 203.137.133.156 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)

cpt.geniee.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 168.95.246.2 (Los Angeles, United States)

ASN131660 (CHTCDN Data Communication Business Group, TW)
PTR: 168-95-246-2.hinet-ip.hinet.net

ad-specs.guoshipartners.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.179.100 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f100.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 107.178.241.176 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.241.178.107.bc.googleusercontent.com

onead.onevision.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 157.240.229.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-iad3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.160.26.175 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 175.26.160.34.bc.googleusercontent.com

re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.22.28.252 (Japan)

ASN23816 (YAHOO Yahoo Japan Corporation, JP)

yads.c.yimg.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.34.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.16.157 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.167.156 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f156.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.253.122.113 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f113.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.147.92.12 (Ashburn, United States) 3 redirects

ASN14777 (YAHOO, US)
PTR: e2.ycpi.vip.dca.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.235.184.124 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-184-124.compute-1.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.214.54.215 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-54-215.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.44 (San Francisco, United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 74.119.117.47 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.29.101 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.163.132 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f132.1e100.net

26d94a8ec5abf61e885fc24dc73d23b8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.96.225 (None, )

ASN13335 (CLOUDFLARENET, US)

mma.prnasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.25 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.96.9 (None, )

ASN13335 (CLOUDFLARENET, US)

img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.1.220.9 (Taiwan)

ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW)
PTR: ph2.g-dns.com

img.racingcharger.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.18.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-18-18.iad12.r.cloudfront.net

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 119.63.193.220 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

api.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 142.251.163.154 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f154.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 18.160.10.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-56.iad12.r.cloudfront.net

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.117.17 (United States)

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.160.10.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-29.iad12.r.cloudfront.net

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adx.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.178.103.138 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com

ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.63.198.189 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

tw.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.12.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.12.111.34.bc.googleusercontent.com

ad.tagtoo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.150.21 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 21.150.107.34.bc.googleusercontent.com

uec.tagtoo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dd16de0d-6072-4954-9b20-c4f698f0caef.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 119.63.198.143 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

log.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.180.156 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: on-in-f156.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.163.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f155.1e100.net

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.218.41 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 41.218.102.34.bc.googleusercontent.com

ecs.tagtoo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.167.132 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f132.1e100.net

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.63.198.188 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

r.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net

prebid-asia.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.190.36.98 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 98.36.190.35.bc.googleusercontent.com

ad2.apx.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.162.84.221 (Tokyo, Japan) 4 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1564-221.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.119.117.5 (United States)

ASN19750 (AS-CRITEO, US)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 210.59.219.34 (Taichung City, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 210-59-219-34.hinet-ip.hinet.net

prebid.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.63.99 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.180.132 (United States)

ASN15169 (GOOGLE, US)
PTR: pe-in-f132.1e100.net

86c85434f5f5f4ab51836180f122c81f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	holmesmind.com cdn.holmesmind.com — Cisco Umbrella Rank: 144812 ad.holmesmind.com — Cisco Umbrella Rank: 113263 adx.holmesmind.com	89 KB
27	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 289 stats.g.doubleclick.net — Cisco Umbrella Rank: 284 td.doubleclick.net — Cisco Umbrella Rank: 327 googleads.g.doubleclick.net — Cisco Umbrella Rank: 70	251 KB
23	googlesyndication.com 26d94a8ec5abf61e885fc24dc73d23b8.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 157 86c85434f5f5f4ab51836180f122c81f.safeframe.googlesyndication.com a7e676c2c877b5568d903369ac394367.safeframe.googlesyndication.com Failed	361 KB
14	google.com analytics.google.com — Cisco Umbrella Rank: 253 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 649 www.google.com — Cisco Umbrella Rank: 10	72 KB
12	appier.net 8 redirects ad2.apx.appier.net — Cisco Umbrella Rank: 115896 gocm.c.appier.net — Cisco Umbrella Rank: 5598	3 KB
11	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 92735 dd16de0d-6072-4954-9b20-c4f698f0caef.t.ssp.hinet.net 1e6381d9-6ea5-400b-a0fc-381585d2eb6e.t.ssp.hinet.net Failed	5 KB
8	popin.cc api.popin.cc — Cisco Umbrella Rank: 22807 tw.popin.cc — Cisco Umbrella Rank: 125846 log.popin.cc — Cisco Umbrella Rank: 93722 r.popin.cc — Cisco Umbrella Rank: 102226	97 KB
8	criteo.net static.criteo.net — Cisco Umbrella Rank: 1135	56 KB
6	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 512 ep2.adtrafficquality.google — Cisco Umbrella Rank: 514	32 KB
6	reurl.cc reurl.cc — Cisco Umbrella Rank: 200657 storage.reurl.cc — Cisco Umbrella Rank: 279374	7 KB
5	criteo.com gum.criteo.com — Cisco Umbrella Rank: 610 bidder.criteo.com — Cisco Umbrella Rank: 1746	745 B
5	onevision.com.tw onead.onevision.com.tw — Cisco Umbrella Rank: 153929	2 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 129	229 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 116	22 KB
3	tagtoo.co ad.tagtoo.co — Cisco Umbrella Rank: 167837 uec.tagtoo.co — Cisco Umbrella Rank: 130520 ecs.tagtoo.co — Cisco Umbrella Rank: 121351	62 KB
3	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 3260 prebid-asia.creativecdn.com — Cisco Umbrella Rank: 20685	3 KB
3	yahoo.com 3 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 3132 ups.analytics.yahoo.com — Cisco Umbrella Rank: 830	960 B
3	geniee.jp cpt.geniee.jp — Cisco Umbrella Rank: 35259	70 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 107	383 KB
2	scupio.com prebid.scupio.com — Cisco Umbrella Rank: 143006	4 KB
2	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 1557	2 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 564	1 KB
2	crwdcntrl.net 2 redirects bcp.crwdcntrl.net — Cisco Umbrella Rank: 1587	730 B
2	re-news.tw re-news.tw	31 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 255	80 KB
2	guoshipartners.com ad-specs.guoshipartners.com — Cisco Umbrella Rank: 181880	24 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 427	59 KB
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 8835	1011 KB
1	w.org s.w.org — Cisco Umbrella Rank: 7227	730 B
1	racingcharger.tw img.racingcharger.tw	152 KB
1	gbyhn.com.tw img.gbyhn.com.tw	67 KB
1	creditcards.com.tw creditcards.com.tw	65 KB
1	prnasia.com mma.prnasia.com	12 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1907	7 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 3358	8 KB
1	taboola.com trc.taboola.com — Cisco Umbrella Rank: 1016	196 B
1	yimg.jp yads.c.yimg.jp — Cisco Umbrella Rank: 31472	58 KB
1	anymind360.com anymind360.com — Cisco Umbrella Rank: 15232	46 KB
0	alphaloan.co Failed blog.alphaloan.co Failed
206	39

	Domain	Requested by
29	cdn.holmesmind.com	securepubads.g.doubleclick.net cdn.holmesmind.com ad.holmesmind.com
23	securepubads.g.doubleclick.net	reurl.cc securepubads.g.doubleclick.net pagead2.googlesyndication.com
21	pagead2.googlesyndication.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
10	t.ssp.hinet.net	api.popin.cc cdn.holmesmind.com t.ssp.hinet.net
10	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
8	ad2.apx.appier.net	4 redirects reurl.cc
8	static.criteo.net	securepubads.g.doubleclick.net cdn.holmesmind.com reurl.cc
5	ad.holmesmind.com	cdn.holmesmind.com
5	onead.onevision.com.tw	ad-specs.guoshipartners.com reurl.cc
5	storage.reurl.cc	reurl.cc
4	bidder.criteo.com	static.criteo.net
4	gocm.c.appier.net	4 redirects reurl.cc
4	ep2.adtrafficquality.google	pagead2.googlesyndication.com ep2.adtrafficquality.google securepubads.g.doubleclick.net
4	www.facebook.com	reurl.cc
4	www.google-analytics.com	storage.reurl.cc www.google-analytics.com reurl.cc www.googletagmanager.com
3	log.popin.cc	reurl.cc
3	api.popin.cc	reurl.cc api.popin.cc
3	cpt.geniee.jp	reurl.cc cpt.geniee.jp
3	www.googletagmanager.com	reurl.cc www.googletagmanager.com
2	www.google.com	ep2.adtrafficquality.google
2	prebid.scupio.com	cdn.holmesmind.com
2	prebid-asia.creativecdn.com	cdn.holmesmind.com
2	ep1.adtrafficquality.google	pagead2.googlesyndication.com securepubads.g.doubleclick.net reurl.cc
2	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com
2	ps.eyeota.net	1 redirects reurl.cc
2	match.adsrvr.org	2 redirects
2	bcp.crwdcntrl.net	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	analytics.google.com	www.googletagmanager.com
2	re-news.tw	storage.reurl.cc reurl.cc
2	connect.facebook.net	storage.reurl.cc connect.facebook.net
2	ad-specs.guoshipartners.com	reurl.cc
2	cdn.jsdelivr.net	reurl.cc
1	86c85434f5f5f4ab51836180f122c81f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	dd16de0d-6072-4954-9b20-c4f698f0caef.t.ssp.hinet.net	reurl.cc
1	r.popin.cc	reurl.cc
1	ecs.tagtoo.co	ad.tagtoo.co
1	adx.holmesmind.com	pagead2.googlesyndication.com
1	uec.tagtoo.co	api.popin.cc
1	ad.tagtoo.co	api.popin.cc
1	tw.popin.cc	api.popin.cc
1	gum.criteo.com	static.criteo.net
1	static.wixstatic.com	reurl.cc
1	s.w.org	reurl.cc
1	img.racingcharger.tw	reurl.cc
1	img.gbyhn.com.tw	reurl.cc
1	creditcards.com.tw	reurl.cc
1	mma.prnasia.com	reurl.cc
1	26d94a8ec5abf61e885fc24dc73d23b8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	trc.taboola.com	reurl.cc
1	cms.analytics.yahoo.com	1 redirects
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	yads.c.yimg.jp	cpt.geniee.jp
1	anymind360.com	reurl.cc
1	reurl.cc
0	a7e676c2c877b5568d903369ac394367.safeframe.googlesyndication.com Failed	securepubads.g.doubleclick.net
0	1e6381d9-6ea5-400b-a0fc-381585d2eb6e.t.ssp.hinet.net Failed	reurl.cc
0	blog.alphaloan.co Failed	reurl.cc
206	62

This site contains links to these domains. Also see Links.

Domain
re-news.tw
youtils.cc
www.comptw.com
stockinfo.tw

Subject Issuer	Validity	Valid
reurl.cc R11	`2025-03-14` - `2025-06-12`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
storage.reurl.cc WR3	`2025-03-14` - `2025-06-12`	3 months	crt.sh
anymind360.com R10	`2025-02-15` - `2025-05-16`	3 months	crt.sh
*.google-analytics.com WR2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
*.g.doubleclick.net WR2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
*.geniee.jp GeoTrust TLS RSA CA G1	`2024-07-30` - `2025-08-30`	a year	crt.sh
ad-specs.guoshipartners.com Go Daddy Secure Certificate Authority - G2	`2025-01-08` - `2026-01-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2025-01-02` - `2025-04-02`	3 months	crt.sh
onead.onevision.com.tw R10	`2025-02-03` - `2025-05-04`	3 months	crt.sh
wp.re-news.tw WR3	`2025-03-04` - `2025-06-02`	3 months	crt.sh
edge01.yahoo.co.jp Cybertrust Japan SureServer CA G4	`2025-02-07` - `2026-03-06`	a year	crt.sh
*.google.com WE2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
*.doubleclick.net WR2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
*.taboola.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-12-01` - `2025-12-31`	a year	crt.sh
oa.openxcdn.net WR3	`2025-03-12` - `2025-06-10`	3 months	crt.sh
invstatic101.creativecdn.com WR3	`2025-02-12` - `2025-05-13`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-02-03` - `2025-05-03`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2024-09-05` - `2025-09-30`	a year	crt.sh
*.prnasia.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-23` - `2025-11-23`	a year	crt.sh
tls.automattic.com E6	`2025-02-14` - `2025-05-15`	3 months	crt.sh
gbyhn.com.tw WE1	`2025-03-06` - `2025-06-04`	3 months	crt.sh
img.racingcharger.tw R11	`2025-02-15` - `2025-05-16`	3 months	crt.sh
s.w.org E6	`2025-02-28` - `2025-05-29`	3 months	crt.sh
*.wixstatic.com R11	`2025-01-23` - `2025-04-23`	3 months	crt.sh
*.popin.cc Secure Site Pro CA G2	`2024-09-23` - `2025-10-24`	a year	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2025-03-06` - `2026-04-07`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-02-09` - `2025-05-10`	3 months	crt.sh
ad.tagtoo.co WR3	`2025-02-20` - `2025-05-21`	3 months	crt.sh
uec.tagtoo.co WR3	`2025-02-23` - `2025-05-24`	3 months	crt.sh
*.t.ssp.hinet.net HiPKI OV TLS CA - G1	`2025-02-12` - `2026-02-12`	a year	crt.sh
adtrafficquality.google WR2	`2025-03-10` - `2025-06-02`	3 months	crt.sh
ecs.tagtoo.co WR3	`2025-03-22` - `2025-06-20`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2024-04-05` - `2025-04-30`	a year	crt.sh
*.scupio.com Sectigo RSA Organization Validation Secure Server CA	`2024-09-27` - `2025-10-28`	a year	crt.sh

This page contains 29 frames:

Primary Page: https://reurl.cc/XqAx30
Frame ID: 9D48909733C47E9D0D87A439B8B6BC1A
Requests: 65 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: DE12CAB91227B08B6B862DCB7FBA17CF
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=1792140177.1742883893&gtm=45je53l1v897965293za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102788824~102803279~102813109~102926326&z=591821708
Frame ID: BF4624570DBF23414FEBBB9EFC966331
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 17AF43879D0CA4FB8F1EDFB0F3716EC3
Requests: 1 HTTP requests in this frame

Frame: https://26d94a8ec5abf61e885fc24dc73d23b8.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Frame ID: 63ECA71647A6F4A6BD053559C53F2A5D
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsseflZ801Bdu0yrErToSi8SL4f79RIHAWHqNx7hMPYjBm-1XGMWyEIJ3NgvGLxWyky-RZWckvn3wvYOO6b4EOpKWIg9jnw2bjRoXOw7YpRLBvmgz7QJeyXNiJjqiJ89lI4OK9yFC-HP39PEg-XrGSteivGLms-JIr0MoeBX2Ot-1EBXhlGlY_eoTY5qe92kWet3oZlLBo5RR3DO371SPNUw-VElcIoKEA_XKvvP-lDNufPHhTVccf-is04IzJb5KL-e0AwkehGexGboeVzj5L-S9qZiJE4Wx1YNYMiyS9L5DQ8L7UTUakby3icLxPMXTYBRKHFC7R8S5sqlY-gFIjOVv23zz3n1yBzhdB2fHX1MyrEJYPMk0Ua6fLHxFYqOw0a3h5XKI89JXXRWultKK44bRhw3XWSirIA-u3aFI9mZFTsVADAhjrUEYg&sai=AMfl-YR2PDZiYjfzsBOx7qhyJ8JtCvNjplEMoAOWXv7-0qMkpIqzGsvRAlKU_EVHUtn1_O9uRmbxXw0lR6uuW3Kg7bTKsmmE7gVdfbywNnFrZ98HuZvpc1iZ1gg_DFc&sig=Cg0ArKJSzHep0H0ys3q9EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 00BF96CD8297B7C4392EC3B2A643743C
Requests: 22 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuh-83U4bB9qo2IRg2fiNKp3l4Qp_ixi1KQqGAsOQM76G9RB9uj1jWAnQ4gCYks5Q-BlU2auK_OHOZ2aRU5diBhsF7R5Hn0-5vmsHyFZYUeNICFj9dlQwDiuILWl1IhHgZOXTuYO0czji-YITAY5G4kumoy8Tx5X0QOTegjznTyY1KBG77kWc4Vjcixa7E6P9Gbg_CyATvXgYHop_d0n9w34xf9ToaZtsFM7fpX27FPT0cdC5D5Gfu9N6wQDjt_NzDD6uLhONWl7XDGtENnsgp-x5uD6ZxWgRBCYPa42lT2DnGxHHU2yiOyYmb-NAUcSECGusH-UX2fzxA5GKBBjJOw4KLp9j9wVKicQxHRDlsOoz4Ol4sM4j26LQjo9tVIDyjHf0A0LGPRKyRxWky4WLpvxuSeGqBE428cRhHve7KeIb1iQE_f6uPmjw&sai=AMfl-YTZLzu10XGxfHKer9cVJJpW8h2SJ7ouSFp1uTFXwjP2Zb0UUcr-VqYrGItnkp8mMzAGNm7XStooX4i-2gElYBPHEInE66yWnSEX0ce2nC5OcG2wxxx5pRtMVys&sig=Cg0ArKJSzEP_SulNXLh1EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: EED335992E11B7546FD49D290932B413
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvVY5habeCnkTLFWhEoKhVFXx6xPx8NccfXDWVlJSGY6_lPkG8_VhqdQYqFjeu97lZLkmy2E87p_UZDgTzegW3OKNNvZOMFiPV-3dJHLNFxAryhVoJNwnLrVZCd627W6Uca8U1_nU6wlssTdXAxp11RH-ScC7DDiTO21RwSf5tH30BRXTymoGcYHsOlr9GHKw3EkeiLMnyWCmRJ-gZV2c1ktY-FXpuILApaSi6YLV2E1ZzO6CE6F6Ew03HtDO5hTNpqd1Ow_EjU_r6IxunPBuoid-XQink4R35g4Rt4bBLPvozeDFrSWDjncWjuTdKJiv242VnrN8n6816nsjJ8HZ8r-lMasAG5BdZJGtM4I4dx598ugSt_cQ2WQjTagr6JYhTZujmUKPXSqHSw8HLJseCox-iOpPnSk9v649WDw13XgzVKcmgirhlVl6HxWP9nPRI&sai=AMfl-YSeZ9dDZTBSeUpW4QMISk6ySiWBCp6iCi7Vxxn0rmgbhzYE65KPoT3-icIl74iUQp3ijDtUD-K0Ojdl1mXi4DGV5k1yw8IjGtcqwfTLJiOmuw4NhRKdtUKKG7M&sig=Cg0ArKJSzE8_jQAiJhwQEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 5770166122006C90A753AC5418E4B417
Requests: 6 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Frame ID: 6E5B31D6C2AC5B76D80C7454374AE001
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 65A58626B7370AAB67C5FF7BC6BF12A5
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: E378D271FE13D7675D0779A7732B8060
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250320/r20190131/zrt_lookup.html
Frame ID: 861DDCB184C4769C11BB136035AA1BD9
Requests: 1 HTTP requests in this frame

Frame: https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Frame ID: 640F5305E5517D4008491DF660AF18E6
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 3128EE74B5A0361C264FD1930A9B4F8A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D6AEEDB7E275F2CB986671455725F787
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 9632F6E7F61362F7B0D5CD5BAFC5B888
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 328A19BF44B29372560FFD26C57ED648
Requests: 1 HTTP requests in this frame

Frame: https://86c85434f5f5f4ab51836180f122c81f.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3
Frame ID: 87DF6D40B258C834BCD4328A6C09622A
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 54E52A90171EE8927C682C81331F7BFD
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 73FF3C8194E7DCFE9EBB3C7E2A61A137
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDjHFJ7YR9vgGfyVj0-URnufen8YUI5Qw2HVvglg4cu1axkAW6px-fJkDXZbt20BEcKl7aLhljEBPjcBNnJfa619ueSSldTXfFazt1_8cwKy1_c43ON_RIKZ-d2U9QONKlJFtVS7kkDv5w_6zMyR5nTKIJ7dx3IYqNsMCRzAT2kDhUM3IXAJBq9qStX7VLI2Ce-zrVU5M1qfiq2BCHBUSBFRSzGx9e3BYcp-yh7ltAL0XXqslGKxpXag4SpiHOyKJYsKmnhS2xtc-zxLfpaIpEmWzA5lqYK_iQ0bHxhKOyGumtTpMprXIPJ1hp7lswmCNW73-5DCPOM3jMQozGxQ_CeEiafqpBKQ2oVPRQKtFolrfeb9H2QiERgGTe_tIW0hEyv_Isbz56t2y81YEwDyf4VzleWhj45D2I6_YIOVhIK0Qb1PL5wpreILU6P-9ht0zNgFuyVq6t9g&sai=AMfl-YQSbAyejMncJ8MNXaIAoHi9-5e9k2wjGQ71xqKq0B0RP3IiqMLiSXmBg4UlKDyZyCF0rQvZdH_oB_yw0JCHwJp9mJHJoubT_168eDnTbk07JuKSkBtMFqf4WOI&sig=Cg0ArKJSzJaDFOVsuaLpEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 959C7A8CB62862000005E0DACFF294D5
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=5457-e3b96dd482231f90fbf0fd41a538ba0e
Frame ID: E2A9B3DE6052A288F93979459262C95E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: B2C31073686B772F9801CAE32F140FF6
Requests: 23 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 0D8431364A518647D07C247E74FA2AF6
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 35D86EE445F8D52A11EF30C50532677F
Requests: 1 HTTP requests in this frame

Frame: https://a7e676c2c877b5568d903369ac394367.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=6
Frame ID: B4E97426E6D3BD5DE2ABAE247863AD21
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZ7hW5CYAsODKgYp1LgXYqjdi5xkMNSpCJe1xetPWFchask7y4DlFZjSqFzYpM6PvUhKdWcCxt4nL6F1eriIJ3gh_E1CdxoRl2U8r4TG4qSVBkMQBeYSVa5jTIUG4dNtGasxeOSIGGn7PhcoRyEyIkY9HsVLrk87HJplpDnTjT_UQjgAlSeYGi_WCeGURCRP2WP95v0VFLXOJPch5jKPiXWNxlo8gg1HbzmLJ7hd1YS8Ar-9ofnaXJ7llAtKZZcWtI8uN142tiMzec7Z-Dw3M0caa6DO6OmHsyVBvWyvhxjulxKiMx91hE8sClnPN6F3rNrw12rwsDugS09in_Lgm71fU9rb2X_gQhrJ2ixsJ0kzkkzdVhfhEWpOLFDx48125credWrdYr6cTMzpHHGLDWTlCEP7zIDGQ1z8IXixDjy7N7rVX8m1FLDnpk_PxrGBEBTGLZWXdXsg&sai=AMfl-YSDJMynyPQtq-NwHPJf2ib5pwiPAEd8GJFTTZ8kJNDl41NTb_dE-RabunjjQjpFZ_0MmF_SvYXK7Z2y9OnpKUJ036pxvo28g0zsNm7ptB563qronv5a_KvCEkA&sig=Cg0ArKJSzKasD6sEW7FMEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: BF007715DCE317DDAFA827143474617F
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=5457-e3b96dd482231f90fbf0fd41a538ba0e
Frame ID: 7C2298E601AEB4E3176B3F461DDD171C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 17DEF78BAF8F65F64C38F3495FEC8211
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dynamics 365 Customer Voice

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

206
Requests

90 %
HTTPS

0 %
IPv6

39
Domains

62
Subdomains

54
IPs

5
Countries

3140 kB
Transfer

9734 kB
Size

46
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://re-news.tw/
Title: Exit

Search URL Search Domain Scan URL

URL: https://re-news.tw/renews/168

Search URL Search Domain Scan URL

URL: https://re-news.tw/prnasia/4647990_XG47990_2

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/233069

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/61537

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/54444

Search URL Search Domain Scan URL

URL: https://re-news.tw/golike/22753

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/664f06a4333c44b7de8afda5

Search URL Search Domain Scan URL

URL: https://re-news.tw/alphaloan/20451

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: Emoji

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: Geo IP

Search URL Search Domain Scan URL

URL: https://youtils.cc/big5gb
Title: Big5/GB Converter

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QR Code

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: Length Converter

Search URL Search Domain Scan URL

URL: https://www.comptw.com/
Title: Taiwan Company

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: Taiwan Stock

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: Word Counter

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: Date Calculator

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: Lunar Calendar

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: UTM tool

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://cms.analytics.yahoo.com/cms?partner_id=OneDATA HTTP 302
https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA HTTP 302
https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true HTTP 302
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-Ifv16IhE2p8YF9YJqiFjpVF5JrW6rTIFH4x4ig--~A

Request Chain 37

https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
https://onead.onevision.com.tw/v2/pixel/ltm?id=5c1420dab83478c8ee469a33fe3dcdbe

Request Chain 38

https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
https://onead.onevision.com.tw/v2/pixel/ttd?id=ce94ca08-c10e-40b9-9c41-866418756130

Request Chain 39

https://ps.eyeota.net/pixel?pid=3m51m51&uid=dcbb2106-0941-11f0-a308-0242ac120002&t=ajs HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=dcbb2106-0941-11f0-a308-0242ac120002&t=ajs

Request Chain 101

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=3173046723&pi=t.ma~as.2784%2F13803&w=300&lmt=1742883895&url=https%3A%2F%2Freurl.cc%2FXqAx30&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1742883894788&bpp=283&bdt=505&idt=624&shv=r20250320&mjsv=m202503200101&ptt=5&saldr=sd&cookie=ID%3D4a889540576ae011%3AT%3D1742883893%3ART%3D1742883893%3AS%3DALNI_Mbc678ixuGYgHEYf2Z6hEoOxmjn9A&gpic=UID%3D000010863ba18a95%3AT%3D1742883893%3ART%3D1742883893%3AS%3DALNI_MbPEgSJzc-jyugNezBaMveYUm-dqw&eo_id_str=ID%3Dbb0e8723727a4dde%3AT%3D1742883893%3ART%3D1742883893%3AS%3DAA-Afjavr-iQOcaLmw9Iq7Hch1bd&correlator=7455360233119&frm=23&ife=4&pv=2&nhd=1&u_tz=-600&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=270&ady=172&biw=1600&bih=1200&isw=300&ish=250&ifk=3231471538&scr_x=0&scr_y=0&eid=95353450%2C95356499%2C95356505%2C31088250%2C95355965%2C95355301&oid=2&pvsid=1400588031679878&tmod=462822199&uas=0&nvt=1&fc=640&brdim=80%2C80%2C80%2C80%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=1.k0uf4gez6axu&fsb=1&dtd=723 HTTP 302
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html

Request Chain 117

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=BvRfhG4ABQOaDBu7OUziZw

Request Chain 119

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=hlvNJkiFClGfwKJgOUziZw

Request Chain 164

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=SbzlMVVYDGmVHiPaOUziZw

Request Chain 165

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=AlvE95WgDDiU0gYzOkziZw

Request Chain 206

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid

Request Chain 207

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid

206 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request XqAx30 Show response
reurl.cc/ 15 KB
4 KB 791ms
371ms Document
text/html 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: dee32bfa9dddc3bd54ac9263dac28e3472c474273b29055819105377e7f7eae1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 25 Mar 2025 06:24:51 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx/1.18.0 (Ubuntu)
target: https://ecv.microsoft.com/dDTk9Vwh4y
vary: Accept-Encoding Origin
x-request-id: 660a3799-b6da-418f-9245-63fdded48fd3

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
26 KB 285ms
83ms Stylesheet
text/css 104.18.186.31
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.186.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
age: 1990018
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PuSjLR6IIU3zPPfqK%2B6fNVqEB5uktREU3f2k1RzZTWBbQBb9PjRYZLFW96giC8Mg9%2BGYb%2FJh8Z%2Ff2Zypa6sDeShJ%2FWOpRaqGxSnsleqtiHz74lKvgttBzso6Wy30MB0J1eo%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
date: Tue, 25 Mar 2025 06:24:51 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-eddf8230028-FRA, cache-lga21986-LGA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 925c53e37a0b2b6b-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25648
server: cloudflare
x-jsd-version: 4.3.1

GET
H2 200 style.css
storage.reurl.cc/stylesheets/rwd/ 2 KB
1 KB 204ms
65ms Stylesheet
text/css 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/stylesheets/rwd/style.css?v=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: 5b112c41-0b59-4aca-9e26-4475333e24a1
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
age: 13639
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 02:37:32 GMT
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=28800
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 904

GET
H2 200 ats.js Show response
anymind360.com/js/9479/ 186 KB
46 KB 268ms
67ms Script
application/javascript 151.101.1.55
FASTLY

General

Check archive.org

Download Go to

Full URL

https://anymind360.com/js/9479/ats.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.55 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a6a132211fe21475c262557eeb7c3efad716f5ece2f3552e2894e097a9fd7bf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
content-encoding: gzip
x-goog-hash: crc32c=jUf8sg==, md5=XZKb74lEVE/od15TDzGdTQ==
etag: "5d929bef8944544fe8775e530f319d4d"
age: 97433
x-goog-stored-content-encoding: gzip
expires: Mon, 24 Mar 2025 03:20:59 GMT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-goog-stored-content-length: 46393
x-cache: HIT, HIT
date: Tue, 25 Mar 2025 06:24:51 GMT
last-modified: Thu, 12 Dec 2024 05:32:33 GMT
content-type: application/javascript; charset=UTF-8
x-served-by: cache-tyo11968-TYO, cache-bur-kbur8200087-BUR
x-cache-hits: 199, 0
x-guploader-uploadid: AKDAyItGzjf3YcOIf0uq9n4prQHBFE8cdZGAdbHvIPTJmAs9PyRx90c4Bd54AU9TSDfOC6Re
strict-transport-security: max-age=31557600
vary: Accept-Encoding
cache-control: max-age=1200
x-goog-storage-class: STANDARD
x-timer: S1742883892.755345,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1733981553094287
content-length: 46393
server: UploadServer

GET
H2 200 pixel.js Show response
storage.reurl.cc/javascripts/ 429 B
523 B 72ms
64ms Script
text/javascript 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/javascripts/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: 9eba7160-512b-4d06-a3be-ec05da015c9b
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
age: 16977
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 429
date: Tue, 25 Mar 2025 01:41:54 GMT
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/javascript; charset=utf-8
vary: Origin

GET
H2 200 ga2.js Show response
storage.reurl.cc/javascripts/ 536 B
443 B 173ms
167ms Script
text/javascript 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/javascripts/ga2.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: 00d05406-001a-401f-9abf-82ee842d8775
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
age: 6532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 04:35:59 GMT
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=28800
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 348

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 361 KB
121 KB 624ms
308ms Script
application/javascript 64.233.180.97
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

2a9e459c9f61af953fedcfda7f293624635d8d9e21746150adaff2be5a4135c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires: Tue, 25 Mar 2025 06:24:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
content-length: 123370
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 438 KB
142 KB 519ms
204ms Script
application/javascript 64.233.180.97
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

ea7914430f7253c1f9362072398ed315f292758cf9b58ce8edebe5a0b3ec2117

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires: Tue, 25 Mar 2025 06:24:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
content-length: 144839
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 106 KB
33 KB 421ms
151ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

a90b07df39f5a027b1516ef70cee2a3489d2f7f6c6ac31a19c1ed7445cbcc30b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 374 / 20172 / m202503200101 / config-hash: 13177625818786128424
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33596
x-xss-protection: 0
server: cafe

GET
H2 200 wrapper.min.js Show response
cpt.geniee.jp/hb/v1/219632/1441/ 12 KB
4 KB 709ms
332ms Script
application/javascript 203.137.133.156
IDCF IDC Frontier...

General

Check archive.org

Download Go to

Full URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 203.137.133.156 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 0614ad45d47a5da6d9880c2e175c88526cd223c16d2121e48bab3a9e1121f55d

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=3600, private
content-encoding: gzip
etag: W/"67e15db0-2f10"
cross-origin-resource-policy: cross-origin
expires: Tue, 25 Mar 2025 07:24:52 GMT
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/javascript
last-modified: Mon, 24 Mar 2025 13:27:12 GMT
server: nginx

GET
H2 200 ad-serv.min.js Show response
ad-specs.guoshipartners.com/static/js/ 50 KB
16 KB 1046ms
126ms Script
application/javascript 168.95.246.2
CHTCDN Data Commu...

General

Check archive.org

Download Go to

Full URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 168.95.246.2 Los Angeles, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS: 168-95-246-2.hinet-ip.hinet.net
Software: HiNetCDN / OneAD
Resource Hash: 8aad7f034c2e39ee145189b327d6b1df64240486e08c7eba41d399e7e72797a6

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: W/"67dbbf75-c7b9"
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
x-varnish: 32574695
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 20 Mar 2025 07:10:45 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control: public, max-age=360
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-powered-by: OneAD
server: HiNetCDN

GET
H2 200 onead-lib.min.js Show response
ad-specs.guoshipartners.com/static/js/ 25 KB
8 KB 1057ms
138ms Script
application/javascript 168.95.246.2
CHTCDN Data Commu...

General

Check archive.org

Download Go to

Full URL: https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 168.95.246.2 Los Angeles, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS: 168-95-246-2.hinet-ip.hinet.net
Software: HiNetCDN / OneAD
Resource Hash: fcf4b958769eb294a5743dffac9b9def998a568b1126f9ca3d270c9cc67268d3

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: W/"67e22b0a-6524"
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
x-varnish: 37652485
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 25 Mar 2025 04:03:22 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control: public, max-age=360
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: *
x-powered-by: OneAD
server: HiNetCDN

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 84 KB
33 KB 353ms
152ms Script
application/javascript 104.18.186.31
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.186.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
age: 407979
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COejN6FIQlwTO8IIxumlKa4nq62clcLfuEFAtaG8tmerwSYr1gHd82B0ac8xUtKcH6o8wxRBdtK1ZZNVWR7%2Fj5gnJErhf5Y7tq1SRxFSCKvrnxocE%2FcgobTkIhFsKeu%2BSdk%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
date: Tue, 25 Mar 2025 06:24:51 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230020-FRA, cache-lga21954-LGA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 925c53e37a102b6b-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33184
server: cloudflare
x-jsd-version: 2.5.16

GET
H2 200 renews.js Show response
storage.reurl.cc/javascripts/ 404 B
551 B 262ms
124ms Script
text/javascript 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/javascripts/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: 96263c85-48da-45d4-b62f-c981410b5f92
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
age: 5075
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 404
date: Tue, 25 Mar 2025 05:00:16 GMT
last-modified: Tue, 09 Jul 2024 09:45:35 GMT
content-type: text/javascript; charset=utf-8
vary: Origin

GET
H2 200 loading.js Show response
storage.reurl.cc/javascripts/ 134 B
229 B 263ms
126ms Script
text/javascript 34.149.98.30
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://storage.reurl.cc/javascripts/loading.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-request-id: c7882327-77ec-4cb2-8498-08d566bb6259
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
age: 2623
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 05:41:08 GMT
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=28800
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 134

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 252 KB
63 KB 266ms
128ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/pixel.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

13b3fea42a999bd1edc7815ad83b8529ad25262807607a54101486b76d2a39a0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-IgDyTguv' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-IgDyTguv' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=126, rtx=0, c=24, mss=1232, tbw=8353, tp=13, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: 2puSfS2bd/XWJAq6LrwrY37C5Arc50Zc1RmrFO3+Iqek7PDInOIy/VCls9S8v8iZcyBAyOoHm97k1UnAKxBAow==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 64608
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 437ms
184ms Script
text/javascript 142.251.179.100
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/ga2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.100 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f100.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
age: 4798
report-to: {"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 07:04:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 05:04:54 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:225:0
content-length: 20994
server: Golfe2

GET
H3 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 74 KB
17 KB 132ms
131ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.190&r=stable&domain=reurl.cc&hme=c1f2cecb0bd2e60711f2156ceae0254b57f69ec526dbc6c13633615b2168eda4&ex_m=71%2C124%2C109%2C113%2C62%2C4%2C102%2C70%2C16%2C98%2C90%2C51%2C55%2C178%2C181%2C193%2C189%2C190%2C192%2C29%2C103%2C53%2C78%2C191%2C173%2C176%2C186%2C187%2C194%2C135%2C41%2C199%2C196%2C197%2C34%2C148%2C15%2C50%2C203%2C202%2C137%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C110%2C52%2C112%2C39%2C111%2C30%2C95%2C26%2C174%2C177%2C145%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C104%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C106%2C105%2C107%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C244%2C171%2C122%2C160%2C153%2C2%2C36%2C64%2C42%2C108%2C45%2C80%2C69%2C114%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C101%2C115

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

0c310205ab2dbf30ae9b8a24ee1359f493e1bf5c982c124e42af22b759ac07ce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: ;script-src 'nonce-t2hPBscX' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com https://.google-analytics.com;font-src 'self' data: blob: ;img-src 'self' data: blob: https://.google-analytics.com;media-src 'self' data: blob: ;child-src 'self' data: blob: ;frame-src 'self' data: blob: ;manifest-src 'self' data: blob: ;object-src 'self' data: blob: ;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: *;script-src 'nonce-t2hPBscX' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=126, rtx=0, c=82, mss=1232, tbw=77061, tp=74, tpl=0, uplat=4, ullat=-1
pragma: public
x-fb-debug: ysIARo7HtmEjxYprfRspHJ6ViKRiHrizh2ACd07JZPZer5dprt9Q0msSwhLMi6ZF0ecuMQhoy6gciRXxIz3ipw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-fb-optimizer: 0
document-policy: force-load-at-top
content-length: 16786
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/ 525 KB
165 KB 137ms
136ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 13877525710090312892
age: 44417
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 18:04:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 18:04:35 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 168748
x-xss-protection: 0
server: cafe

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/ 63 KB
23 KB 138ms
137ms Other
text/plain 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/gpt

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

724bf9b6cead6b42a8435c2dd63959f95a2868fc29d0c19f44b7f26c83a18cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 6636832657936373745
age: 57234
x-content-type-options: nosniff
expires: Mon, 31 Mar 2025 14:30:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 14:30:58 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23172
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202503200101"

GET
H2 200 oid Show response
onead.onevision.com.tw/v2/et/ 374 B
1 KB 430ms
228ms Script
application/javascript 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://onead.onevision.com.tw/v2/et/oid?cb=window.text_etag_callback_4dj4c
Requested by: Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: 2158e0c7d6e383b4f5dc4fcbd092eca534cdca0b3cbf29e6b60219d245052b6c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
etag: dcbb20fb-0941-11f0-a308-0242ac120002
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 167286147
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/javascript
last-modified: Tue, 25 Mar 2025 06:24:52 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control: max-age=600
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 374
x-onead-backend: onead-http-event-s859-gohttp
server: gws
x-powered-by: OneAD

GET
H3 200 page.php
www.facebook.com/plugins/ Frame DE12 0
0 332ms
196ms Document
text/html 157.240.229.35
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-8RAZ7uUG' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-8RAZ7uUG' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:24:52 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
priority: u=0,i
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7485629318738142815&cpp=C3&cv=1021219127&st=1742883892844"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7485629318738142815&cpp=C3&cv=1021219127&st=1742883892844", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: GOOD; q=0.7, rtt=126, rtx=0, c=24, mss=1232, tbw=8354, tp=13, tpl=0, uplat=68, ullat=0
x-fb-debug: peEp41J6xM25SroUFNL6SxxWt5koplOK1LK55jxsnd84QxsNWZbru4Pva50LL3ZzXyLcNQx/I1aUIYPlIzhaCA==
x-xss-protection: 0

GET
H2 200 feeds Show response
re-news.tw/ 6 KB
7 KB 1143ms
64ms XHR
text/html 34.160.26.175
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://re-news.tw/feeds
Requested by: Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 175.26.160.34.bc.googleusercontent.com
Software: / Express
Resource Hash: c280d38004a82811e8659f68bbd6dc8dde7f7c6a95d3172d7ddec4acf8c96d6f

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: public,max-age=3600
etag: W/"19c2-9Jo9tz+a9s2SjM8/XubeyhnT+f4"
age: 2939
via: 1.1 google
access-control-allow-origin: https://reurl.cc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6594
date: Tue, 25 Mar 2025 05:35:54 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
vary: Origin

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 263ms
131ms Image
text/plain 157.240.229.35
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742883892666&sw=1600&sh=1200&v=2.9.190&r=stable&ec=0&o=4252&fbp=fb.1.1742883892662.717109639826275453&cs_est=true&pm=1&hrl=d962bb&ler=empty&cdl=API_unavailable&it=1742883892473&coo=false&cs_cc=1&exp=k0&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=126, rtx=0, c=24, mss=1232, tbw=8397, tp=14, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
195 B 349ms
218ms Image
image/png 157.240.229.35
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742883892666&sw=1600&sh=1200&v=2.9.190&r=stable&ec=0&o=4252&fbp=fb.1.1742883892662.717109639826275453&cs_est=true&pm=1&hrl=d962bb&ler=empty&cdl=API_unavailable&it=1742883892473&coo=false&cs_cc=1&exp=k0&rqm=FGET

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'nonce-oqr2OqRx' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7485629317586715109&cpp=C3&cv=1021219127&st=1742883892876"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7485629317586715109&cpp=C3&cv=1021219127&st=1742883892876", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-oqr2OqRx' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: X8mEH4wForMNisaOCYAAjTI+a9Q2y5m6Nwpz77NkWcRlMeUFhx4YdImQ8SrASx8uj762XsS6xoEnEeAl15tCCQ==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=126, rtx=0, c=24, mss=1232, tbw=8717, tp=16, tpl=0, uplat=90, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
447 B 133ms
131ms XHR
text/plain 142.251.179.100
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1896171330&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FXqAx30&ul=en-us&de=UTF-8&dt=Dynamics%20365%20Customer%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=250825859&gjid=1447977299&cid=1792140177.1742883893&tid=UA-102456694-1&_gid=988772698.1742883893&_r=1&_slc=1&z=49013839

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.100 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f100.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

report-to: {"group":"ascnsrsgac:175:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:52 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:175:0
content-length: 3
server: Golfe2

GET
H2 200 collect
www.google-analytics.com/ 35 B
376 B 225ms
224ms Image
image/gif 142.251.179.100
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1896171330&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FXqAx30&ul=en-us&de=UTF-8&dt=Dynamics%20365%20Customer%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=3&el=MTQ5LjEwMi4yMjguMTk4&ev=1&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1792140177.1742883893&tid=UA-102456694-1&_gid=988772698.1742883893&z=1116884657

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.100 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f100.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

age: 46284
report-to: {"group":"ascnsrsgac:163:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 24 Mar 2025 17:33:28 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:163:0
content-length: 35
server: Golfe2

GET
H2 200 yads-async.js Show response
yads.c.yimg.jp/js/ 210 KB
58 KB 1277ms
324ms Script
text/javascript 182.22.28.252
YAHOO Yahoo Japan...

General

Check archive.org

Download Go to

Full URL

https://yads.c.yimg.jp/js/yads-async.js

Requested by

Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.22.28.252 , Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),

Reverse DNS

Software

Resource Hash

e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
etag: "fad34f610280b86070657d734b70d7bc"
age: 20
x-content-type-options: nosniff
date: Tue, 25 Mar 2025 06:24:33 GMT
content-type: text/javascript
last-modified: Tue, 18 Mar 2025 07:38:44 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cache-control: public, max-age=600, stale-while-revalidate=1200
accept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
ats-carp-promotion: 1
x-amz-request-id: 14f7f4d1-55f3-44ed-9438-dcdac2b04461
permissions-policy: ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
accept-ranges: bytes
content-length: 58654
x-xss-protection: 1; mode=block
x-amz-server-side-encryption: AES256

GET
H2 200 gnshbrequest-v4.23.3.js Show response
cpt.geniee.jp/hb/v1/lib/ 181 KB
66 KB 276ms
275ms Script
application/javascript 203.137.133.156
IDCF IDC Frontier...

General

Check archive.org

Download Go to

Full URL: https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Requested by: Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 203.137.133.156 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=86400, private
content-encoding: gzip
etag: W/"67d140eb-2d3d7"
cross-origin-resource-policy: cross-origin
expires: Wed, 26 Mar 2025 06:24:52 GMT
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/javascript
last-modified: Wed, 12 Mar 2025 08:08:11 GMT
server: nginx

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 361 KB
120 KB 144ms
142ms Script
application/javascript 64.233.180.97
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1&l=dataLayer&cx=c&gtm=45je53l1v897965293za200&tag_exp=102482433~102788824~102803279~102813109~102926326

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

2f2f3243b3ca28bacfb84e9ce39709851d6d688ca1c99668ea30f00855eb4684

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires: Tue, 25 Mar 2025 06:24:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
content-length: 123075
x-xss-protection: 0
server: Google Tag Manager

POST
H2 204 collect
analytics.google.com/g/ 0
0 329ms
124ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je53l1v897965293za200&_p=1742883891953&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102926326&cid=1792140177.1742883893&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1742883892&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2182
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
report-to: {"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:137:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:53 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
552 B 606ms
289ms Ping
text/plain 142.251.16.157
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N394QBRGC0&cid=1792140177.1742883893&gtm=45je53l1v897965293za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=102482433~102788824~102803279~102813109~102926326
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f157.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:112:0
report-to: {"group":"ascnsrsggc:112:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:112:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:112:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:53 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame BF46 0
0 595ms
287ms Document
text/html 142.251.167.156
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=1792140177.1742883893&gtm=45je53l1v897965293za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102788824~102803279~102813109~102926326&z=591821708

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.156 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:24:53 GMT
expires: Tue, 25 Mar 2025 06:24:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 132ms
132ms Fetch
text/plain 142.251.179.100
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je53o0h2v9181474282za200zb897965293&_p=1742883891953&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102525910~102788824~102803279~102813109~102926327&cid=1792140177.1742883893&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1742883892&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2250
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.179.100 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: pd-in-f100.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:87:0
report-to: {"group":"ascnsrsggc:87:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:87:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:87:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 128002626 Show response
fundingchoicesmessages.google.com/i/ 196 KB
64 KB 547ms
217ms Script
application/javascript 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/128002626?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

0c78a6bb30656344fa9a3e996604f648572cc7d280dd30bc191e7d1271c775a0

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-Snbu_iJSJ1VGP3mfRztcEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:53 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmLw05BiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDi2zujczybw4XpXA5OSRlJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalG8kYGRqYGxkbGegVl8gSEAAzArpg"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-Snbu_iJSJ1VGP3mfRztcEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 adsrv Show response
onead.onevision.com.tw/v2/ 177 B
466 B 257ms
255ms Script
application/javascript 107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://onead.onevision.com.tw/v2/adsrv?version=20240208&uid=1000480&category=-1&cookie=true&ip=&guid=dcbb2106-0941-11f0-a308-0242ac120002&channel=0&volume=0.5&r=&adid=&response_freq_multiple=native-drive.0&web_location=https%3A%2F%2Freurl.cc%2FXqAx30&title=Dynamics%20365%20Customer%20Voice&fp=04c6d3e15a52f9e0d5fe2d47f4a29cde&_t=1742883893085&cb=ONEAD_text_response_4dj4c&pb=0&spid=&bgid=0
Requested by: Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: 3771075547e13e1a5fad47585c5043afd1ef7050ca6b2cfe2e39814eb3095383

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 184879065
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Tue, 25 Mar 2025 06:24:53 GMT
content-type: application/javascript
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-onead-guid: dcbb2106-0941-11f0-a308-0242ac120002
access-control-allow-credentials: true
x-onead-message: browser_incompatible
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 177
x-onead-backend: onead-http-query-xvl9-gohttp
server: gws
x-powered-by: OneAD

GET
H2 200 policy-check Show response
cpt.geniee.jp/hb/v1/ 12 B
162 B 619ms
293ms XHR
application/json 203.137.133.156
IDCF IDC Frontier...

General

Check archive.org

Download Go to

Full URL: https://cpt.geniee.jp/hb/v1/policy-check?loc=https%3A%2F%2Freurl.cc%2FXqAx30&list_id=mid-219632&gam_id=gam-424536528%2Cgam-0
Requested by: Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 203.137.133.156 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: *
cache-control: max-age=10800, private
content-length: 12
date: Tue, 25 Mar 2025 06:24:53 GMT
content-type: application/json
server: nginx
cross-origin-resource-policy: cross-origin

GET
H3

200

vzn
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=OneDATA
https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA
https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-Ifv16IhE2p8YF9YJqiFjpVF5JrW6rTIFH4x4ig--~A

170 B
202 B

194ms
193ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://onead.onevision.com.tw/v2/pixel/vzn?id=y-Ifv16IhE2p8YF9YJqiFjpVF5JrW6rTIFH4x4ig--~A
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
x-vendor: vzn
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 140060367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: y-Ifv16IhE2p8YF9YJqiFjpVF5JrW6rTIFH4x4ig--~A
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-s859-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

strict-transport-security: max-age=31536000
location: https://onead.onevision.com.tw/v2/pixel/vzn?id=y-Ifv16IhE2p8YF9YJqiFjpVF5JrW6rTIFH4x4ig--~A
age: 0
referrer-policy: no-referrer-when-downgrade
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: text/html
server: ATS

GET
H3

200

ltm
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
https://onead.onevision.com.tw/v2/pixel/ltm?id=5c1420dab83478c8ee469a33fe3dcdbe

170 B
202 B

193ms
192ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://onead.onevision.com.tw/v2/pixel/ltm?id=5c1420dab83478c8ee469a33fe3dcdbe
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
x-vendor: ltm
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 132922479
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: 5c1420dab83478c8ee469a33fe3dcdbe
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-csbv-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

expires: 0
cache-control: no-cache
location: https://onead.onevision.com.tw/v2/pixel/ltm?id=5c1420dab83478c8ee469a33fe3dcdbe
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 0
date: Tue, 25 Mar 2025 06:24:54 GMT
pragma: no-cache

GET
H3

200

ttd
onead.onevision.com.tw/v2/pixel/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1
https://onead.onevision.com.tw/v2/pixel/ttd?id=ce94ca08-c10e-40b9-9c41-866418756130

170 B
202 B

193ms
193ms

Image
image/png

107.178.241.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://onead.onevision.com.tw/v2/pixel/ttd?id=ce94ca08-c10e-40b9-9c41-866418756130
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 176.241.178.107.bc.googleusercontent.com
Software: gws / OneAD
Resource Hash: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-onead-version: 61c8a0f6
x-vendor: ttd
age: 0
access-control-allow-methods: GET,POST,OPTIONS,PUT
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-varnish: 186745806
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: image/png
last-modified: Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id: ce94ca08-c10e-40b9-9c41-866418756130
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
x-status: okay
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170
x-onead-backend: onead-http-event-csbv-gohttp
server: gws
x-powered-by: OneAD

Redirect headers

location: https://onead.onevision.com.tw/v2/pixel/ttd?id=ce94ca08-c10e-40b9-9c41-866418756130
content-length: 197
date: Tue, 25 Mar 2025 06:24:53 GMT
server: Kestrel

GET
H/1.1

200
OK

/
ps.eyeota.net/pixel/bounce/
Redirect Chain

https://ps.eyeota.net/pixel?pid=3m51m51&uid=dcbb2106-0941-11f0-a308-0242ac120002&t=ajs
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=dcbb2106-0941-11f0-a308-0242ac120002&t=ajs

1 KB
1 KB

126ms
125ms

Image
application/javascript

18.214.54.215
AMAZON-AES

General

Check archive.org

Download Go to Show image

Full URL: https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=dcbb2106-0941-11f0-a308-0242ac120002&t=ajs
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: HTTP/1.1
Server: 18.214.54.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-54-215.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Content-Length: 1228
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Tue, 25 Mar 2025 06:24:54 GMT
Content-Type: application/javascript

Redirect headers

Location: /pixel/bounce/?pid=3m51m51&uid=dcbb2106-0941-11f0-a308-0242ac120002&t=ajs
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Tue, 25 Mar 2025 06:24:53 GMT

GET
H2 200 cm
trc.taboola.com/sg/onedata/1/ 0
196 B 299ms
162ms Image
text/plain 151.101.1.44
FASTLY

General

Check archive.org

Download Go to Show image

Full URL: https://trc.taboola.com/sg/onedata/1/cm
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-fastly-to-nlb-rtt: 1256
x-timer: S1742883894.623737,VS0,VE3
x-vcl-time-ms: 3
via: 1.1 varnish
accept-ranges: bytes
x-cache: MISS
content-length: 0
date: Tue, 25 Mar 2025 06:24:53 GMT
x-service-version: v1
server: nginx
x-cache-hits: 0
x-served-by: cache-bur-kbur8200092-BUR

GET
H2 200 AGSKWxUyp93rPDho2nJYOSGHqIMjuFsQjkY6Crs6FMdVcUD_qNl6JFE-698Ls4m6PkbYfBxQQduJ19IXm5aB3xnrGAaXqYCPf3OrRReoaIOydNVA08t04G9_-Mdv7ziHSkbMjqvipIBDkw== Show response
fundingchoicesmessages.google.com/f/ 2 KB
2 KB 152ms
150ms Script
application/javascript 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUyp93rPDho2nJYOSGHqIMjuFsQjkY6Crs6FMdVcUD_qNl6JFE-698Ls4m6PkbYfBxQQduJ19IXm5aB3xnrGAaXqYCPf3OrRReoaIOydNVA08t04G9_-Mdv7ziHSkbMjqvipIBDkw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyODgzODkzLDgxNTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLG51bGwsW1s4LCJkYUh6ekRVd0hHUSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

e9fdbb6665cb96d4d99c8bb2198ffcb418e9b6f731bb2a48f85b978c4da6f3ef

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-cS10xBKLC7hdqe8ltiQTQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:53 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmII0JBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDi2zujczybQ8frpemYljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjUwNjI2M9A7P4AkMADMYr3w"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-cS10xBKLC7hdqe8ltiQTQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 17AF 0
0 383ms
136ms Document
text/html 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 28858
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:21:36 GMT
expires: Tue, 25 Mar 2025 07:11:36 GMT
last-modified: Mon, 24 Mar 2025 19:44:53 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 291ms
64ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag: "df5542b88bc0e368c6999754a5b9e2ba"
age: 581125
x-goog-stored-content-encoding: gzip
expires: Wed, 18 Mar 2026 12:59:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 7927
date: Tue, 18 Mar 2025 12:59:29 GMT
last-modified: Thu, 27 May 2021 18:30:51 GMT
content-type: application/javascript
x-guploader-uploadid: AKDAyIvuhycBiZV9JeORnaJQHZmOjiL0vuW97VD_EUR507Gfo-1WAjwPJLIgsSbqvowsnZT2CV3ySGx02hF6
cache-control: no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1622140251693895
content-length: 7927
server: UploadServer

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 3 KB
3 KB 387ms
231ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: 861bdaf24bda5c0db45c6ebe1c94a9eb
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2729
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 05 Feb 2025 14:45:21 GMT
server: Google Frontend
x-cloud-trace-context: b84af675f0eb4b5e20856e0e9313b04d

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 547ms
228ms Script
text/javascript 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"67c8043f-a641"
cross-origin-resource-policy: cross-origin
expires: Wed, 26 Mar 2025 06:24:54 GMT
access-control-allow-origin: *
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: text/javascript
last-modified: Wed, 05 Mar 2025 07:58:55 GMT
server: nginx

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 17 KB
7 KB 324ms
79ms Script
application/javascript 104.18.29.101
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.29.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: public, max-age=259200
content-encoding: gzip
cf-cache-status: HIT
etag: W/"678fc4ec-4599"
age: 214741
cf-ray: 925c53f259ae7ba1-LAX
expires: Fri, 28 Mar 2025 06:24:54 GMT
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: application/javascript
last-modified: Tue, 21 Jan 2025 16:01:48 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 183 KB
14 KB 322ms
320ms Fetch
text/plain 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2356633868989290&correlator=2127443053659700&eid=31090594%2C31091185%2C83321267&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fifs&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C13848%2C18535%2C13856%2C13860%2C14209%2C14210&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7&prev_iu_szs=300x250%2C1x1%7C320x480%2C300x250%2C300x250%2C1x1%7C320x50%7C300x100%7C320x100%2C300x250&ifi=1&didk=3663017418~954026992~3220679602~2335188262~1073006158~4279657583&dids=div-gpt-ad-1692339097859-0~div-gpt-ad-1706005027566-0~div-gpt-ad-1682415009667-0~div-gpt-ad-1682415043506-0~div-gpt-ad-1683598631228-0~div-gpt-ad-1683598657711-0&adfs=916259745~~2578326023~~~2287716272&sfv=1-0-41&sc=1&cookie_enabled=1&abxe=1&dt=1742883893853&lmt=1742883893&adxs=1005%2C-9%2C245%2C-9%2C-9%2C625&adys=171%2C-9%2C171%2C-9%2C-9%2C171&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C-1%7C0%7C-1%7C-1%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=380x250%7C0x-1%7C380x250%7C0x-1%7C0x-1%7C380x250&msz=350x250%7C0x-1%7C350x250%7C0x-1%7C0x-1%7C350x250&fws=0%2C2%2C0%2C2%2C2%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742883891514&idt=1462&cust_params=url%3D%252FXqAx30%26ref%3Dnull&adks=1451399479%2C4066066610%2C827794272%2C3475397127%2C3271617715%2C3242553145&frm=20&eoidce=1&td=1&egid=55444&tdf=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

4e9db1d126d8f673c8d4a553c7c4ba39d0b05e40767263b702ef048c00eb5129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: dcb
google-lineitem-id: 6424070779,6405456366,6690069789,-2,6499557592,6499556608
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2,-2,-2,-2,-2,-2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: 138456634296,138452341869,138468304473,-2,138462658624,138462658495
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 14547
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
400 B 310ms
308ms Fetch
text/plain 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2356633868989290&correlator=2127443053659700&eid=31090594%2C31091185%2C83321267&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fifs&gdpr=0&iu_parts=21787810958%2CTW_reurl.cc_res_all_truvid_1x1%2CTW_reurl.cc_res_allsite_top_avs&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%7C336x280%7C1x1%2C1x1&ifi=7&didk=3347717449~2825456951&dids=ats-slider-10~ats-insert_ads-8&adfs=948047239~3992581161&sfv=1-0-41&sc=1&cookie_enabled=1&abxe=1&dt=1742883893870&lmt=1742883893&adxs=15%2C800&adys=33%2C171&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=7%7C8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=1570x0%7C1600x0&msz=1570x0%7C1600x0&fws=0%2C0&ohw=0%2C0&topics=9&tps=9&htps=10&a3p=Eh0KDmVzcC5jcml0ZW8uY29tGNjk5t_cMkgAUgIIZBIbCgwzM2Fjcm9zcy5jb20Y2OTm39wySABSAghkEhcKCHJ0YmhvdXNlGNjk5t_cMkgAUgIIZBIUCgVvcGVueBjX5Obf3DJIAFICCGQ.&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742883891514&idt=1462&cust_params=url%3D%252FXqAx30%26ref%3Dnull&adks=3936558959%2C940499867&frm=20&eoidce=1&td=1&egid=55444&tdf=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

e30979290b96a08639316f6e2af76ecf817cdd9d963a21dcf830363a1564d353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: dcb
google-lineitem-id: -2,-2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2,-2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2,-2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 368
x-xss-protection: 0
server: cafe

GET
H3 200 container.html
26d94a8ec5abf61e885fc24dc73d23b8.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 63EC 0
0 393ms
131ms Document
text/html 142.251.163.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://26d94a8ec5abf61e885fc24dc73d23b8.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.132 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3024
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:24:54 GMT
expires: Tue, 25 Mar 2025 06:24:54 GMT
last-modified: Thu, 30 Jan 2025 19:28:58 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 renews-title1.png
re-news.tw/images/ 24 KB
24 KB 136ms
68ms Image
image/png 34.160.26.175
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://re-news.tw/images/renews-title1.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 175.26.160.34.bc.googleusercontent.com
Software: / Express
Resource Hash: e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: public,max-age=3600
etag: W/"5fad-191b5b37a20"
age: 2211
via: 1.1 google
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24493
date: Tue, 25 Mar 2025 05:48:02 GMT
last-modified: Tue, 03 Sep 2024 02:25:24 GMT
x-powered-by: Express
content-type: image/png

GET
H2 200 Microip_Inc_Logo.jpg
mma.prnasia.com/media2/2428123/ 12 KB
12 KB 308ms
99ms Image
image/jpeg 104.18.96.225
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://mma.prnasia.com/media2/2428123/Microip_Inc_Logo.jpg?p=medium600
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.18.96.225 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 039e147a3d5e4b0857c0230686525f58ab3b688ea092c8d963be13ac1ae0bc19

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cf-bgj: h2pri
cf-cache-status: HIT
age: 60802
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 24 Mar 2025 13:31:33 GMT
server-timing: intid;desc=2bb2b00bfd570674
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: image/jpeg
last-modified: Mon, 24 Mar 2025 13:31:32 GMT
vary: *, Accept-Encoding
access-control-allow-headers: Content-Type
cache-control: public, max-age=1
cf-ray: 925c53f25dbdcbab-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12105
x-powered-by: ASP.NET
server: cloudflare

GET
H2 200 %E5%8F%B0%E7%81%A3-Pay-%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6%E8%88%87%E6%8C%87%E5%AE%9A%E9%80%9A%E8%B7%AF%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2020/10/ 65 KB
65 KB 707ms
64ms Image
image/webp 192.0.78.25
AUTOMATTIC

General

Check archive.org

Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2020/10/%E5%8F%B0%E7%81%A3-Pay-%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6%E8%88%87%E6%8C%87%E5%AE%9A%E9%80%9A%E8%B7%AF%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4-1080x630.jpg?crop=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

92f9f001e9f335dc3ba11338e516af016b641679e9195f7aeb9a753b05ee750a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "251aef38d12d2b34"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Wed, 03 Mar 2027 02:56:22 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: image/webp
last-modified: Sun, 02 Mar 2025 14:56:22 GMT
vary: Accept
strict-transport-security: max-age=31536000
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT bur 7
access-control-allow-origin: *
content-length: 66404
x-ac: 4.bur _atomic_bur HIT
server: nginx

GET
H3 200 1742800023-1384b5e7572f24a117a0ac78b2d642f2-840x525.jpg
img.gbyhn.com.tw/2025/03/ 66 KB
67 KB 601ms
111ms Image
image/jpeg 104.21.96.9
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://img.gbyhn.com.tw/2025/03/1742800023-1384b5e7572f24a117a0ac78b2d642f2-840x525.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.96.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 395afb1491e62cb0666325882b2d9ffd6258f76bc2da4f8c163e0b484d82927e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cf-cache-status: HIT
age: 79334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DLqybk%2BAJzsATaFT4zvDKlcbD%2FS%2F%2B%2FDZvincjh1XGFZJmCHp7%2FlE2fvr9JcdZyIjMbSZgnYbnsJl840t%2FVkXZEqDBsqjTYsT%2BPXjr4gzw%2BDGBZC%2BiaHzWGPgsuGAVVzRwa5v"}],"group":"cf-nel","max_age":604800}
expires: Mon, 31 Mar 2025 07:08:29 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: image/jpeg
last-modified: Mon, 24 Mar 2025 07:07:03 GMT
vary: Accept-Encoding
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 925c53f458b51319-PDX
accept-ranges: bytes
content-length: 67916
x-turbo-charged-by: LiteSpeed
server: cloudflare

GET
H2 200 2025032402565924.jpg
img.racingcharger.tw/wp-content/uploads/ 152 KB
152 KB 1325ms
451ms Image
image/jpeg 103.1.220.9
YUANJHEN-AS-TW Yu...

General

Check archive.org

Download Go to Show image

Full URL: https://img.racingcharger.tw/wp-content/uploads/2025032402565924.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.1.220.9 , Taiwan, ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW),
Reverse DNS: ph2.g-dns.com
Software: Apache /
Resource Hash: 95634eb651772e9ecc489c8a2e12cccb71cd06089ae3f03f8dab3654ce669c8c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

accept-ranges: bytes
content-length: 155748
date: Tue, 25 Mar 2025 06:24:54 GMT
last-modified: Mon, 24 Mar 2025 02:57:04 GMT
content-type: image/jpeg
server: Apache

GET
H2 200 1f449.png
s.w.org/images/core/emoji/15.0.3/72x72/ 423 B
730 B 306ms
167ms Image
image/png 192.0.77.48
AUTOMATTIC

General

Check archive.org

Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/15.0.3/72x72/1f449.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=315360000
x-nc: HIT bur 2
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 423
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: image/png
last-modified: Tue, 30 Jan 2024 01:21:05 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 file.png
static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 1010 KB
1011 KB 544ms
224ms Image
image/png 18.160.18.18
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.18.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-18-18.iad12.r.cloudfront.net
Software: openresty/1.27.1.1 /
Resource Hash: 76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-cf-id: 8KQG9fdwzLmyGZ1x6BhhBqT0XK6EyyeFjJ9cR465z2hoXLs_zcj3wQ==
cache-control: public, max-age=15552000, immutable
timing-allow-origin: *
age: 3731274
via: 1.1 google, 1.1 4a9d2f26d7f571e9f468d5bd20d9ae18.cloudfront.net (CloudFront)
x-wixmp-trace: projects/wix-media-infrastructure/traces/2spVhEK7hN7G4oknE9KNdNWC2Cu
access-control-allow-origin: *
x-seen-by: image-manipulator-79c6fd85fd-jw8kv
content-length: 1033732
alt-svc: h3=":443"; ma=86400
date: Mon, 10 Feb 2025 01:57:00 GMT
content-type: image/png
x-cache: Hit from cloudfront
server: openresty/1.27.1.1
x-amz-cf-pop: IAD12-P4

GET %E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
blog.alphaloan.co/wp-content/uploads/2021/04/ 0
0

GET
H2 200 AGSKWxWk-JcJj6VKdJX6ubfw8WR2RUrEwqtX89qqJp-1PJO1QiYkqNmz3GZhNpZURQcd-hNCg-LnOM2z2TMLgpnoAx7TrMoEQkg4a6X3zVKOgPZFIlfKLRQhgGRbPn8fK-_wvZ2VJ3m_yA== Show response
fundingchoicesmessages.google.com/f/ 9 KB
5 KB 207ms
207ms Script
application/javascript 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWk-JcJj6VKdJX6ubfw8WR2RUrEwqtX89qqJp-1PJO1QiYkqNmz3GZhNpZURQcd-hNCg-LnOM2z2TMLgpnoAx7TrMoEQkg4a6X3zVKOgPZFIlfKLRQhgGRbPn8fK-_wvZ2VJ3m_yA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyODgzODk0LDQwMDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw5XSxudWxsLDIsbnVsbCwiZW4iXSwiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLG51bGwsW1s4LCJkYUh6ekRVd0hHUSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

1cd0fc7d2d21881b7e1e5f0c1bf9b095a1a629d2b39e1f95cadd258d2220f476

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-NHSxPBPaVM3x0LYFxBl2HA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw0pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFuDm2zejczyZw49-tcCWNpPzC-OT8vJKizKTSkvyitOS01OLUorLUongjAyNTA2MjYz0Ds_gCQwDp3ivO"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-NHSxPBPaVM3x0LYFxBl2HA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 00BF 0
0 148ms
147ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsseflZ801Bdu0yrErToSi8SL4f79RIHAWHqNx7hMPYjBm-1XGMWyEIJ3NgvGLxWyky-RZWckvn3wvYOO6b4EOpKWIg9jnw2bjRoXOw7YpRLBvmgz7QJeyXNiJjqiJ89lI4OK9yFC-HP39PEg-XrGSteivGLms-JIr0MoeBX2Ot-1EBXhlGlY_eoTY5qe92kWet3oZlLBo5RR3DO371SPNUw-VElcIoKEA_XKvvP-lDNufPHhTVccf-is04IzJb5KL-e0AwkehGexGboeVzj5L-S9qZiJE4Wx1YNYMiyS9L5DQ8L7UTUakby3icLxPMXTYBRKHFC7R8S5sqlY-gFIjOVv23zz3n1yBzhdB2fHX1MyrEJYPMk0Ua6fLHxFYqOw0a3h5XKI89JXXRWultKK44bRhw3XWSirIA-u3aFI9mZFTsVADAhjrUEYg&sai=AMfl-YR2PDZiYjfzsBOx7qhyJ8JtCvNjplEMoAOWXv7-0qMkpIqzGsvRAlKU_EVHUtn1_O9uRmbxXw0lR6uuW3Kg7bTKsmmE7gVdfbywNnFrZ98HuZvpc1iZ1gg_DFc&sig=Cg0ArKJSzHep0H0ys3q9EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 25 Mar 2025 06:24:54 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H/1.1 200
OK cf_reurl_tw_gam.js Show response
api.popin.cc/searchbox/ Frame 00BF 129 KB
37 KB 821ms
382ms Script
text/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Download Go to

Full URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Content-Encoding: gzip
ETag: W/"84c303c8957ac66aa38f2a88e2291b99"
x-amz-version-id: u2A0lYWFB7No0ZP_ZBKUcX5kfrhgSMHf
Expires: Tue, 25 Mar 2025 07:24:54 GMT
Date: Tue, 25 Mar 2025 06:24:54 GMT
Last-Modified: Wed, 19 Mar 2025 07:07:58 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Transfer-Encoding: chunked
X-Cache-Status: HIT from 10.252.55.44
x-amz-replication-status: COMPLETED
Cache-Control: max-age=3600
Timing-Allow-Origin: *
Connection: keep-alive
Cross-Origin-Resource-Policy: cross-origin
Server: nginx
x-amz-server-side-encryption: AES256

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 00BF 219 KB
67 KB 402ms
135ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 9225633084484645003
age: 1884
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:53:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 25 Mar 2025 05:53:30 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=ISO-8859-1
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68912
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EED3 0
0 150ms
149ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuh-83U4bB9qo2IRg2fiNKp3l4Qp_ixi1KQqGAsOQM76G9RB9uj1jWAnQ4gCYks5Q-BlU2auK_OHOZ2aRU5diBhsF7R5Hn0-5vmsHyFZYUeNICFj9dlQwDiuILWl1IhHgZOXTuYO0czji-YITAY5G4kumoy8Tx5X0QOTegjznTyY1KBG77kWc4Vjcixa7E6P9Gbg_CyATvXgYHop_d0n9w34xf9ToaZtsFM7fpX27FPT0cdC5D5Gfu9N6wQDjt_NzDD6uLhONWl7XDGtENnsgp-x5uD6ZxWgRBCYPa42lT2DnGxHHU2yiOyYmb-NAUcSECGusH-UX2fzxA5GKBBjJOw4KLp9j9wVKicQxHRDlsOoz4Ol4sM4j26LQjo9tVIDyjHf0A0LGPRKyRxWky4WLpvxuSeGqBE428cRhHve7KeIb1iQE_f6uPmjw&sai=AMfl-YTZLzu10XGxfHKer9cVJJpW8h2SJ7ouSFp1uTFXwjP2Zb0UUcr-VqYrGItnkp8mMzAGNm7XStooX4i-2gElYBPHEInE66yWnSEX0ce2nC5OcG2wxxx5pRtMVys&sig=Cg0ArKJSzEP_SulNXLh1EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 25 Mar 2025 06:24:54 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame EED3 42 KB
15 KB 448ms
189ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

babbe3c7f3c0bf8a60c94f1d10c4559622b07136494c8ad4b2a2ac613f2c6d75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 17314842026693243317
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 15644
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame EED3 219 KB
0 396ms
396ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 9225633084484645003
age: 1884
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:53:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 25 Mar 2025 05:53:30 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=ISO-8859-1
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68912
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5770 0
0 148ms
146ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvVY5habeCnkTLFWhEoKhVFXx6xPx8NccfXDWVlJSGY6_lPkG8_VhqdQYqFjeu97lZLkmy2E87p_UZDgTzegW3OKNNvZOMFiPV-3dJHLNFxAryhVoJNwnLrVZCd627W6Uca8U1_nU6wlssTdXAxp11RH-ScC7DDiTO21RwSf5tH30BRXTymoGcYHsOlr9GHKw3EkeiLMnyWCmRJ-gZV2c1ktY-FXpuILApaSi6YLV2E1ZzO6CE6F6Ew03HtDO5hTNpqd1Ow_EjU_r6IxunPBuoid-XQink4R35g4Rt4bBLPvozeDFrSWDjncWjuTdKJiv242VnrN8n6816nsjJ8HZ8r-lMasAG5BdZJGtM4I4dx598ugSt_cQ2WQjTagr6JYhTZujmUKPXSqHSw8HLJseCox-iOpPnSk9v649WDw13XgzVKcmgirhlVl6HxWP9nPRI&sai=AMfl-YSeZ9dDZTBSeUpW4QMISk6ySiWBCp6iCi7Vxxn0rmgbhzYE65KPoT3-icIl74iUQp3ijDtUD-K0Ojdl1mXi4DGV5k1yw8IjGtcqwfTLJiOmuw4NhRKdtUKKG7M&sig=Cg0ArKJSzE8_jQAiJhwQEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 25 Mar 2025 06:24:54 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame 5770 9 KB
10 KB 584ms
229ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: 7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag: "2b18447e41c64d14195cefd72eb57400"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 9645
x-amz-cf-id: TCaSdCBcv9noSUiBHcs0xB06Zqt8h-2OzqFxluc_8DZwNI8jm1N0lQ==
date: Tue, 25 Mar 2025 06:24:28 GMT
content-type: application/javascript
last-modified: Fri, 14 Mar 2025 09:01:33 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 5770 219 KB
0 390ms
390ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 9225633084484645003
age: 1884
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:53:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 25 Mar 2025 05:53:30 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=ISO-8859-1
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68912
x-xss-protection: 0
server: cafe

GET
H2 200 syncframe
gum.criteo.com/ Frame 6E5B 0
0 478ms
220ms Document
text/html 74.119.117.17
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.17 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

cache-control: private, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:24:54 GMT
server: Kestrel
server-processing-duration-in-ticks: 316086
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EED3 185 KB
59 KB 159ms
158ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

68997dff2e114da3da598bb98f2be1d898e4b7bc81a8eecb96d47e4c1ee9b7ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 5859971740604522334
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 25 Mar 2025 06:24:54 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 60704
x-xss-protection: 0
server: cafe

GET
H2 200 capmapping.htm
cdn.holmesmind.com/js/ Frame 65A5 0
0 531ms
225ms Document
text/html 18.160.10.29
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-29.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 45
content-length: 12184
content-type: text/html
date: Tue, 25 Mar 2025 06:24:55 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-amz-cf-id: yeAbjtixia32R_lhkGBLTOg11UnmlYFBas5ZbIbyOysoCJZ6yCWaRg==
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame E378 11 KB
11 KB 219ms
219ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: ETmTRnZkpUWh227_06a_naiD6bAb43RJzRbaSDMjaX1SO05h-ooDeA==
date: Tue, 25 Mar 2025 06:24:29 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 00BF 0
0 206ms
204ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:24:55 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5770 0
0 303ms
132ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:24:55 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EED3 0
0 414ms
131ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:24:55 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
DATA 200
OK truncated
/ Frame 00BF 217 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1026866a2af71a3d94c95269b18ed9294e73d768a542c1ddf12bcba5d444b2d8

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame EED3 212 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec909a6643d0763f4c76d622fee77ec2f8e3510b1c584fe3fb398fc5c5a47d77

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5770 218 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7c642a8905721c98b4f64202ec6ffb504acdc52a9d6df06a9976097cf924f5d5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 00BF 0
0 132ms
131ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:24:55 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 wp-banners.js Show response
fundingchoicesmessages.google.com/f/AGSKWxUvY7BzL3jTIuXRcCzwyUx37EGuKC4Av0nT-o2Jj8HQ0Rw9jFgZgZ4DqBy60rOV5ZdQ8a_kKeiuQSL50BxT685SYR-eDfzP2itO1ZvA7c4SMNV5aZG6qUjpck5YjLU4RnXnl26XOLu-nM2GhfwZJi5d9pDmj... 54 B
109 B 147ms
146ms Script
application/javascript 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUvY7BzL3jTIuXRcCzwyUx37EGuKC4Av0nT-o2Jj8HQ0Rw9jFgZgZ4DqBy60rOV5ZdQ8a_kKeiuQSL50BxT685SYR-eDfzP2itO1ZvA7c4SMNV5aZG6qUjpck5YjLU4RnXnl26XOLu-nM2GhfwZJi5d9pDmjRIenaJZkrLVUAGgoddA0_xdDfYlAdES/_/ads.txt/adwiz..HomepageAdvertismentBottom.=ad_iframe&/wp-banners.js

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

6c1cd7a6f86035e4f6eb9169e4baf1a23424e9a3fee9d5899d35c8437f663a6a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-kfExbY0uFn0akw7yBd5NdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw0ZBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFuDm2z-jczybQcabXVkkjKb8wPjk_r6QoM6m0JL8oLTkttTi1qCy1KN7IwMjUwNjIWM_ALL7AEADCJCro"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-kfExbY0uFn0akw7yBd5NdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 185 KB
59 KB 169ms
169ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

4028b7494a76d086533ff84ca1bbf4ce58fa5259e53db3b0fb0b0260de9ca4f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 5470277309243155285
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 60746
x-xss-protection: 0
server: cafe

POST
H3 204 AGSKWxWB9rlaK7Jplig6awu0EP50j1OPPxdH7wSMfitNC-4MwbexBGK20p6fos7fbeBE46e88v5qPvIM77G-cT61FzjeuvkpJseq8Os8TvkVJllg_yjomjCW2s9Ylb9G78H6fRzAzGlczA== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 271ms
145ms XHR
text/html 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWB9rlaK7Jplig6awu0EP50j1OPPxdH7wSMfitNC-4MwbexBGK20p6fos7fbeBE46e88v5qPvIM77G-cT61FzjeuvkpJseq8Os8TvkVJllg_yjomjCW2s9Ylb9G78H6fRzAzGlczA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-4ZQ4PLHaItWBFjI1_yfmBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmII1pBi-FB_mfUHEAtxc2yf0bmfTWDBkZvlSi5J-YXxyfl5Jal5JbqJKcW6IHZRZlJpSX4RCju1DKQiJz89PTMvPd7IwMjUwNjIWM_APL7AAABGgCQ4"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-4ZQ4PLHaItWBFjI1_yfmBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5770 0
0 260ms
132ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:24:55 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EED3 0
0 392ms
132ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:24:55 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/ Frame EED3 501 KB
160 KB 133ms
133ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

c8e9318c3c4d4267ff19a29ff8e36700e7e2b9de1dc992191a6e7157c4b97924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 16655410260656470125
age: 65114
x-content-type-options: nosniff
expires: Mon, 07 Apr 2025 12:19:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 24 Mar 2025 12:19:41 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 163372
x-xss-protection: 0
server: cafe

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame E378 2 KB
795 B 814ms
342ms Script
text/html 54.178.103.138
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame E378 30 KB
30 KB 148ms
147ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 10
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 3LmcA6n6NKrA2NzW46YyjW6eIVqNNw_FJZq-zWT1bgVgKgwknNWb9Q==
date: Tue, 25 Mar 2025 06:24:46 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWB9rlaK7Jplig6awu0EP50j1OPPxdH7wSMfitNC-4MwbexBGK20p6fos7fbeBE46e88v5qPvIM77G-cT61FzjeuvkpJseq8Os8TvkVJllg_yjomjCW2s9Ylb9G78H6fRzAzGlczA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-8U9gloDEyT_PJS-2pNy3Xw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmII0JBi-FB_mfUHEAvxcGyf0bmfTeDBs9dNjEouSfmF8cn5eSWpeSW6iSnFuiB2UWZSaUl-EQo7tQykIic_PT0zLz3eyMDI1MDYyFjPwDy-wAAAdeIktg"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-8U9gloDEyT_PJS-2pNy3Xw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H/1.1 200
OK td_js_sdk_171.js Show response
api.popin.cc/ Frame 00BF 68 KB
16 KB 290ms
289ms Script
application/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Download Go to

Full URL: https://api.popin.cc/td_js_sdk_171.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Transfer-Encoding: chunked
X-Cache-Status: HIT from 10.252.55.44
Cache-Control: max-age=3600
Timing-Allow-Origin: *
Content-Encoding: gzip
ETag: W/"d7d7ebc58d77dc27a2c068acdf41021d"
Connection: keep-alive
Cross-Origin-Resource-Policy: cross-origin
Expires: Tue, 25 Mar 2025 07:24:55 GMT
Date: Tue, 25 Mar 2025 06:24:55 GMT
Last-Modified: Tue, 28 May 2024 09:22:02 GMT
Content-Type: application/javascript
Vary: Accept-Encoding
Server: nginx
x-amz-server-side-encryption: AES256

GET
H2 200 recommend Show response
tw.popin.cc/popin_discovery/ Frame 00BF 691 B
895 B 737ms
329ms Script
application/javascript 119.63.198.189
BAIDUJP Baidu

General

Check archive.org

Download Go to

Full URL: https://tw.popin.cc/popin_discovery/recommend?mode=new&url=https%3A%2F%2Freurl.cc%2FXqAx30&&device=pc&media=reurl.cc&extra=windows&agency=popinag&topn=50&ad=10&r_category=all&country=tw&redirect=true&uid=52f70da5878afc7d5011742919895254&info=eyJ1c2VyX3RkX29zIjoiV2luZG93cyIsInVzZXJfdGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsInVzZXJfdGRfYnJvd3NlciI6IkNocm9tZSIsInVzZXJfdGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidXNlcl90ZF9zY3JlZW4iOiIxNjAweDEyMDAiLCJ1c2VyX3RkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInVzZXJfdGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiIsInVzZXJfdGRfcmVmZXJyZXIiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInVzZXJfdGRfcGF0aCI6Ii9YcUF4MzAiLCJ1c2VyX3RkX2NoYXJzZXQiOiJ1dGYtOCIsInVzZXJfdGRfbGFuZ3VhZ2UiOiJlbi11cyIsInVzZXJfdGRfY29sb3IiOiIyNC1iaXQiLCJ1c2VyX3RkX3RpdGxlIjoiIiwidXNlcl90ZF91cmwiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInVzZXJfdGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ1c2VyX3RkX2hvc3QiOiJyZXVybC5jYyIsInVzZXJfZGV2aWNlIjoicGMiLCJ1c2VyX3RpbWUiOjE3NDI4ODM4OTUyNTUsImZydWl0X2JveF9wb3NpdGlvbiI6IiIsImZydWl0X3N0eWxlIjoiIn0=&alg=ltr&uis=%7B%22ss_fl_pp%22%3Anull%2C%22ss_yh_tag%22%3Anull%2C%22ss_pub_pp%22%3Anull%2C%22ss_im_pp%22%3Anull%2C%22ss_im_id%22%3Anull%2C%22ss_gn_pp%22%3Anull%7D&callback=_p6_9e83ad8bd293
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.189 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 652459d88309bae8be107198fcd803167819ca6c4a6f8176609e4812fd8feb9d

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-length: 691
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: application/javascript;charset=UTF-8
server: nginx/1.13.5
cross-origin-resource-policy: cross-origin

GET
H2 200 track.js Show response
ad.tagtoo.co/media/ad/ Frame 00BF 7 KB
2 KB 283ms
66ms Script
text/javascript 34.111.12.34
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ad.tagtoo.co/media/ad/track.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.12.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 34.12.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 80279f6baf172b794e35da391ac30711c57a3276abda4280d170920df9cca9b1

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type,Access-Control-Allow-Origin
content-encoding: gzip
x-goog-hash: crc32c=wTuGGA==, md5=5ROst+pHZlGo3jXf0Ga7EA==
etag: "e513acb7ea476651a8de35dfd066bb10"
age: 1827
x-goog-stored-content-encoding: gzip
expires: Wed, 09 Apr 2025 05:54:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 1810
date: Tue, 25 Mar 2025 05:54:28 GMT
last-modified: Thu, 20 Mar 2025 09:18:49 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-guploader-uploadid: AKDAyIuvnwxjwpTPH1cMsFqIaNzzTiTxeWuR2nd8Ci5_3IGGhQUD-begQZmm5-og55cRWTMdhVw7VcA
cache-control: public, max-age=1296000
x-goog-storage-class: STANDARD
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1742462329152868
content-length: 1810
server: UploadServer

GET
H2 200 tuec.js Show response
uec.tagtoo.co/ Frame 00BF 10 KB
4 KB 280ms
65ms Script
application/javascript 34.107.150.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://uec.tagtoo.co/tuec.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.150.21 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 21.150.107.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=IxwxIw==, md5=L6Ez21DNgdh7j/uHKaarNQ==
etag: "2fa133db50cd81d87b8ffb8729a6ab35"
age: 3169
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 3770
date: Tue, 25 Mar 2025 05:32:06 GMT
last-modified: Tue, 12 Dec 2023 09:08:46 GMT
content-type: application/javascript
vary: Accept-Encoding
x-guploader-uploadid: AKDAyIvs4v2I4GwUtWuL0dbv_I7SeBiB9vhuI5oiXzpF1Dv8zLRH8_glAPs-L1ncwO_2aReHxcwtHBk
cache-control: public,max-age=3600
x-goog-storage-class: STANDARD
accept-ranges: bytes
x-goog-generation: 1702372126688115
content-length: 3770
server: UploadServer

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 00BF 5 KB
3 KB 957ms
313ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Tue, 25 Mar 2025 06:34:56 GMT
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H/1.1 200
OK popin_discovery5-min.js Show response
api.popin.cc/ Frame 00BF 156 KB
43 KB 464ms
188ms Script
application/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Download Go to

Full URL: https://api.popin.cc/popin_discovery5-min.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 46e977bd2e693545c10424af0ca8ae2061ce096d8e5658d997fa9ca60471e26d

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Content-Encoding: gzip
ETag: W/"51910bb1cd9873a17caea8588a900e56"
x-amz-version-id: MCe3oXQalSYt2eLBNz01lVj92TQAzYxl
Expires: Tue, 25 Mar 2025 07:24:55 GMT
Date: Tue, 25 Mar 2025 06:24:55 GMT
Last-Modified: Mon, 24 Mar 2025 06:26:46 GMT
Content-Type: application/javascript
Vary: Accept-Encoding
Transfer-Encoding: chunked
X-Cache-Status: HIT from 10.252.55.44
x-amz-replication-status: PENDING
Cache-Control: max-age=3600
Timing-Allow-Origin: *
Connection: keep-alive
Cross-Origin-Resource-Policy: cross-origin
Server: nginx
x-amz-server-side-encryption: AES256

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ Frame 00BF 66 B
222 B 721ms
341ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNCwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJsb2MiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInRkX29zIjoiV2luZG93cyIsInRkX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJ0ZF9vc192ZXJzaW9uIjoiMTAuMC4wIiwidGRfYnJvd3NlciI6IkNocm9tZSIsInRkX2Jyb3dzZXJfdmVyc2lvbiI6Ijg4LjAuNDMyNCJ9&t=1742883895259
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "5c120819-42"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: image/jpeg
last-modified: Thu, 13 Dec 2018 07:19:53 GMT
server: nginx/1.13.5

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ Frame 00BF 66 B
222 B 618ms
238ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjowLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ1aWQiOiI1MmY3MGRhNTg3OGFmYzdkNTAxMTc0MjkxOTg5NTI1NCIsInRkX3RpdGxlIjoiIiwiZXh0cmEiOiIiLCJpbnRlcmFjdGlvbl9udW1iZXIiOjAsInBvcGluX3ZlcnNpb24iOjYsInRkX29zIjoiV2luZG93cyIsInRkX29zX3ZlcnNpb24iOiIxMC4wLjAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiJ9&t=1742883895264
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "5c120819-42"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: image/jpeg
last-modified: Thu, 13 Dec 2018 07:19:53 GMT
server: nginx/1.13.5

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWB9rlaK7Jplig6awu0EP50j1OPPxdH7wSMfitNC-4MwbexBGK20p6fos7fbeBE46e88v5qPvIM77G-cT61FzjeuvkpJseq8Os8TvkVJllg_yjomjCW2s9Ylb9G78H6fRzAzGlczA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Dajheu3_9VTTjmK7uY3l0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmJw0pBi-FB_mfUHEAvxcGyf0bmfTeDDpKVXGZVckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxkbGegXl8gQEAYGwkcQ"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Dajheu3_9VTTjmK7uY3l0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWB9rlaK7Jplig6awu0EP50j1OPPxdH7wSMfitNC-4MwbexBGK20p6fos7fbeBE46e88v5qPvIM77G-cT61FzjeuvkpJseq8Os8TvkVJllg_yjomjCW2s9Ylb9G78H6fRzAzGlczA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-llhbi-MriEFLXZzEnc-luw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmJw1pBi-FB_mfUHEAvxcGyf0bmfTeDEv3W3GJVckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxkbGegXl8gQEAeEUkxA"
content-security-policy: script-src 'report-sample' 'nonce-llhbi-MriEFLXZzEnc-luw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxXa4xyx0STZ02pNwVNwCtbHA0I3SjCJ0kJLE0_JOheH5jlgd0dZ678VXILQXkA2yCJLiDl0cnANxD8qRepqqtEHWp6VFYGu865LGDJlVV33R8AE7wtLzszcb_XjRS8K0D31KxXsTw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 152ms
151ms Script
application/javascript 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXa4xyx0STZ02pNwVNwCtbHA0I3SjCJ0kJLE0_JOheH5jlgd0dZ678VXILQXkA2yCJLiDl0cnANxD8qRepqqtEHWp6VFYGu865LGDJlVV33R8AE7wtLzszcb_XjRS8K0D31KxXsTw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyODgzODk1LDM3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLG51bGwsW1s4LCJkYUh6ekRVd0hHUSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

60fdeefecd2b5aec1101ef8c1cec7954890d676d6a516692fbae327c42d5c700

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-JM2Bb6XvBHTtGoYEj2FJAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw15BiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDi2z-jczybw4uHRm4xKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGpgbGRsZ6BmbxBYYAGnosNg"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-JM2Bb6XvBHTtGoYEj2FJAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EED3 0
0 148ms
147ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsubWKLK5tvPyu88Gx5u_7oEAVUFY5-68umDsFWZrirDbDcZhy6NGj4pADPITRcvepzGiklrQRuvOXILcuNzIei2K8Altz0Hwr3HyLUc81swHsHLU5Q3yU83o1Di0M2WOKmj-wAsHZnzv8cY4qOnzaepQgisWcUrvYP3PBQeBycleSq1pf3sojq_3i7QzzLfzXr7WGzq-jniHSwSwLSrUxwR5qKpOrvzXkTm6a4F1O8g6a_8BdaL5v6UvndI-dvr4xO1_H8ZdeA4XDh7nctKfhjRKRvgTJk8ve6C8DyyIzFsuDtcaBB3h2Xb0yJvdHS5-GbX6Rhr5mzX3KsqXulJqd_PopWzO0L88OKdYTe4sF6WbCiBdblUS9Ew82b5R6p-h-Xk4wKCa7ujMwUsblJZGRNHHerKkgJsvyStu4QSUHGheBbR0dZPZ0m42kia&sai=AMfl-YRfKr2pWPi49jnmkjtSnS8QzW0r_cUbNSbXhQQ175AmI0ZPjWUQOotYu3KO33F732W4nEYJxbxhFzqVKoDQxIOpZn8OJPXYkrVW1Uizc8qX-VrYgWkrtOaZf8U&sig=Cg0ArKJSzEsmh7tgp2_6EAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 25 Mar 2025 06:24:55 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20250320/r20190131/ Frame 861D 0
0 369ms
122ms Document
text/html 64.233.180.156
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20250320/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

age: 41481
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-length: 9738
content-type: text/html; charset=ISO-8859-1
cross-origin-resource-policy: cross-origin
date: Mon, 24 Mar 2025 18:53:34 GMT
etag: 2080659458937595761
expires: Mon, 07 Apr 2025 18:53:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

404

DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
adx.holmesmind.com/adx-file/20220715/ Frame 640F
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=3173046723&pi=t.ma~as.2784%2F13803&w=300&lmt=17428838...
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html

0
0

190ms
124ms

Document
application/xml

18.160.10.29
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-29.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://reurl.cc/XqAx30
Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

age: 7
content-type: application/xml
date: Tue, 25 Mar 2025 06:24:48 GMT
server: AmazonS3
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-amz-cf-id: xj4yeS04vr26NWGzHa6QQdtOc36TaLnJ_36IgruKT0E_NZJxQiLSHQ==
x-amz-cf-pop: IAD12-P3
x-cache: Error from cloudfront

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:24:55 GMT
location: https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ Frame EED3 17 KB
13 KB 282ms
147ms XHR
application/json 142.251.163.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250320&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

83f25955c4e85a3c6fec8c1bbec30d63495439d551a26230c38055ac13477906

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12936
date: Tue, 25 Mar 2025 06:24:55 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

POST
H3 204 AGSKWxX0Sy4Xz280rBxdTRAEi8WrvQX81_VfmUBwmSOYRRtfm7CO0TVq7TtgcYOTJ2GYmBfKlHTEugeY3fUMDFz902adC02FlaGZxl_NVdYN7WdgedSSN4CLwTMWrAZ-TT0-J_jaQDX7cQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 143ms
141ms XHR
text/html 172.253.122.113
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxX0Sy4Xz280rBxdTRAEi8WrvQX81_VfmUBwmSOYRRtfm7CO0TVq7TtgcYOTJ2GYmBfKlHTEugeY3fUMDFz902adC02FlaGZxl_NVdYN7WdgedSSN4CLwTMWrAZ-TT0-J_jaQDX7cQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-9xBfYFz_hFRzabpcYy4-FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:55 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmII1pBi-FB_mfUHEAvxcGyf0bmfTeDHul8rmZRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxkbGegXl8gQEAfWAk0A"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-9xBfYFz_hFRzabpcYy4-FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://reurl.cc
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 0.js Show response
ecs.tagtoo.co/js/ Frame 00BF 201 KB
56 KB 272ms
65ms Script
text/javascript 34.102.218.41
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ecs.tagtoo.co/js/0.js
Requested by: Host: ad.tagtoo.co
URL: https://ad.tagtoo.co/media/ad/track.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.218.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 41.218.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type, Access-Control-Allow-Origin
content-encoding: gzip
x-goog-hash: crc32c=2mAcSQ==, md5=ijKbxOP20q6Aq4WlmoGeCA==
etag: "8a329bc4e3f6d2ae80ab85a59a819e08"
age: 2170
x-goog-stored-content-encoding: gzip
expires: Tue, 25 Mar 2025 07:18:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 56322
date: Tue, 25 Mar 2025 05:48:45 GMT
last-modified: Fri, 14 Feb 2025 14:16:26 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-guploader-uploadid: AKDAyIsCmHlugWfi9vXCDheDAGpU-IViYyEWsg6WhGnEd4kQaZLA7Z3PWtleM4ZvGFCdf_E
cache-control: public, max-age=5400
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1739542586669957
content-length: 56322
server: UploadServer

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ Frame EED3 18 KB
7 KB 520ms
198ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame E378 2 KB
1 KB 296ms
295ms Script
text/html 54.178.103.138
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=185&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&fp_uuid=5457-e3b96dd482231f90fbf0fd41a538ba0e&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1648136def511ea162839d073362c3d8047cbfe0f7376fa4e66ccd085bd5c9ab

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame E378 3 KB
3 KB 188ms
186ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag: "519bf06eca29382b4ee4cc4f1dace214"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2905
x-amz-cf-id: dOXoRRDvweQr488scwlwYNjrTRVKXQmc3PiGjKWmNUDK2W-ZQSykDQ==
date: Tue, 25 Mar 2025 06:24:30 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame E378 130 KB
42 KB 150ms
149ms Script
text/javascript 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"67c8043f-2072d"
cross-origin-resource-policy: cross-origin
expires: Wed, 26 Mar 2025 06:24:56 GMT
access-control-allow-origin: *
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: text/javascript
last-modified: Wed, 05 Mar 2025 07:58:55 GMT
server: nginx

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame E378 3 KB
4 KB 189ms
188ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag: "13519f9e63c9828d93a698c47992e115"
age: 45
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3197
x-amz-cf-id: x0ftuz47AJ7Ru3jYYHbN4L1vzuDXYKea5EFlIXiPfcTtuOa03MXtpA==
date: Tue, 25 Mar 2025 06:24:12 GMT
content-type: application/javascript
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame E378 3 KB
4 KB 195ms
194ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3470
x-amz-cf-id: 5V8OMYLX1vQE54Cvsg5glL6zCkJoEh0BP2s79kjqg-26r_Eo-DYWWg==
date: Tue, 25 Mar 2025 06:24:30 GMT
content-type: application/javascript
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame E378 3 KB
4 KB 195ms
194ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag: "21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age: 56
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3446
x-amz-cf-id: fT9WfGieaYFopqzTctFb_p_AMPQyrHKzISqSks8b-m3xEWifp1jHIw==
date: Tue, 25 Mar 2025 06:24:49 GMT
content-type: application/javascript
last-modified: Thu, 14 Dec 2023 06:52:43 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame E378 5 KB
6 KB 194ms
193ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag: "ec9ddd169f5fd01f28f9b31866cd4701"
age: 25
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 5467
x-amz-cf-id: NtiDQ4GW3mpUJaLEXGsFXRY9YcuYAYj1EMtE2OSDR-LQkOanGOS8Wg==
date: Tue, 25 Mar 2025 06:24:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:15:25 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ Frame 00BF 66 B
222 B 178ms
177ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjoyLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ1aWQiOiI1MmY3MGRhNTg3OGFmYzdkNTAxMTc0MjkxOTg5NTI1NCIsInRkX3ZlcnNpb24iOiIxLjcuMSIsInRkX2NsaWVudF9pZCI6IjJjZDI2ODYyLWI3NDgtNDdjZS04NDUzLWQxODM4MGI5ODM0YyIsInRkX2NoYXJzZXQiOiJ1dGYtOCIsInRkX2xhbmd1YWdlIjoiZW4tdXMiLCJ0ZF9jb2xvciI6IjI0LWJpdCIsInRkX3NjcmVlbiI6IjE2MDB4MTIwMCIsInRkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInRkX3RpdGxlIjoiIiwidGRfdXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ0ZF91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgSGVhZGxlc3NDaHJvbWUvODguMC40MzI0LjE5MCBTYWZhcmkvNTM3LjM2IiwidGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0ZF9ob3N0IjoicmV1cmwuY2MiLCJ0ZF9wYXRoIjoiL1hxQXgzMCIsInRkX3JlZmVycmVyIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfb3MiOiJXaW5kb3dzIiwidGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsImNsaWVudF9pZCI6IjJjZDI2ODYyLWI3NDgtNDdjZS04NDUzLWQxODM4MGI5ODM0YyIsImV4dHJhIjoiIiwiaW50ZXJhY3Rpb25fbnVtYmVyIjowLCJwb3Bpbl92ZXJzaW9uIjo2fQ==&t=1742883896030
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "5c120819-42"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: image/jpeg
last-modified: Thu, 13 Dec 2018 07:19:53 GMT
server: nginx/1.13.5

GET
H2 200 log.gif
r.popin.cc/ Frame 00BF 35 B
186 B 772ms
342ms Image
image/gif 119.63.198.188
BAIDUJP Baidu

General

Check archive.org

Download Go to Show image

Full URL: https://r.popin.cc/log.gif?type=related-tw&uid=52f70da5878afc7d5011742919895254&url=https%3A%2F%2Freurl.cc%2FXqAx30&t=1742883896034
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.188 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

etag: "5d6f3cde-23"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: image/gif
last-modified: Wed, 04 Sep 2019 04:26:06 GMT
server: nginx

GET
H3 200 /
www.facebook.com/tr/ Frame 00BF 0
16 B 287ms
286ms Image
text/plain 157.240.229.35
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?eid=1742883896061&id=404012299753340&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FXqAx30&rl=https%3A%2F%2Freurl.cc%2FXqAx30&if=true&ts=1742883896060&sw=1600&sh=1200&v=2.9.44&r=stable&fbp=fb.1.1742883892662.717109639826275453&it=1742883896046&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=129, rtx=0, c=30, mss=1232, tbw=12673, tp=26, tpl=0, uplat=159, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame E378 0
171 B 993ms
457ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:56 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame E378
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=BvRfhG4ABQOaDBu7OUziZw

2 B
160 B

196ms
190ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=BvRfhG4ABQOaDBu7OUziZw
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Tue, 25 Mar 2025 06:24:57 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=BvRfhG4ABQOaDBu7OUziZw
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 25 Mar 2025 06:24:57 GMT
Server: nginx

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame E378 5 KB
0 65ms
65ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Tue, 25 Mar 2025 06:34:56 GMT
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame E378
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=hlvNJkiFClGfwKJgOUziZw

2 B
131 B

297ms
294ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=hlvNJkiFClGfwKJgOUziZw
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Tue, 25 Mar 2025 06:24:57 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=hlvNJkiFClGfwKJgOUziZw
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 25 Mar 2025 06:24:57 GMT
Server: nginx

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame E378 0
187 B 548ms
226ms XHR
text/plain 74.119.117.5
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=10407320463

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.5 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:56 GMT
vary: Origin
server: Kestrel
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid.aspx Show response
prebid.scupio.com/recweb/ Frame E378 2 KB
2 KB 1222ms
384ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.4273165141627773
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: ceea1a663b1b0e7ae36f19462926791821e8f8aa10d72cdd53887fc80d94aa2a

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

Transfer-Encoding: chunked
Access-Control-Allow-Origin: https://reurl.cc
Date: Tue, 25 Mar 2025 06:24:56 GMT
Server: Kestrel
Access-Control-Allow-Credentials: true

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame E378 13 KB
13 KB 137ms
137ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=185&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&fp_uuid=5457-e3b96dd482231f90fbf0fd41a538ba0e&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 45
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: M52m2ANyVNgO2NPAzpABkUTI5zJZsUgi0HmlgZRwXareCKfPYPdLXA==
date: Tue, 25 Mar 2025 06:24:12 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 00BF 37 B
402 B 292ms
291ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

fe22835b5ffcecb14fc782dd1986d1c0a2761b5496fad3de8b0da78fc398936e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame E378 37 B
401 B 489ms
196ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

0ff8d92b07e6f7233fe46ed809504cd0d7ebd8f489423d48dd0d7346c408a2cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 3128 0
0 523ms
198ms Document
text/html 142.251.167.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 520
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:16:16 GMT
expires: Tue, 25 Mar 2025 07:06:16 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame D6AE 0
0 392ms
141ms Document
text/html 172.253.63.99
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f99.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YPWxF6mPm0eKzRYenIRQZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-YPWxF6mPm0eKzRYenIRQZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:24:56 GMT
expires: Tue, 25 Mar 2025 06:24:56 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EED3 42 B
65 B 136ms
135ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssN_qqapyPVA5dLlVz5DZvP5XLesH5ze12TRKsJEYPfx3wYEiGK9-wkHYvMAZzHazrt5Y9b8p55VwPL1z8cOo31EBvldvUpEVcXotmA3B90aPaJuSj0yc2qliQWA5oDBBq9OevSi7zA3LhpN8wVr5PMGpWLbXt-EO3WiVsLWZuUrCQ&sig=Cg0ArKJSzMF6msal_xYqEAE&id=lidar2&mcvt=1000&p=172,270,422,570&tm=1402.7000007629395&tu=402.80000019073486&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=827794272&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3881669500&rst=1742883894284&rpt=1142&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 25 Mar 2025 06:24:56 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 00BF 30 B
271 B 194ms
194ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=dd16de0d-6072-4954-9b20-c4f698f0caef

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: nginx

POST
H2 204 events
bidder.criteo.com/csm/ Frame E378 0
186 B 328ms
326ms Ping
text/plain 74.119.117.5
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.5 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:56 GMT
vary: Origin
server: Kestrel
access-control-allow-credentials: true

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame E378 43 B
365 B 127ms
125ms Image
image/gif 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=31104000, public
timing-allow-origin: *
etag: "493ea254-2b"
cross-origin-resource-policy: cross-origin
expires: Fri, 20 Mar 2026 06:24:56 GMT
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: image/gif
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame E378 43 B
365 B 189ms
187ms Image
image/gif 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=31104000, public
timing-allow-origin: *
etag: "493ea254-2b"
cross-origin-resource-policy: cross-origin
expires: Fri, 20 Mar 2026 06:24:56 GMT
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: image/gif
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame E378 0
187 B 193ms
192ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&mp=dd16de0d-6072-4954-9b20-c4f698f0caef

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: image/png
vary: Origin
server: nginx

GET
H/1.1 200
OK pixel
dd16de0d-6072-4954-9b20-c4f698f0caef.t.ssp.hinet.net/ Frame E378 0
177 B 1350ms
356ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to Show image

Full URL

https://dd16de0d-6072-4954-9b20-c4f698f0caef.t.ssp.hinet.net/pixel?bd=dd16de0d-6072-4954-9b20-c4f698f0caef&t=50ef57&referrer=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

Strict-Transport-Security: max-age=0
Content-Length: 0
Date: Tue, 25 Mar 2025 06:24:57 GMT
Content-Type: image/png
Server: nginx
Connection: keep-alive

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 00BF 0
0 148ms
147ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvjlALj5Sag6buGN0_KS_QyqflUXnzans7L5MqgGvtDCoEaP-XRZhw3UNrvxsLm7Fbl8XyfkDve75CjWPYJnOvmu8ukCmCgmopiuLiD7GpggTSWLD6vQ5ENEylpp9SSGog9whxQgZKufXTVT2zRAcPdDtNRksvaISjl2yoGzkNHhd2TI4r5llRGW468J7ZqqCIvIQqNuIWOcLW-K4-6xyDGsovzz4Iimz_iGP6PS2gzv9l8v7Dk87f_r-QOpt5fcvcpFitsDXtYPBcRsTbt4Ub6qwi4NW9tdhb_23JalINj35aP3DQejh5-Min5xpzI3ip-6osoDR8agDXKQMV8NFL8pNVraBHKvbmByWTARRhf82A3uxu853nRf-Kz2BEXIzVQbm2OMpRigX9kgpIZLj9OE6WAxlzDZZBV8sMOhAuGcvH3FkxfWIHmdsKM&sai=AMfl-YQTFJ7tj07Kp5nXjX-nsFZwV2fxS-SrjjBdz5R1G7JLBiRIYvDQ2oJWVlL5AfohiXKRLfvtcMWQGDu6RQ75fdKAlUL0yshriP1MkmFoMhJrJDvuBJ4gjZITYzw&sig=Cg0ArKJSzOpSnsjJ12VcEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:56 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 25 Mar 2025 06:24:56 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 9632 106 KB
0 0ms
0ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

a90b07df39f5a027b1516ef70cee2a3489d2f7f6c6ac31a19c1ed7445cbcc30b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 374 / 20172 / m202503200101 / config-hash: 13177625818786128424
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33596
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/ Frame 9632 525 KB
0 0ms
0ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 13877525710090312892
age: 44417
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 18:04:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 18:04:35 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 168748
x-xss-protection: 0
server: cafe

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/ Frame 9632 63 KB
0 0ms
0ms Other
text/plain 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/gpt

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

724bf9b6cead6b42a8435c2dd63959f95a2868fc29d0c19f44b7f26c83a18cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 6636832657936373745
age: 57234
x-content-type-options: nosniff
expires: Mon, 31 Mar 2025 14:30:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 14:30:58 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23172
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202503200101"

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 328A 0
0 0ms
0ms Document
text/html 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 28858
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:21:36 GMT
expires: Tue, 25 Mar 2025 07:11:36 GMT
last-modified: Mon, 24 Mar 2025 19:44:53 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ Frame 9632 17 KB
13 KB 143ms
142ms XHR
application/json 142.251.163.155
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503200101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

874b1133e8dadee35d3eec3a8d4d2f08a97f5d008789031b716aeb502cd36b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13113
date: Tue, 25 Mar 2025 06:24:57 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9632 36 KB
8 KB 223ms
222ms Fetch
text/plain 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1351634858783469&correlator=3841972866849379&eid=31086814%2C31091114%2C31091200%2C31091202%2C95332150%2C83321072%2C95340253%2C95340255&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=3758817452&sfv=1-0-41&sc=1&cookie=ID%3D4a889540576ae011%3AT%3D1742883893%3ART%3D1742883893%3AS%3DALNI_Mbc678ixuGYgHEYf2Z6hEoOxmjn9A&gpic=UID%3D000010863ba18a95%3AT%3D1742883893%3ART%3D1742883893%3AS%3DALNI_MbPEgSJzc-jyugNezBaMveYUm-dqw&abxe=1&dt=1742883897103&lmt=1742883897&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=egaxrbeqctrb&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=3&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742883896999&idt=72&adks=3360245792&frm=23&eo_id_str=ID%3Dbb0e8723727a4dde%3AT%3D1742883893%3ART%3D1742883893%3AS%3DAA-Afjavr-iQOcaLmw9Iq7Hch1bd&td=1&egid=32281&tdf=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

564e00c4bc575b87f6935f8be6313261a58a0a148fbeaa9528ea638925c4abd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: dcb
google-lineitem-id: 6499556608
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 25 Mar 2025 06:24:57 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: 138462658495
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 7949
x-xss-protection: 0
server: cafe

GET
H3 200 container.html
86c85434f5f5f4ab51836180f122c81f.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 87DF 0
0 391ms
131ms Document
text/html 64.233.180.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://86c85434f5f5f4ab51836180f122c81f.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3024
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:24:57 GMT
expires: Tue, 25 Mar 2025 06:24:57 GMT
last-modified: Thu, 30 Jan 2025 19:28:58 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ Frame 9632 18 KB
0 0ms
0ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 54E5 0
0 0ms
0ms Document
text/html 142.251.167.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 520
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:16:16 GMT
expires: Tue, 25 Mar 2025 07:06:16 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 73FF 0
0 1ms
0ms Document
text/html 172.253.63.99
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f99.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YPWxF6mPm0eKzRYenIRQZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-YPWxF6mPm0eKzRYenIRQZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:24:56 GMT
expires: Tue, 25 Mar 2025 06:24:56 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 959C 0
0 147ms
146ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDjHFJ7YR9vgGfyVj0-URnufen8YUI5Qw2HVvglg4cu1axkAW6px-fJkDXZbt20BEcKl7aLhljEBPjcBNnJfa619ueSSldTXfFazt1_8cwKy1_c43ON_RIKZ-d2U9QONKlJFtVS7kkDv5w_6zMyR5nTKIJ7dx3IYqNsMCRzAT2kDhUM3IXAJBq9qStX7VLI2Ce-zrVU5M1qfiq2BCHBUSBFRSzGx9e3BYcp-yh7ltAL0XXqslGKxpXag4SpiHOyKJYsKmnhS2xtc-zxLfpaIpEmWzA5lqYK_iQ0bHxhKOyGumtTpMprXIPJ1hp7lswmCNW73-5DCPOM3jMQozGxQ_CeEiafqpBKQ2oVPRQKtFolrfeb9H2QiERgGTe_tIW0hEyv_Isbz56t2y81YEwDyf4VzleWhj45D2I6_YIOVhIK0Qb1PL5wpreILU6P-9ht0zNgFuyVq6t9g&sai=AMfl-YQSbAyejMncJ8MNXaIAoHi9-5e9k2wjGQ71xqKq0B0RP3IiqMLiSXmBg4UlKDyZyCF0rQvZdH_oB_yw0JCHwJp9mJHJoubT_168eDnTbk07JuKSkBtMFqf4WOI&sig=Cg0ArKJSzJaDFOVsuaLpEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 25 Mar 2025 06:24:57 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame 959C 9 KB
0 1ms
1ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: 7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag: "2b18447e41c64d14195cefd72eb57400"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 9645
x-amz-cf-id: TCaSdCBcv9noSUiBHcs0xB06Zqt8h-2OzqFxluc_8DZwNI8jm1N0lQ==
date: Tue, 25 Mar 2025 06:24:28 GMT
content-type: application/javascript
last-modified: Fri, 14 Mar 2025 09:01:33 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 959C 219 KB
0 2ms
2ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 9225633084484645003
age: 1884
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:53:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 25 Mar 2025 05:53:30 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=ISO-8859-1
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68912
x-xss-protection: 0
server: cafe

GET
H2 200 capmapping.htm
cdn.holmesmind.com/js/ Frame E2A9 0
0 139ms
138ms Document
text/html 18.160.10.29
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=5457-e3b96dd482231f90fbf0fd41a538ba0e
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-29.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 47
content-length: 12184
content-type: text/html
date: Tue, 25 Mar 2025 06:24:55 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-amz-cf-id: YKbia5oi1acEPuNFSlxyXIg4pIkRMKvf597DRQHE0YAj6UGi9yp9AQ==
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame B2C3 11 KB
0 0ms
0ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: ETmTRnZkpUWh227_06a_naiD6bAb43RJzRbaSDMjaX1SO05h-ooDeA==
date: Tue, 25 Mar 2025 06:24:29 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame B2C3 2 KB
794 B 191ms
189ms Script
text/html 54.178.103.138
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Tue, 25 Mar 2025 06:24:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame B2C3 30 KB
0 2ms
2ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 10
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 3LmcA6n6NKrA2NzW46YyjW6eIVqNNw_FJZq-zWT1bgVgKgwknNWb9Q==
date: Tue, 25 Mar 2025 06:24:46 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 959C 0
0 133ms
132ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:24:57 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
DATA 200
OK truncated
/ Frame 959C 213 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f2a177ea0b1722b88c71c806c8bd6db6dc0311f3fb4dc7dcf62be1d99111312b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 959C 0
0 133ms
133ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:24:57 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame B2C3 2 KB
1 KB 206ms
194ms Script
text/html 54.178.103.138
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=255&o=1&fc=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&d=1&b=2&ts=1&ii=2&FPCK=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&fp_uuid=5457-e3b96dd482231f90fbf0fd41a538ba0e&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a854926da5e6587494189db03a349351c41731254162816580343847feefb83b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Tue, 25 Mar 2025 06:24:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame B2C3 3 KB
0 5ms
5ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag: "519bf06eca29382b4ee4cc4f1dace214"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2905
x-amz-cf-id: dOXoRRDvweQr488scwlwYNjrTRVKXQmc3PiGjKWmNUDK2W-ZQSykDQ==
date: Tue, 25 Mar 2025 06:24:30 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame B2C3 130 KB
0 6ms
6ms Script
text/javascript 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"67c8043f-2072d"
cross-origin-resource-policy: cross-origin
expires: Wed, 26 Mar 2025 06:24:56 GMT
access-control-allow-origin: *
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: text/javascript
last-modified: Wed, 05 Mar 2025 07:58:55 GMT
server: nginx

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame B2C3 3 KB
0 6ms
6ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag: "13519f9e63c9828d93a698c47992e115"
age: 45
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3197
x-amz-cf-id: x0ftuz47AJ7Ru3jYYHbN4L1vzuDXYKea5EFlIXiPfcTtuOa03MXtpA==
date: Tue, 25 Mar 2025 06:24:12 GMT
content-type: application/javascript
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame B2C3 3 KB
0 7ms
6ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3470
x-amz-cf-id: 5V8OMYLX1vQE54Cvsg5glL6zCkJoEh0BP2s79kjqg-26r_Eo-DYWWg==
date: Tue, 25 Mar 2025 06:24:30 GMT
content-type: application/javascript
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame B2C3 3 KB
0 6ms
5ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag: "21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age: 56
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3446
x-amz-cf-id: fT9WfGieaYFopqzTctFb_p_AMPQyrHKzISqSks8b-m3xEWifp1jHIw==
date: Tue, 25 Mar 2025 06:24:49 GMT
content-type: application/javascript
last-modified: Thu, 14 Dec 2023 06:52:43 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame B2C3 5 KB
0 6ms
6ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag: "ec9ddd169f5fd01f28f9b31866cd4701"
age: 25
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 5467
x-amz-cf-id: NtiDQ4GW3mpUJaLEXGsFXRY9YcuYAYj1EMtE2OSDR-LQkOanGOS8Wg==
date: Tue, 25 Mar 2025 06:24:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:15:25 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame B2C3 0
170 B 462ms
456ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:57 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid.aspx Show response
prebid.scupio.com/recweb/ Frame B2C3 2 KB
2 KB 324ms
322ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.4429774254055956
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: a48ff27ff0c1c3262a2291fc9aabec92aeb87d3ee3ee8a5839254677b8eb9533

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

Transfer-Encoding: chunked
Access-Control-Allow-Origin: https://reurl.cc
Date: Tue, 25 Mar 2025 06:24:57 GMT
Server: Kestrel
Access-Control-Allow-Credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame B2C3
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=SbzlMVVYDGmVHiPaOUziZw

2 B
20 B

193ms
191ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=SbzlMVVYDGmVHiPaOUziZw
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Tue, 25 Mar 2025 06:24:58 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=SbzlMVVYDGmVHiPaOUziZw
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 25 Mar 2025 06:24:57 GMT
Server: nginx

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame B2C3
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=AlvE95WgDDiU0gYzOkziZw

2 B
20 B

193ms
191ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=AlvE95WgDDiU0gYzOkziZw
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H3
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-store
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via: 1.1 google
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Tue, 25 Mar 2025 06:24:58 GMT
content-type: application/json; charset=utf-8

Redirect headers

Cache-Control: no-store
Location: https://ad2.apx.appier.net/v1/prebid/bid?acid=AlvE95WgDDiU0gYzOkziZw
Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: null
Content-Length: 0
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 25 Mar 2025 06:24:58 GMT
Server: nginx

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame B2C3 0
186 B 289ms
287ms XHR
text/plain 74.119.117.5
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=47820041540

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.5 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:57 GMT
vary: Origin
server: Kestrel
access-control-allow-credentials: true

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame B2C3 5 KB
0 0ms
0ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Tue, 25 Mar 2025 06:34:56 GMT
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame B2C3 36 B
400 B 191ms
190ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e2130f025ccd1b24aaecd58d29c128a4d9db1bbf04b357c452da73f2892e408e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Origin
server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 00BF 42 B
65 B 135ms
134ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsufEdqPgEEJd6k5USaBgGKC9-g6gFScFZi0j2xivCFNcBnn6avXWiPxX0_sr-pqCG2Qcax57OSrAlxWz0DI1q6TNhV0ovuMHWwWXeoDAXsR0X2viZbz4o5F6ZHCQI2TGqW_VVfF3CQtRjT9vxur_arY6icsFwux7W334yUig-SzPWU&sig=Cg0ArKJSzF6rcil_cCC5EAE&id=lidar2&mcvt=1001&p=172,1030,422,1330&tm=2827.300000190735&tu=1826.3000001907349&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1451399479&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3881669400&rst=1742883894266&rpt=2547&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 25 Mar 2025 06:24:57 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 204 collect
analytics.google.com/g/ 0
0 91ms
90ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je53l1v897965293za200&_p=1742883891953&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102926326&cid=1792140177.1742883893&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1742883892&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=scroll&epn.percent_scrolled=90&_et=33&tfd=7218
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
report-to: {"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reurl.cc
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:137:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 25 Mar 2025 06:24:57 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame B2C3 13 KB
0 0ms
0ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=255&o=1&fc=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&d=1&b=2&ts=1&ii=2&FPCK=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&fp_uuid=5457-e3b96dd482231f90fbf0fd41a538ba0e&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag: "dcf480340ca4b65dc9aa76bd9e677036"
age: 45
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 13033
x-amz-cf-id: M52m2ANyVNgO2NPAzpABkUTI5zJZsUgi0HmlgZRwXareCKfPYPdLXA==
date: Tue, 25 Mar 2025 06:24:12 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 06:01:02 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

POST
H2 204 events
bidder.criteo.com/csm/ Frame B2C3 0
186 B 338ms
331ms Ping
text/plain 74.119.117.5
AS-CRITEO

General

Check archive.org

Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.5 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:58 GMT
vary: Origin
server: Kestrel
access-control-allow-credentials: true

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame B2C3 43 B
0 3ms
3ms Image
image/gif 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=1
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=31104000, public
timing-allow-origin: *
etag: "493ea254-2b"
cross-origin-resource-policy: cross-origin
expires: Fri, 20 Mar 2026 06:24:56 GMT
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: image/gif
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame B2C3 43 B
0 5ms
5ms Image
image/gif 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=2
Requested by: Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=31104000, public
timing-allow-origin: *
etag: "493ea254-2b"
cross-origin-resource-policy: cross-origin
expires: Fri, 20 Mar 2026 06:24:56 GMT
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: image/gif
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx

GET sodar
ep1.adtrafficquality.google/pagead/ Frame EED3 0
0

GET sodar
ep1.adtrafficquality.google/pagead/ Frame 9632 0
0

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame B2C3 0
187 B 192ms
191ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&mp=1e6381d9-6ea5-400b-a0fc-381585d2eb6e

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

strict-transport-security: max-age=0
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
date: Tue, 25 Mar 2025 06:24:58 GMT
content-type: image/png
vary: Origin
server: nginx

GET pixel
1e6381d9-6ea5-400b-a0fc-381585d2eb6e.t.ssp.hinet.net/ Frame B2C3 0
0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 0D84 106 KB
0 0ms
0ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

a90b07df39f5a027b1516ef70cee2a3489d2f7f6c6ac31a19c1ed7445cbcc30b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 374 / 20172 / m202503200101 / config-hash: 13177625818786128424
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:24:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 25 Mar 2025 06:24:52 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33596
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/ Frame 0D84 525 KB
0 0ms
0ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 13877525710090312892
age: 44417
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 18:04:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 18:04:35 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 168748
x-xss-protection: 0
server: cafe

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/ Frame 0D84 63 KB
0 1ms
1ms Other
text/plain 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503200101/gpt

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

724bf9b6cead6b42a8435c2dd63959f95a2868fc29d0c19f44b7f26c83a18cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 6636832657936373745
age: 57234
x-content-type-options: nosniff
expires: Mon, 31 Mar 2025 14:30:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 24 Mar 2025 14:30:58 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23172
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202503200101"

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 35D8 0
0 1ms
1ms Document
text/html 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 28858
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Mar 2025 06:21:36 GMT
expires: Tue, 25 Mar 2025 07:11:36 GMT
last-modified: Mon, 24 Mar 2025 19:44:53 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET sodar
ep1.adtrafficquality.google/getconfig/ Frame 0D84 0
0

GET ads
securepubads.g.doubleclick.net/gampad/ Frame 0D84 0
0

GET container.html
a7e676c2c877b5568d903369ac394367.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame B4E9 0
0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0D84 36 KB
8 KB 211ms
210ms Fetch
text/plain 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1693958229396429&correlator=3629899363942016&eid=31086815%2C31091185%2C83321072&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=2044026224&sfv=1-0-41&eri=65&sc=1&cookie=ID%3D4a889540576ae011%3AT%3D1742883893%3ART%3D1742883893%3AS%3DALNI_Mbc678ixuGYgHEYf2Z6hEoOxmjn9A&gpic=UID%3D000010863ba18a95%3AT%3D1742883893%3ART%3D1742883893%3AS%3DALNI_MbPEgSJzc-jyugNezBaMveYUm-dqw&abxe=1&dt=1742883900236&lmt=1742883900&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=bhhzysikbya9&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=6&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=3&tps=3&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742883898499&idt=82&adks=3360245792&frm=23&eo_id_str=ID%3Dbb0e8723727a4dde%3AT%3D1742883893%3ART%3D1742883893%3AS%3DAA-Afjavr-iQOcaLmw9Iq7Hch1bd&td=1&egid=32281&tdf=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

7bd56d6bf7b2a7849924518fd8269ab857fd7fc801bcbecb6cbf3fe07744ca79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: dcb
google-lineitem-id: 6499556608
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 25 Mar 2025 06:25:00 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: 138462658495
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-length: 7957
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame BF00 0
0 146ms
145ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZ7hW5CYAsODKgYp1LgXYqjdi5xkMNSpCJe1xetPWFchask7y4DlFZjSqFzYpM6PvUhKdWcCxt4nL6F1eriIJ3gh_E1CdxoRl2U8r4TG4qSVBkMQBeYSVa5jTIUG4dNtGasxeOSIGGn7PhcoRyEyIkY9HsVLrk87HJplpDnTjT_UQjgAlSeYGi_WCeGURCRP2WP95v0VFLXOJPch5jKPiXWNxlo8gg1HbzmLJ7hd1YS8Ar-9ofnaXJ7llAtKZZcWtI8uN142tiMzec7Z-Dw3M0caa6DO6OmHsyVBvWyvhxjulxKiMx91hE8sClnPN6F3rNrw12rwsDugS09in_Lgm71fU9rb2X_gQhrJ2ixsJ0kzkkzdVhfhEWpOLFDx48125credWrdYr6cTMzpHHGLDWTlCEP7zIDGQ1z8IXixDjy7N7rVX8m1FLDnpk_PxrGBEBTGLZWXdXsg&sai=AMfl-YSDJMynyPQtq-NwHPJf2ib5pwiPAEd8GJFTTZ8kJNDl41NTb_dE-RabunjjQjpFZ_0MmF_SvYXK7Z2y9OnpKUJ036pxvo28g0zsNm7ptB563qronv5a_KvCEkA&sig=Cg0ArKJSzKasD6sEW7FMEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/XqAx30

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 25 Mar 2025 06:25:00 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame BF00 9 KB
0 1ms
1ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: 7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag: "2b18447e41c64d14195cefd72eb57400"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 9645
x-amz-cf-id: TCaSdCBcv9noSUiBHcs0xB06Zqt8h-2OzqFxluc_8DZwNI8jm1N0lQ==
date: Tue, 25 Mar 2025 06:24:28 GMT
content-type: application/javascript
last-modified: Fri, 14 Mar 2025 09:01:33 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame BF00 219 KB
0 1ms
1ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

content-encoding: br
etag: 9225633084484645003
age: 1884
x-content-type-options: nosniff
expires: Tue, 25 Mar 2025 06:53:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 25 Mar 2025 05:53:30 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=ISO-8859-1
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 68912
x-xss-protection: 0
server: cafe

GET
H2 200 capmapping.htm
cdn.holmesmind.com/js/ Frame 7C22 0
0 0ms
0ms Document
text/html 18.160.10.29
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=5457-e3b96dd482231f90fbf0fd41a538ba0e
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-29.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://reurl.cc/XqAx30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges: bytes
age: 47
content-length: 12184
content-type: text/html
date: Tue, 25 Mar 2025 06:24:55 GMT
etag: "313c12f57383ae26248323c3b33af799"
last-modified: Mon, 17 Mar 2025 05:33:47 GMT
server: AmazonS3
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-amz-cf-id: YKbia5oi1acEPuNFSlxyXIg4pIkRMKvf597DRQHE0YAj6UGi9yp9AQ==
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 17DE 11 KB
0 0ms
0ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag: "1ff97ce94c5a1127f915e6bf2a02c6a9"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 10957
x-amz-cf-id: ETmTRnZkpUWh227_06a_naiD6bAb43RJzRbaSDMjaX1SO05h-ooDeA==
date: Tue, 25 Mar 2025 06:24:29 GMT
content-type: application/javascript
last-modified: Thu, 16 Jan 2025 06:05:08 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BF00 0
0 132ms
131ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:25:00 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BF00 0
0 134ms
133ms Fetch
image/gif 142.251.163.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 25 Mar 2025 06:25:00 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
DATA 200
OK truncated
/ Frame BF00 212 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17d89a02a751768013d573813b220a342928de61815f21b4b3b0ab03b674aa9b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 Preset.js Show response
ad.holmesmind.com/adserver/ Frame 17DE 2 KB
794 B 192ms
191ms Script
text/html 54.178.103.138
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

access-control-allow-origin: https://reurl.cc
content-encoding: gzip
date: Tue, 25 Mar 2025 06:25:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true

GET
H2 200 js-md5.js Show response
cdn.holmesmind.com/js/ Frame 17DE 30 KB
0 1ms
1ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/js-md5.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag: "ab3f6a2aedec7585237d5fb727bebcbb"
age: 10
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 30621
x-amz-cf-id: 3LmcA6n6NKrA2NzW46YyjW6eIVqNNw_FJZq-zWT1bgVgKgwknNWb9Q==
date: Tue, 25 Mar 2025 06:24:46 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:04:56 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET ads.js
ad.holmesmind.com/adserver/ Frame 17DE 0
0

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 17DE 3 KB
0 1ms
1ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag: "519bf06eca29382b4ee4cc4f1dace214"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 2905
x-amz-cf-id: dOXoRRDvweQr488scwlwYNjrTRVKXQmc3PiGjKWmNUDK2W-ZQSykDQ==
date: Tue, 25 Mar 2025 06:24:30 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 17DE 130 KB
0 2ms
1ms Script
text/javascript 74.119.117.47
AS-CRITEO

General

Check archive.org

Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.119.117.47 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"67c8043f-2072d"
cross-origin-resource-policy: cross-origin
expires: Wed, 26 Mar 2025 06:24:56 GMT
access-control-allow-origin: *
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: text/javascript
last-modified: Wed, 05 Mar 2025 07:58:55 GMT
server: nginx

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 17DE 3 KB
0 2ms
2ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag: "13519f9e63c9828d93a698c47992e115"
age: 45
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3197
x-amz-cf-id: x0ftuz47AJ7Ru3jYYHbN4L1vzuDXYKea5EFlIXiPfcTtuOa03MXtpA==
date: Tue, 25 Mar 2025 06:24:12 GMT
content-type: application/javascript
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame 17DE 3 KB
0 2ms
2ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
age: 27
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3470
x-amz-cf-id: 5V8OMYLX1vQE54Cvsg5glL6zCkJoEh0BP2s79kjqg-26r_Eo-DYWWg==
date: Tue, 25 Mar 2025 06:24:30 GMT
content-type: application/javascript
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 17DE 3 KB
0 2ms
2ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag: "21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age: 56
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 3446
x-amz-cf-id: fT9WfGieaYFopqzTctFb_p_AMPQyrHKzISqSks8b-m3xEWifp1jHIw==
date: Tue, 25 Mar 2025 06:24:49 GMT
content-type: application/javascript
last-modified: Thu, 14 Dec 2023 06:52:43 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame 17DE 5 KB
0 3ms
3ms Script
application/javascript 18.160.10.56
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-56.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

x-amz-version-id: ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag: "ec9ddd169f5fd01f28f9b31866cd4701"
age: 25
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 5467
x-amz-cf-id: NtiDQ4GW3mpUJaLEXGsFXRY9YcuYAYj1EMtE2OSDR-LQkOanGOS8Wg==
date: Tue, 25 Mar 2025 06:24:32 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 14:15:25 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256

POST bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame 17DE 0
0

POST prebid.aspx
prebid.scupio.com/recweb/ Frame 17DE 0
0

POST

apnet
gocm.c.appier.net/ Frame 17DE
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid

0
0

POST

apnet
gocm.c.appier.net/ Frame 17DE
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid

0
0

POST cdb
bidder.criteo.com/ Frame 17DE 0
0

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 17DE 5 KB
0 0ms
0ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Download Go to

Full URL: https://t.ssp.hinet.net/utag.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 203-75-214-136.hinet-ip.hinet.net
Software: nginx /
Resource Hash: 73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer: https://reurl.cc/XqAx30

Response headers

cache-control: max-age=600
content-encoding: gzip
etag: W/"65e6c0fa-15e4"
expires: Tue, 25 Mar 2025 06:34:56 GMT
date: Tue, 25 Mar 2025 06:24:56 GMT
content-type: application/javascript
last-modified: Tue, 05 Mar 2024 06:51:38 GMT
server: nginx
vary: Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: blog.alphaloan.co
URL: https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20250320&jk=1400588031679878&bg=!NjWlNXrNAAaCZO-FomQ7ADQBe5WfOGPcI8VOARFzDcG5ENsNojsHr6LM8kjoXjrs-lb-qmHVHsn2XKZ446DPgT5VVhe3AgAAAP1SAAAAC2gBB34ANbtd3kWeMIfeTQeuemjeXfqPUPQUDQbBQidy7te105BZGyrs-GTmep_cU4Hx-UB2yZz4tx5ACgA3H9HYSrKchleFZe-WOVXwMp0Ro5Wd0VN67BStshw1OHaot1_a8c61tI1AgAk2ZrmgTYE4qATr25kCn22bjaWLcoQVSUPbSjO4wnBJ-UHu8UieruO3s5LorCRpTaCzrm027bPFuDX9XxnEdn6VeyF56710bXwbkcQR3R6JgI78aGNJrgPGJnHdkbJRZE-w7JyhsiKW_iVp-q8D0V_a5S-70vzIV2ksyzvaNSzmI8RrXQgW9xhMGfGxZ-dQGsllROXFOCEm_r-WCYyP8C8KlxbYdIB66XTdNgsUiDBN1c_s0g1ew9aGXxdrVvJM2JUUiRcWVgee3O_qCSk29fqkoKaHMvneElmyMjQ81NhHP-9n5Cbe00peJmv5CET1v2MM4EGkumIhFLvKxmh1vc794SrLZSOEoPMlgJZeZngya_CKKMHP_h2Q3dmxbGVCs7e9g8zy7L1CsUvszOGgRuhwqFm_wqZFB4W9tCNnwTmtrFZiKX0-da-d8vpstp9ZQtSlFXKc8F5YmeFRR2qa7nA9pr2wbSt7okW0ug86leYkpV-YvrLrya2808zHoT6kk9eMv67pwGIH92rVBTQ_ZxfcgUloczfcXifequqqSD_2weA7RA_6fHpaqOxSRwszgWndiNQnSIS1iah2H_b5PoAR6AvhGV8aSBzTVBUctnh-TPTneTCqrh_9DNByM-qCAi4ANLW7HNF8CFcI5uMA9eoVjSHJ3LSkdL4dSu6uWNrHaXfCyTDdrRFLLoeY5TdYikfCgek0BKvbYc0lhWPJ5r9QhzZjs-NiydoDd-M92N5Linv3kUuF7PPOlmMvu1j51OpS1fmudmCB5DORrS9TOfiEktTEIGKukX3PFqzeXH0JzwncS3ABySmjHnmx3F6ygOwGNSdcPLz-ZBsxmFPEqnmfRIyTK4bemJiAbgPR1mWmur9D6wpejneZrneZpaWqzYS_S13RaPYecXCJbenh

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202503200101&jk=1351634858783469&bg=!UFOlUxzNAAaCZO-FomQ7ADQBe5WfOBsbAw910hZhUWQpOadkDTfU2OhzlzpYARF16AtCx5DjeuyXKMj_pRlwueiHY_mhAgAAAMtSAAAADGgBB34ANcqPEg1g8_d2iFYaIG3Z4iG4TwqagXi2vJO_qkoVAIwZHIPTUHGOrGxKc-VRmU7b8pYjLT4mmQK1-NGcq-Wx3_Heofnphal9ckgR7ezFpsHFAAaQpFLNzPkH5cQW7Y6GiSxHdfb4gHAnU2rsTsYqKBmmNuBNmPRmFC5iPMkvUFCWps4j38MslxLWhM34QVjVG_TN3cJLLCRCC5vzjGJwy4Sougmcpy_RN8mL5F8z_jW_nhuoEl75vo7_d_AA8HN7GZRbTZJbrctyKD2B5WVUqFFN9Bv-yy8bOMSB0PzjaksxEHIbY7xI5UavGHcTxgqIDr_fQZzbU4_y7lRWwaJme2Pw9HB7AYfCGZaM2rxLxTbC1jUg44-DFwyQheCgriInDI9i6q_drCv_9Na7hTaku4luA8KkUmXxD3MPw1RJkgGSnUgRVoUa8AcE0cBYfRo-k2EhvILP5l7qQC-IuYeI8C3-ecIAE6ZM_sqxqYsfPkABMyZVN_06L8V4wd8hndkYRESLu_7W8WN3neVJas2NhNuNG6gKk5I5SPC5aItH4ENJoeffOdRnLgyTYdyKgsQfbgiQCgPZe3tprX36omaDAfPSwrIQkRqlK6KSDUR_Wixzx8CQ2fZbVKafCCdOPpL6FkP8N94CUMjBs4RxfX5td8nafrte9wiswSOUHOb8tPHe1sE798dGBjcpIbRYXFjy16oTNigy9UuMAUK64-5Qsgg4gOpkdPMUw6Ma-KyfhoIXYhk4TSOMj0w4I7K7NqfXXYaMktOmzM0mbLZAjhWBk5FhAOyVHdwu-L8aYEqbEngGQw0rCh24EoEqJGrRfkqqHlC-7EgbB9bwLx3pC2SqclykMGJ-kHCkO4iT6xseLPEZdEPeE38wCwE6wfVVeYYVb0sPn6UvLFS5rlxMOfLncflAnGuuV1U_XBkMyWSDwdUdwDxZERCxVlejhRKBt2D6DRkvtWvJbu63nSU16bATTwJZ6JtqwR-Ux9lGwdDp

Domain: 1e6381d9-6ea5-400b-a0fc-381585d2eb6e.t.ssp.hinet.net
URL: https://1e6381d9-6ea5-400b-a0fc-381585d2eb6e.t.ssp.hinet.net/pixel?bd=1e6381d9-6ea5-400b-a0fc-381585d2eb6e&t=50ef57&referrer=

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503200101&st=env

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1693958229396429&correlator=394032578125991&eid=31086815%2C31091185%2C83321072&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=2044026224&sfv=1-0-41&sc=1&cookie=ID%3D4a889540576ae011%3AT%3D1742883893%3ART%3D1742883893%3AS%3DALNI_Mbc678ixuGYgHEYf2Z6hEoOxmjn9A&gpic=UID%3D000010863ba18a95%3AT%3D1742883893%3ART%3D1742883893%3AS%3DALNI_MbPEgSJzc-jyugNezBaMveYUm-dqw&abxe=1&dt=1742883899217&lmt=1742883899&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=bhhzysikbya9&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=6&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742883898499&idt=82&adks=3360245792&frm=23&eo_id_str=ID%3Dbb0e8723727a4dde%3AT%3D1742883893%3ART%3D1742883893%3AS%3DAA-Afjavr-iQOcaLmw9Iq7Hch1bd&td=1&egid=32281&tdf=2

Domain: a7e676c2c877b5568d903369ac394367.safeframe.googlesyndication.com
URL: https://a7e676c2c877b5568d903369ac394367.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=6

Domain: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=511&o=1&fc=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&d=1&b=2&ts=1&ii=2&FPCK=5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6&fp_uuid=5457-e3b96dd482231f90fbf0fd41a538ba0e&initver=230627P

Domain: prebid-asia.creativecdn.com
URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids

Domain: prebid.scupio.com
URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.09904209106605233

Domain: gocm.c.appier.net
URL: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid

Domain: gocm.c.appier.net
URL: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid

Domain: bidder.criteo.com
URL: https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=52836733943

Verdicts & Comments Add Verdict or Comment

107 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reurl.cc/	1970-01-21 06:17:39	Name: _fbp Value: fb.1.1742883892662.717109639826275453
.reurl.cc/	1970-01-21 04:09:30	Name: _gid Value: GA1.2.988772698.1742883893
.reurl.cc/	1970-01-21 04:08:03	Name: _gat Value: 1
.reurl.cc/	1970-01-21 13:44:03	Name: _ga Value: GA1.1.1792140177.1742883893
.reurl.cc/	1970-01-21 13:44:03	Name: _ga_N394QBRGC0 Value: GS1.1.1742883892.1.0.1742883892.60.0.0
.reurl.cc/	1970-01-21 13:44:03	Name: _ga_ZDFZCDVDK1 Value: GS1.1.1742883892.1.0.1742883892.0.0.0
onead.onevision.com.tw/	1970-01-21 12:53:39	Name: onevision_guid Value: dcbb2106-0941-11f0-a308-0242ac120002
onead.onevision.com.tw/	1970-01-21 12:53:39	Name: oid Value: dcbb20fb-0941-11f0-a308-0242ac120002
reurl.cc/	1970-01-21 12:53:39	Name: oid Value: %257B%2522oid%2522%253A%2522dcbb2106-0941-11f0-a308-0242ac120002%2522%252C%2522ts%2522%253A-62135596800%252C%2522v%2522%253A%252220201117%2522%257D
.adsrvr.org/	1970-01-21 12:53:39	Name: TDID Value: ce94ca08-c10e-40b9-9c41-866418756130
.eyeota.net/	1970-01-21 12:53:39	Name: mako_uid Value: 195cbf9b292-7dcc0000010a4e05
.eyeota.net/	1970-01-21 04:08:04	Name: SERVERID Value: 19973~DM
.adsrvr.org/	1970-01-21 12:53:39	Name: TDCPM Value: CAEYBSABKAIyCwjIgv7Hj9z1PRAFOAE.
.prnasia.com/	1970-01-21 04:08:05	Name: __cf_bm Value: LWwFy5TK9rl9QJWjoCSG9DcQSoKSbzsjkPpr7dy.q8M-1742883894-1.0.1.1-UfTM7e1S8zsATBgW3Bp_yp863s5kSw71zgnAG6X3.QoC8Ed.t7LkBQ5w_Tg2GUs73idfu4o_wSSag.IBvpB5CV23qpy0DTZmiOb6SbcqiMo
.doubleclick.net/	1970-01-21 13:44:03	Name: IDE Value: AHWqTUk0CiS4JNaDDPyiYUpBgE2_hBDUDNsuWR50fiEvT1g3lX3-mTWWeUzJ5UKxHOM
.yahoo.com/	1970-01-21 12:54:01	Name: A3 Value: d=AQABBDZM4mcCEHJ_nkE_LCSZoHNw0_xAHVAFEgEBAQGd42fsZ9wr0iMA_eMAAA&S=AQAAAnHKxAUMIhZKTX2wAZB379U
.reurl.cc/	1970-01-21 13:29:39	Name: __gads Value: ID=4a889540576ae011:T=1742883893:RT=1742883893:S=ALNI_Mbc678ixuGYgHEYf2Z6hEoOxmjn9A
.reurl.cc/	1970-01-21 13:29:39	Name: __gpi Value: UID=000010863ba18a95:T=1742883893:RT=1742883893:S=ALNI_MbPEgSJzc-jyugNezBaMveYUm-dqw
.reurl.cc/	1970-01-21 08:27:15	Name: __eoi Value: ID=bb0e8723727a4dde:T=1742883893:RT=1742883893:S=AA-Afjavr-iQOcaLmw9Iq7Hch1bd
.crwdcntrl.net/	1970-01-21 10:36:51	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-21 10:36:51	Name: _cc_id Value: 5c1420dab83478c8ee469a33fe3dcdbe
.analytics.yahoo.com/	1970-01-21 12:53:39	Name: IDSYNC Value: 19d3~2o8u
.criteo.com/	1970-01-21 13:29:39	Name: uid Value: be0b7203-567f-4bf4-965c-8e23071c07cc
.reurl.cc/	1970-01-21 12:53:39	Name: _ss_pp_id Value: 52f70da5878afc7d5011742919895254
.reurl.cc/	1970-01-21 04:51:15	Name: ISMD5VERSION Value: 1
.reurl.cc/	1970-01-21 12:53:39	Name: FCNEC Value: %5B%5B%22AKsRol-DXDSAvfsSXPOGPNtNfi4dvDHBaaUSmbWrsA5bxtWK2jMjcDE1NgdlLGw27_o292Qyu47R6141i5w211w9I_7YEsfVkvVKiUQdw8ieubRTYWGmDbUKGeyn053pYT_L5BEKeMmp7qjkWw2OMYNCjbkG9euYdw%3D%3D%22%5D%5D
.reurl.cc/	1970-01-21 13:44:03	Name: _td Value: 2cd26862-b748-47ce-8453-d18380b9834c
.holmesmind.com/	1970-01-21 13:44:03	Name: P Value: 933408-3JlNKPBalWtol9ohyuvvaDNZUsu8Mc9Q
.holmesmind.com/	1970-01-21 04:29:11	Name: Vision Value: 20250325-23:59,20250325-17,20250325-17,20250325-23:59
.holmesmind.com/	1970-01-21 04:29:11	Name: C Value: null
.holmesmind.com/	1970-01-21 06:33:01	Name: RK Value: null
.reurl.cc/	1970-01-21 04:51:15	Name: CFFPCKUUID Value: 9839-9Jxre3oUgBemjWBFnh13YKCe4DjyxhMQ
.reurl.cc/	1970-01-21 04:51:15	Name: CFFPCKUUIDMAIN Value: 5457-oJLM9GZAR49foszNK44PpgjaGNyrI2Q6
.reurl.cc/	1970-01-21 04:51:15	Name: FPUUID Value: 5457-e3b96dd482231f90fbf0fd41a538ba0e
.popin.cc/	1970-01-21 12:53:39	Name: uid Value: 52f70da5878afc7d5011742919895254
.reurl.cc/	1970-01-21 04:08:03	Name: _tg_csi Value: 1
.holmesmind.com/	1970-01-21 04:09:30	Name: fcm Value: 1
.reurl.cc/	1970-01-21 04:08:07	Name: _ht_em Value: 1
.lndata.com/	1970-01-21 12:54:08	Name: admckid Value: 2503251424551108390
.hinet.net/	1970-01-21 13:44:03	Name: uuid Value: 1e6381d9-6ea5-400b-a0fc-381585d2eb6e
.reurl.cc/	1970-01-21 04:09:30	Name: _ht_50ef57 Value: 1
track.91app.io/	1970-01-21 13:44:03	Name: deviceid Value: 0328a3af-5db5-4f7d-8326-6929eec435f9
.holmesmind.com/	1970-01-21 04:29:11	Name: R Value: null
.holmesmind.com/	1970-01-21 06:33:01	Name: G Value: we3u7ZGJymKY5J47cKd8kQ==
.reurl.cc/	1970-01-21 04:09:30	Name: _ht_hi Value: 1
.reurl.cc/	1970-01-21 12:53:39	Name: __htid Value: 1e6381d9-6ea5-400b-a0fc-381585d2eb6e

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://reurl.cc/XqAx30(Line 75) Message: [GroupMarkerNotSet(crbug.com/242999)!:A060900BCC2E0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network	error	URL: https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg Message: Failed to load resource: net::ERR_CONNECTION_RESET

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1e6381d9-6ea5-400b-a0fc-381585d2eb6e.t.ssp.hinet.net
26d94a8ec5abf61e885fc24dc73d23b8.safeframe.googlesyndication.com
86c85434f5f5f4ab51836180f122c81f.safeframe.googlesyndication.com
a7e676c2c877b5568d903369ac394367.safeframe.googlesyndication.com
ad-specs.guoshipartners.com
ad.holmesmind.com
ad.tagtoo.co
ad2.apx.appier.net
adx.holmesmind.com
analytics.google.com
anymind360.com
api.popin.cc
bcp.crwdcntrl.net
bidder.criteo.com
blog.alphaloan.co
cdn-ima.33across.com
cdn.holmesmind.com
cdn.jsdelivr.net
cms.analytics.yahoo.com
connect.facebook.net
cpt.geniee.jp
creditcards.com.tw
dd16de0d-6072-4954-9b20-c4f698f0caef.t.ssp.hinet.net
ecs.tagtoo.co
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fundingchoicesmessages.google.com
gocm.c.appier.net
googleads.g.doubleclick.net
gum.criteo.com
img.gbyhn.com.tw
img.racingcharger.tw
invstatic101.creativecdn.com
log.popin.cc
match.adsrvr.org
mma.prnasia.com
oa.openxcdn.net
onead.onevision.com.tw
pagead2.googlesyndication.com
prebid-asia.creativecdn.com
prebid.scupio.com
ps.eyeota.net
r.popin.cc
re-news.tw
reurl.cc
s.w.org
securepubads.g.doubleclick.net
static.criteo.net
static.wixstatic.com
stats.g.doubleclick.net
storage.reurl.cc
t.ssp.hinet.net
td.doubleclick.net
trc.taboola.com
tw.popin.cc
uec.tagtoo.co
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
yads.c.yimg.jp
1e6381d9-6ea5-400b-a0fc-381585d2eb6e.t.ssp.hinet.net
a7e676c2c877b5568d903369ac394367.safeframe.googlesyndication.com
ad.holmesmind.com
bidder.criteo.com
blog.alphaloan.co
ep1.adtrafficquality.google
gocm.c.appier.net
prebid-asia.creativecdn.com
prebid.scupio.com
securepubads.g.doubleclick.net
103.1.220.9
103.132.192.30
104.18.186.31
104.18.29.101
104.18.96.225
104.21.96.9
107.178.241.176
119.63.193.220
119.63.198.143
119.63.198.188
119.63.198.189
139.162.84.221
142.251.16.157
142.251.163.132
142.251.163.154
142.251.163.155
142.251.167.132
142.251.167.156
142.251.179.100
15.197.193.217
151.101.1.44
151.101.1.55
157.240.229.35
168.95.246.2
172.253.122.113
172.253.62.154
172.253.63.99
18.160.10.29
18.160.10.56
18.160.18.18
18.214.54.215
18.235.184.124
182.22.28.252
192.0.77.48
192.0.78.25
203.137.133.156
203.75.214.136
210.59.219.34
216.239.34.181
31.13.66.19
34.102.146.192
34.102.218.41
34.107.150.21
34.111.12.34
34.149.98.30
34.160.26.175
34.96.70.87
35.185.130.121
35.190.36.98
54.178.103.138
64.233.180.132
64.233.180.156
64.233.180.97
69.147.92.12
74.119.117.17
74.119.117.47
74.119.117.5
039e147a3d5e4b0857c0230686525f58ab3b688ea092c8d963be13ac1ae0bc19
0614ad45d47a5da6d9880c2e175c88526cd223c16d2121e48bab3a9e1121f55d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c310205ab2dbf30ae9b8a24ee1359f493e1bf5c982c124e42af22b759ac07ce
0c78a6bb30656344fa9a3e996604f648572cc7d280dd30bc191e7d1271c775a0
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2
0ff8d92b07e6f7233fe46ed809504cd0d7ebd8f489423d48dd0d7346c408a2cb
1026866a2af71a3d94c95269b18ed9294e73d768a542c1ddf12bcba5d444b2d8
13b3fea42a999bd1edc7815ad83b8529ad25262807607a54101486b76d2a39a0
1648136def511ea162839d073362c3d8047cbfe0f7376fa4e66ccd085bd5c9ab
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
17d89a02a751768013d573813b220a342928de61815f21b4b3b0ab03b674aa9b
1cd0fc7d2d21881b7e1e5f0c1bf9b095a1a629d2b39e1f95cadd258d2220f476
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2158e0c7d6e383b4f5dc4fcbd092eca534cdca0b3cbf29e6b60219d245052b6c
22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840
2a9e459c9f61af953fedcfda7f293624635d8d9e21746150adaff2be5a4135c9
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f
2f2f3243b3ca28bacfb84e9ce39709851d6d688ca1c99668ea30f00855eb4684
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30
3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
3771075547e13e1a5fad47585c5043afd1ef7050ca6b2cfe2e39814eb3095383
395afb1491e62cb0666325882b2d9ffd6258f76bc2da4f8c163e0b484d82927e
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
4028b7494a76d086533ff84ca1bbf4ce58fa5259e53db3b0fb0b0260de9ca4f6
46e977bd2e693545c10424af0ca8ae2061ce096d8e5658d997fa9ca60471e26d
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4e9db1d126d8f673c8d4a553c7c4ba39d0b05e40767263b702ef048c00eb5129
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
564e00c4bc575b87f6935f8be6313261a58a0a148fbeaa9528ea638925c4abd6
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
60fdeefecd2b5aec1101ef8c1cec7954890d676d6a516692fbae327c42d5c700
652459d88309bae8be107198fcd803167819ca6c4a6f8176609e4812fd8feb9d
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484
68997dff2e114da3da598bb98f2be1d898e4b7bc81a8eecb96d47e4c1ee9b7ef
698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b
6c1cd7a6f86035e4f6eb9169e4baf1a23424e9a3fee9d5899d35c8437f663a6a
72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3
724bf9b6cead6b42a8435c2dd63959f95a2868fc29d0c19f44b7f26c83a18cdd
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517
7bd56d6bf7b2a7849924518fd8269ab857fd7fc801bcbecb6cbf3fe07744ca79
7c642a8905721c98b4f64202ec6ffb504acdc52a9d6df06a9976097cf924f5d5
80279f6baf172b794e35da391ac30711c57a3276abda4280d170920df9cca9b1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f25955c4e85a3c6fec8c1bbec30d63495439d551a26230c38055ac13477906
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624
874b1133e8dadee35d3eec3a8d4d2f08a97f5d008789031b716aeb502cd36b81
8aad7f034c2e39ee145189b327d6b1df64240486e08c7eba41d399e7e72797a6
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e
92f9f001e9f335dc3ba11338e516af016b641679e9195f7aeb9a753b05ee750a
95634eb651772e9ecc489c8a2e12cccb71cd06089ae3f03f8dab3654ce669c8c
9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3
9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf
a48ff27ff0c1c3262a2291fc9aabec92aeb87d3ee3ee8a5839254677b8eb9533
a6a132211fe21475c262557eeb7c3efad716f5ece2f3552e2894e097a9fd7bf0
a854926da5e6587494189db03a349351c41731254162816580343847feefb83b
a90b07df39f5a027b1516ef70cee2a3489d2f7f6c6ac31a19c1ed7445cbcc30b
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22
babbe3c7f3c0bf8a60c94f1d10c4559622b07136494c8ad4b2a2ac613f2c6d75
bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa
c280d38004a82811e8659f68bbd6dc8dde7f7c6a95d3172d7ddec4acf8c96d6f
c8e9318c3c4d4267ff19a29ff8e36700e7e2b9de1dc992191a6e7157c4b97924
cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1
ceea1a663b1b0e7ae36f19462926791821e8f8aa10d72cdd53887fc80d94aa2a
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dee32bfa9dddc3bd54ac9263dac28e3472c474273b29055819105377e7f7eae1
e2130f025ccd1b24aaecd58d29c128a4d9db1bbf04b357c452da73f2892e408e
e30979290b96a08639316f6e2af76ecf817cdd9d963a21dcf830363a1564d353
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
e9fdbb6665cb96d4d99c8bb2198ffcb418e9b6f731bb2a48f85b978c4da6f3ef
ea7914430f7253c1f9362072398ed315f292758cf9b58ce8edebe5a0b3ec2117
ec909a6643d0763f4c76d622fee77ec2f8e3510b1c584fe3fb398fc5c5a47d77
ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2a177ea0b1722b88c71c806c8bd6db6dc0311f3fb4dc7dcf62be1d99111312b
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b
fcf4b958769eb294a5743dffac9b9def998a568b1126f9ca3d270c9cc67268d3
fe22835b5ffcecb14fc782dd1986d1c0a2761b5496fad3de8b0da78fc398936e
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

reurl.cc Open in urlscan Pro 35.185.130.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

206 Requests

90 %HTTPS

0 %IPv6

39 Domains

62 Subdomains

54 IPs

5 Countries

3140 kBTransfer

9734 kBSize

46 Cookies

20 Outgoing links

Redirected requests

206 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Screenshot
Live screenshot

Full Image

206
Requests

90 %
HTTPS

0 %
IPv6

39
Domains

62
Subdomains

54
IPs

5
Countries

3140 kB
Transfer

9734 kB
Size

46
Cookies

206 HTTP transactions
5 data transactions