urlscan.io logo urlscan.io
SecurityTrails logo

reurl.cc Open in urlscan Pro
35.185.130.121  Public Scan

Go To Rescan Add Verdict Report
URL: https://reurl.cc/XqAx30
Submission: On March 25 via api from JP — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 52 IPs in 4 countries across 36 domains to perform 125 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 200657.
TLS certificate: Issued by R11 on March 14th 2025. Valid for: 3 months.
This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 35.185.130.121 396982 (GOOGLE-CL...)
2 2a04:4e42::485 54113 (FASTLY)
5 34.149.98.30 396982 (GOOGLE-CL...)
3 2607:f8b0:400... 15169 (GOOGLE)
11 142.250.176.194 15169 (GOOGLE)
3 203.137.133.154 4694 (IDCF IDC ...)
2 168.95.246.2 131660 (CHTCDN Da...)
5 107.178.241.176 396982 (GOOGLE-CL...)
4 157.240.241.35 32934 (FACEBOOK)
2 31.13.71.7 32934 (FACEBOOK)
4 2607:f8b0:400... 15169 (GOOGLE)
2 34.160.26.175 396982 (GOOGLE-CL...)
1 183.79.219.252 24572 (YAHOO-JP-...)
3 3 2001:4998:1c:... 14779 (YAHOO)
2 3 98.84.75.39 14618 (AMAZON-AES)
2 2 15.197.193.217 16509 (AMAZON-02)
1 2 3.233.22.19 14618 (AMAZON-AES)
1 2a04:4e42:200... 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 172.67.150.31 13335 (CLOUDFLAR...)
1 103.1.220.9 131149 (YUANJHEN-...)
1 192.0.77.48 2635 (AUTOMATTIC)
1 2600:9000:211... 16509 (AMAZON-02)
1 142.250.65.174 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 108.138.128.28 16509 (AMAZON-02)
1 34.96.70.87 396982 (GOOGLE-CL...)
1 2620:100:a00b... 19750 (AS-CRITEO)
1 104.18.28.101 13335 (CLOUDFLAR...)
1 142.250.81.225 15169 (GOOGLE)
18 142.250.80.34 15169 (GOOGLE)
3 119.63.193.220 38627 (BAIDUJP B...)
6 2600:9000:247... 16509 (AMAZON-02)
1 2620:100:a00b... 19750 (AS-CRITEO)
2 2600:9000:247... 16509 (AMAZON-02)
7 142.250.81.238 15169 (GOOGLE)
2 54.178.103.138 16509 (AMAZON-02)
1 2 142.251.40.130 15169 (GOOGLE)
1 2600:9000:247... 16509 (AMAZON-02)
1 142.250.81.226 15169 (GOOGLE)
1 119.63.198.189 38627 (BAIDUJP B...)
1 34.111.12.34 396982 (GOOGLE-CL...)
1 34.107.150.21 396982 (GOOGLE-CL...)
3 203.75.214.136 3462 (HINET Dat...)
3 119.63.198.143 38627 (BAIDUJP B...)
2 2607:f8b0:400... 15169 (GOOGLE)
1 34.102.218.41 396982 (GOOGLE-CL...)
1 31.13.71.1 32934 (FACEBOOK)
1 119.63.198.188 38627 (BAIDUJP B...)
1 142.251.40.132 15169 (GOOGLE)
125 52
1    35.185.130.121 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com
reurl.cc
2    2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
5    34.149.98.30 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 30.98.149.34.bc.googleusercontent.com
storage.reurl.cc
3    2607:f8b0:4006:80a::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
11    142.250.176.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net
securepubads.g.doubleclick.net
3    203.137.133.154 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)
cpt.geniee.jp
2    168.95.246.2 (Los Angeles, United States)

ASN131660 (CHTCDN Data Communication Business Group, TW)
PTR: 168-95-246-2.hinet-ip.hinet.net
ad-specs.guoshipartners.com
5    107.178.241.176 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.241.178.107.bc.googleusercontent.com
onead.onevision.com.tw
4    157.240.241.35 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-lga3.facebook.com
www.facebook.com
2    31.13.71.7 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-lga3.fbcdn.net
connect.facebook.net
4    2607:f8b0:4006:823::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
analytics.google.com
2    34.160.26.175 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 175.26.160.34.bc.googleusercontent.com
re-news.tw
1    183.79.219.252 (Japan)

ASN24572 (YAHOO-JP-AS-AP Yahoo Japan, JP)
yads.c.yimg.jp
3    2001:4998:1c:800::1001 (United States)

ASN14779 (YAHOO, US)
cms.analytics.yahoo.com
ups.analytics.yahoo.com
3    98.84.75.39 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-98-84-75-39.compute-1.amazonaws.com
bcp.crwdcntrl.net
2    15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
2    3.233.22.19 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-233-22-19.compute-1.amazonaws.com
ps.eyeota.net
1    2a04:4e42:200::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    2606:4700::6812:60e1 (United States)

ASN13335 (CLOUDFLARENET, US)
mma.prnasia.com
1    172.67.150.31 (United States)

ASN13335 (CLOUDFLARENET, US)
img.gbyhn.com.tw
1    103.1.220.9 (Taiwan)

ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW)
PTR: ph2.g-dns.com
img.racingcharger.tw
1    192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org
s.w.org
1    2600:9000:211c:ca00:1e:5c56:d400:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.wixstatic.com
1    142.250.65.174 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f14.1e100.net
www.google-analytics.com
1    2607:f8b0:4004:c19::9d (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2607:f8b0:4006:81d::2002 (United States)

ASN15169 (GOOGLE, US)
td.doubleclick.net
3    2607:f8b0:4006:817::200e (United States)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com
oa.openxcdn.net
1    108.138.128.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-28.jfk50.r.cloudfront.net
tags.crwdcntrl.net
1    34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com
invstatic101.creativecdn.com
1    2620:100:a00b::30 (United States)

ASN19750 (AS-CRITEO, US)
static.criteo.net
1    104.18.28.101 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn-ima.33across.com
1    142.250.81.225 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f1.1e100.net
626729f0fde5fa5aef7b37ca1f83ed81.safeframe.googlesyndication.com
18    142.250.80.34 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net
pagead2.googlesyndication.com
3    119.63.193.220 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
api.popin.cc
6    2600:9000:247b:6e00:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.holmesmind.com
1    2620:100:a00b::12 (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
2    2600:9000:247b:fa00:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.holmesmind.com
7    142.250.81.238 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f14.1e100.net
fundingchoicesmessages.google.com
2    54.178.103.138 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
ad.holmesmind.com
2    142.251.40.130 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f2.1e100.net
googleads.g.doubleclick.net
1    2600:9000:247b:8800:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
adx.holmesmind.com
1    142.250.81.226 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f2.1e100.net
ep1.adtrafficquality.google
1    119.63.198.189 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
tw.popin.cc
1    34.111.12.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.12.111.34.bc.googleusercontent.com
ad.tagtoo.co
1    34.107.150.21 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 21.150.107.34.bc.googleusercontent.com
uec.tagtoo.co
3    203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net
t.ssp.hinet.net
3    119.63.198.143 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
log.popin.cc
2    2607:f8b0:4006:81d::2001 (United States)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google
1    34.102.218.41 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 41.218.102.34.bc.googleusercontent.com
ecs.tagtoo.co
1    31.13.71.1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-shv-01-lga3.facebook.com
graph.facebook.com
1    119.63.198.188 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
r.popin.cc
1    142.251.40.132 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f4.1e100.net
www.google.com
Apex Domain
Subdomains		 Transfer
19 googlesyndication.com
626729f0fde5fa5aef7b37ca1f83ed81.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 157
380 KB
15 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 289
stats.g.doubleclick.net — Cisco Umbrella Rank: 284
td.doubleclick.net — Cisco Umbrella Rank: 327
googleads.g.doubleclick.net — Cisco Umbrella Rank: 70
235 KB
12 google.com
analytics.google.com — Cisco Umbrella Rank: 253
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 649
www.google.com — Cisco Umbrella Rank: 10
72 KB
11 holmesmind.com
cdn.holmesmind.com — Cisco Umbrella Rank: 144812
ad.holmesmind.com — Cisco Umbrella Rank: 113263
adx.holmesmind.com
53 KB
8 popin.cc
api.popin.cc — Cisco Umbrella Rank: 22807
tw.popin.cc — Cisco Umbrella Rank: 125846
log.popin.cc — Cisco Umbrella Rank: 93722
r.popin.cc — Cisco Umbrella Rank: 102226
97 KB
6 reurl.cc
reurl.cc — Cisco Umbrella Rank: 200657
storage.reurl.cc — Cisco Umbrella Rank: 279374
7 KB
5 facebook.com
www.facebook.com — Cisco Umbrella Rank: 129
graph.facebook.com — Cisco Umbrella Rank: 120
570 B
5 onevision.com.tw
onead.onevision.com.tw — Cisco Umbrella Rank: 153929
2 KB
4 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1587
tags.crwdcntrl.net — Cisco Umbrella Rank: 1524
14 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 116
22 KB
3 hinet.net
t.ssp.hinet.net — Cisco Umbrella Rank: 92735
3 KB
3 tagtoo.co
ad.tagtoo.co — Cisco Umbrella Rank: 167837
uec.tagtoo.co — Cisco Umbrella Rank: 130520
ecs.tagtoo.co — Cisco Umbrella Rank: 121351
62 KB
3 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 512
ep2.adtrafficquality.google — Cisco Umbrella Rank: 514
19 KB
3 yahoo.com
cms.analytics.yahoo.com — Cisco Umbrella Rank: 3132
ups.analytics.yahoo.com — Cisco Umbrella Rank: 830
934 B
3 geniee.jp
cpt.geniee.jp — Cisco Umbrella Rank: 35259
70 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 107
405 KB
2 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1557
2 KB
2 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 564
1 KB
2 re-news.tw
re-news.tw
31 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 255
80 KB
2 guoshipartners.com
ad-specs.guoshipartners.com — Cisco Umbrella Rank: 181880
24 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 427
58 KB
1 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 610
1 33across.com
cdn-ima.33across.com — Cisco Umbrella Rank: 1907
7 KB
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 1135
13 KB
1 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 3260
3 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 3358
8 KB
1 wixstatic.com
static.wixstatic.com — Cisco Umbrella Rank: 8835
1011 KB
1 w.org
s.w.org — Cisco Umbrella Rank: 7227
730 B
1 racingcharger.tw
img.racingcharger.tw
152 KB
1 gbyhn.com.tw
img.gbyhn.com.tw
47 KB
1 prnasia.com
mma.prnasia.com
93 KB
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 1016
200 B
1 yimg.jp
yads.c.yimg.jp — Cisco Umbrella Rank: 31472
58 KB
0 alphaloan.co Failed
blog.alphaloan.co Failed
0 creditcards.com.tw Failed
creditcards.com.tw Failed
125 36
Domain Requested by
18 pagead2.googlesyndication.com securepubads.g.doubleclick.net
pagead2.googlesyndication.com
11 securepubads.g.doubleclick.net reurl.cc
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
10 fundingchoicesmessages.google.com securepubads.g.doubleclick.net
8 cdn.holmesmind.com securepubads.g.doubleclick.net
cdn.holmesmind.com
5 onead.onevision.com.tw ad-specs.guoshipartners.com
reurl.cc
5 storage.reurl.cc reurl.cc
4 www.google-analytics.com storage.reurl.cc
www.google-analytics.com
reurl.cc
www.googletagmanager.com
4 www.facebook.com reurl.cc
3 log.popin.cc reurl.cc
3 t.ssp.hinet.net api.popin.cc
t.ssp.hinet.net
3 api.popin.cc reurl.cc
api.popin.cc
3 bcp.crwdcntrl.net 2 redirects tags.crwdcntrl.net
3 cpt.geniee.jp reurl.cc
cpt.geniee.jp
3 www.googletagmanager.com reurl.cc
www.googletagmanager.com
2 ep2.adtrafficquality.google pagead2.googlesyndication.com
ep2.adtrafficquality.google
2 googleads.g.doubleclick.net 1 redirects pagead2.googlesyndication.com
2 ad.holmesmind.com cdn.holmesmind.com
2 ps.eyeota.net 1 redirects reurl.cc
2 match.adsrvr.org 2 redirects
2 ups.analytics.yahoo.com 2 redirects
2 re-news.tw storage.reurl.cc
reurl.cc
2 connect.facebook.net storage.reurl.cc
connect.facebook.net
2 ad-specs.guoshipartners.com reurl.cc
2 cdn.jsdelivr.net reurl.cc
1 www.google.com ep2.adtrafficquality.google
1 r.popin.cc reurl.cc
1 graph.facebook.com api.popin.cc
1 ecs.tagtoo.co ad.tagtoo.co
1 uec.tagtoo.co api.popin.cc
1 ad.tagtoo.co api.popin.cc
1 tw.popin.cc api.popin.cc
1 ep1.adtrafficquality.google pagead2.googlesyndication.com
reurl.cc
1 adx.holmesmind.com pagead2.googlesyndication.com
1 gum.criteo.com static.criteo.net
1 626729f0fde5fa5aef7b37ca1f83ed81.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 cdn-ima.33across.com securepubads.g.doubleclick.net
1 static.criteo.net securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 td.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com www.googletagmanager.com
1 static.wixstatic.com reurl.cc
1 s.w.org reurl.cc
1 img.racingcharger.tw reurl.cc
1 img.gbyhn.com.tw reurl.cc
1 mma.prnasia.com reurl.cc
1 trc.taboola.com reurl.cc
1 cms.analytics.yahoo.com 1 redirects
1 yads.c.yimg.jp cpt.geniee.jp
1 reurl.cc
0 blog.alphaloan.co Failed reurl.cc
0 creditcards.com.tw Failed reurl.cc
125 54

This site contains links to these domains. Also see Links.

Domain
re-news.tw
youtils.cc
www.comptw.com
stockinfo.tw
Subject Issuer Validity Valid
reurl.cc
R11		 2025-03-14 -
2025-06-12		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
storage.reurl.cc
WR3		 2025-03-14 -
2025-06-12		 3 months crt.sh
*.google-analytics.com
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
*.g.doubleclick.net
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
*.geniee.jp
GeoTrust TLS RSA CA G1		 2024-07-30 -
2025-08-30		 a year crt.sh
ad-specs.guoshipartners.com
Go Daddy Secure Certificate Authority - G2		 2025-01-08 -
2026-01-21		 a year crt.sh
onead.onevision.com.tw
R10		 2025-02-03 -
2025-05-04		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2025-01-02 -
2025-04-02		 3 months crt.sh
wp.re-news.tw
WR3		 2025-03-04 -
2025-06-02		 3 months crt.sh
edge01.yahoo.co.jp
Cybertrust Japan SureServer CA G4		 2025-02-07 -
2026-03-06		 a year crt.sh
*.taboola.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-12-01 -
2025-12-31		 a year crt.sh
*.prnasia.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-10-23 -
2025-11-23		 a year crt.sh
gbyhn.com.tw
WE1		 2025-03-06 -
2025-06-04		 3 months crt.sh
img.racingcharger.tw
R11		 2025-02-15 -
2025-05-16		 3 months crt.sh
s.w.org
E6		 2025-02-28 -
2025-05-29		 3 months crt.sh
*.wixstatic.com
R11		 2025-01-23 -
2025-04-23		 3 months crt.sh
*.google.com
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
*.doubleclick.net
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
oa.openxcdn.net
WR3		 2025-03-12 -
2025-06-10		 3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M02		 2024-09-07 -
2025-10-07		 a year crt.sh
invstatic101.creativecdn.com
WR3		 2025-02-12 -
2025-05-13		 3 months crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-03 -
2025-05-03		 3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2024-09-05 -
2025-09-30		 a year crt.sh
*.popin.cc
Secure Site Pro CA G2		 2024-09-23 -
2025-10-24		 a year crt.sh
*.holmesmind.com
Go Daddy Secure Certificate Authority - G2		 2025-03-06 -
2026-04-07		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-09 -
2025-05-10		 3 months crt.sh
adtrafficquality.google
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
ad.tagtoo.co
WR3		 2025-02-20 -
2025-05-21		 3 months crt.sh
uec.tagtoo.co
WR3		 2025-02-23 -
2025-05-24		 3 months crt.sh
*.t.ssp.hinet.net
HiPKI OV TLS CA - G1		 2025-02-12 -
2026-02-12		 a year crt.sh
ecs.tagtoo.co
WR3		 2025-03-22 -
2025-06-20		 3 months crt.sh

This page contains 18 frames:

Primary Page: https://reurl.cc/XqAx30
Frame ID: 4E6CE52227C7C9A56FC4FB9B4D247F47
Requests: 64 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: FD42B385D0FEA0CDD58C2B755E76EB92
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=804779731.1742942719&gtm=45je53o2v897965293za200zb9181474282&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926327&z=1609690192
Frame ID: D9F987617D8E512C3D10BF3D290A6E69
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: B6C4EC9A78F0B7C88AD052A375DA684C
Requests: 1 HTTP requests in this frame

Frame: https://626729f0fde5fa5aef7b37ca1f83ed81.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Frame ID: FFF9F533159DF9B691D95C3F7B4AD09F
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsujKFHO_puGftgt3Gg5gK673022XGaO2atSR0bzZKfJx5GbHbdgTwSbq5MvYOSsIvdhIMGi7Lk5nADiv2nszJ6temOO7mKm81cVNaBTA-h4aSexOVYRT5GdHiIiTVw6uo09z3VSTEGyDRO8lM1w_jaJkJOp9WE3zKh-nUsUJN8WINBEu0dBsghOFxPeldjVPuLjzXbpIfmUV1YZQAQoip6hixkipphfq4cX8Jbua1P6X75dnU8Pk8uZ1futL6TM5i90q2Wsyp-WWJSQU358NeKiS7RwgltSjkOyExdqYqPHG--1uFxA_o1lHFBmP-0NtpPPcIRSGTGIvj9gKPNgHATUWuZuxVF91AKeqVBqpK0YII12ifwlCWlsrHDv0pp-hmIgD7-Ot6vWqu6RdG-yc8d2SIojywfAEKWoiOc7DvwlZatZYhgza8ROIA&sai=AMfl-YQfHgWyMzHGZUt-m4y04gWt8pv1Y9rME51JtRJPvJ_I1FPUsQiJGe7HMP49YBoMRE0rpsVYUFdxiIfFl_i84X9GeeMO89lpTkzZi0jVAU0IoZUHkYIUPYG30h8&sig=Cg0ArKJSzONwxqa0xJzPEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 1FF8A7F0C742CBCB40882E135384292A
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuZ4nG7bEaky7vN53dZ1uMv-u1Wvl3kPoOyxvRRCrvXZDforJiKO_DP5wXiXbemCd-xbIvnOlFwgYBaUNRMa8O4IoDitcqlwCkl8K1T56K6Zoc1sGiyXNVCy4lWtI7DfROLr8aSjDdrPrqSK0SLbmJ5ul-OFR0LWDs1bfqZ-v2hDYF3VdidBnfXFIo8yaSsDNWrEQoLaVyPTJjIkWAWDuVB9PQjl6oG7aCh04dxIF4HhqLpgpcCoyXPHNDusMr15etMOCcQeDkc6j4Xwe0IHNrvav7jz3c2Fd7oil4dHm9HawjB2ekguFaakY8w0YZaHLIjkyxZfn53Y1jwf4grNiTLNtQ2FxIOSJyTdJAIkGAPxfdZKDDgxXSTkHN7ENQbavQsoStoDGFN6Bxuvv5_K1KSekZBVcZoGGBMHBzfBrbXb3vboSpSmMp1ZQ&sai=AMfl-YQjcmGbDIdG0AqPOqni7ac2p2vzzAgPFLhhRaew8Sd5hXuKUeKkHO-vTgQXLlJBJtwPZ_CU_Lm-B9A6SKsjOWVDY1SlAUnsbH_ZXj7oeI1FQ-GKQQi78ky-inw&sig=Cg0ArKJSzJzgH0VBZ6HzEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: ED569B3220422AE445B155D21B5B1DA3
Requests: 23 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_6q7Fs0tjrZkameLs71SwTeEQsn51nAnEhLydccQeo5QUu5UKrcAYP1SBfbWCRb-cfFFc4VVA7HnRPZYmTAnoObyy5KkGngkU0puRakNR9c4cOnXMo6l7WwxW2OqnOgTnfiN6c2BH_SETTlqa4hYGOx_nIuSfwoMxBfVBkdZnzqmaQjHThQv9y133_UZbbqiVEjxeKv1D_s19EEYrS59E0DLQ-lle_uZ6ZwaTJBlcMpA7ud-Qied3OXM137jUdHrx4YRXmyMcWl4NbeVRfH1xzoUVu2uYoVeAktoX7rDRmcRyGpzAq2zx9cNJ1maIRurhCwcpadW4XK_P8DxaddV6zREBP06REmcMoQF4AsNaUJRXSc47n0ukQWRboN4Zy6K0ZX4i2HdbBevJhvNHTX83P8zKQGjaUIoOHzqKQgMC8rdDfclxHUfGwd6fz81Aclk&sai=AMfl-YR6OdDM71OY7a9Akt04A0EKvMuy4GwjIOsYq8SG7VXAJg2LCggNLj6frkx7DCmY1G4uw-uQZPfd8Jvtng0ZKUpD0HFFErTKQedlzzz3ckLgarwI9HiN--11HO4&sig=Cg0ArKJSzOQFV_JrpDt5EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 4364A0A57CD88172B059910ED7173E03
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss6SLxZvAkq5FEu6hZtEBgiSrxOF7q85WwBYruXb47vrZ408XRRcAxJCxnSy9RABlrzUXqGDJ8ubd_zUbtFwCtpi30B9mdtwiBs3t1VRky438tqGYi0pExQmqR_HzDlJKorxiUSbeE4xm_UOn2_ejOtrhKPP7jBkhJ1ayqZWBiLx9_hEjOSIGAgvdAjadNh02Oy0hAObh1VSOkR2zrV1fAlj4DrQZMggqa7OYt-EJ68MHhXqd2bzbYoaUFtP2QWwQtAX2hpcaP_SVrcUkidrGcKgzvy0I7d3xdpAj7_76HBL3nc59O26oAqaYvANWFOAho69vqK-uSt67sxPSKRmJVj7us8qiUJQ_sE-zQTD6jSxkMyyD59d_rPEL1Ii2Z-B6YszsnrkUOYOx-2qbcFjh0Q9iN5Tw3mF8rfahJup2fQcvl8TwgRvgIHC0FgiSx_UNQ&sai=AMfl-YTegYrmTWc5yxg9M-WP1amSy79KJmaum7mbYMOyqmzdqKgEdv40RupO6hPxIYPHV9ugcrasLNtqoGqCFRxPGe2hwers6agFveGA_Thfa1G3efaGxmjE4DSY7yc&sig=Cg0ArKJSzIzTzT5coH7bEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: AB2724807F3CC1D777D1AA4C0D1D1292
Requests: 6 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Frame ID: E27DAB3CC42071A60A79101B28CD8A9C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: BA8B901EE85F0806A25A8E242DDF931C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 249167997747A03AC216B31535411671
Requests: 3 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: C87B415D5FC34F56EBEAF2AD2554A9A3
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: C4C38F612E6EF4CB610BDBCAB224B32B
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250324/r20190131/zrt_lookup.html
Frame ID: A90231C7D44DF29FBE798A04CA93FDFA
Requests: 1 HTTP requests in this frame

Frame: https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Frame ID: 32970618A854FD70FFA27D0941766F19
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: D4A5DACB43A4DD57CFACE3F26C058673
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E4AC8EA7C46D403E9073CB5011A58922
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Dynamics 365 Customer Voice

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/vue(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

125
Requests

94 %
HTTPS

30 %
IPv6

36
Domains

54
Subdomains

52
IPs

4
Countries

3030 kB
Transfer

7472 kB
Size

46
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://cms.analytics.yahoo.com/cms?partner_id=OneDATA HTTP 302
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA HTTP 302
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/vzn?id=y-o_17LgtE2p.RbLhCzOXnytS1qVNp9pqJgD89vg--~A
Request Chain 29
  • https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/ltm?id=d59cb0ddf44607c2b3416d6da61c6ec2
Request Chain 30
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/ttd?id=5ebdc6ec-2245-4e8d-8027-ae36850b5432
Request Chain 31
  • https://ps.eyeota.net/pixel?pid=3m51m51&uid=d37a58a8-09ca-11f0-a73e-0242ac120002&t=ajs HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=d37a58a8-09ca-11f0-a73e-0242ac120002&t=ajs
Request Chain 103
  • https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=3173046724&pi=t.ma~as.2784%2F13803&w=300&lmt=1742942721&url=https%3A%2F%2Freurl.cc%2FXqAx30&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1742942720918&bpp=281&bdt=542&idt=512&shv=r20250324&mjsv=m202503200101&ptt=5&saldr=sd&cookie=ID%3D27d3876ed00e37ee%3AT%3D1742942720%3ART%3D1742942720%3AS%3DALNI_MZ-PNz_64p2MYKkwhd2tv6T2JH24g&gpic=UID%3D0000100146a1c8a8%3AT%3D1742942720%3ART%3D1742942720%3AS%3DALNI_MbcJaa_h43dNtJsZk9qTXITg6R5Lg&eo_id_str=ID%3D2693bb9388daf00b%3AT%3D1742942720%3ART%3D1742942720%3AS%3DAA-AfjYli3M9cJQGKs7ilA99eoPJ&correlator=2960324752442&frm=23&ife=4&pv=2&nhd=1&u_tz=-600&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1030&ady=108&biw=1600&bih=1200&isw=300&ish=250&ifk=2061651353&scr_x=0&scr_y=0&eid=95355311%2C95356498%2C95356505%2C95355300&oid=2&pvsid=1871165626744034&tmod=1993335380&uas=0&nvt=1&fc=640&brdim=450%2C450%2C450%2C450%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=1.sj9vear7puo4&fsb=1&dtd=552 HTTP 302
  • https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html

125 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request XqAx30
reurl.cc/ 		15 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.130.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
00bc01a13e6b20f23dcb452f926605c77f253da235ae64f0c4f4061efd0cf6ad

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-origin
*
access-control-expose-headers
*, Authorization, X-Authorization
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 25 Mar 2025 22:45:17 GMT
referrer-policy
no-referrer-when-downgrade
server
nginx/1.18.0 (Ubuntu)
target
https://ecv.microsoft.com/dDTk9Vwh4y
vary
Accept-Encoding Origin
x-request-id
37bdd361-79b8-4db5-b9c0-2f1b654078af
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 		152 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
age
1266254
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Tue, 25 Mar 2025 22:45:17 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-eddf8230028-FRA, cache-mad22037-MAD
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
25648
x-jsd-version
4.3.1
style.css
storage.reurl.cc/stylesheets/rwd/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/stylesheets/rwd/style.css?v=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
a0c8375c-5d2f-47a3-9691-6d74ba10387a
access-control-expose-headers
*, Authorization, X-Authorization
content-encoding
gzip
age
18223
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 17:41:34 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=28800
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
904
pixel.js
storage.reurl.cc/javascripts/ 		429 B
523 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/pixel.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
84408e91-bfed-401c-b901-42e85f4913ac
access-control-expose-headers
*, Authorization, X-Authorization
cache-control
public,max-age=28800
age
153
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
429
date
Tue, 25 Mar 2025 22:42:45 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/javascript; charset=utf-8
vary
Origin
ga2.js
storage.reurl.cc/javascripts/ 		536 B
632 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/ga2.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
4f6cdccb-bf64-4694-9fb9-3699b1d95194
access-control-expose-headers
*, Authorization, X-Authorization
cache-control
public,max-age=28800
age
19870
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
536
date
Tue, 25 Mar 2025 17:14:08 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/javascript; charset=utf-8
vary
Origin
js
www.googletagmanager.com/gtag/ 		361 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
eaafcf4275fdf4a0fde224f48b5166459893a990b9513c40a86757a6ade2d801
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires
Tue, 25 Mar 2025 22:45:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1020:0
content-length
123449
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		439 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5d867055bfb6c0bbd33aeb9e6c3dfe39ac73337bcf4babac0cfa2276a2b98369
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires
Tue, 25 Mar 2025 22:45:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1020:0
content-length
145141
x-xss-protection
0
server
Google Tag Manager
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		105 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
5fd6d2f384862570e971ac439548a7b52ca9c17ce3344566ede8b0a1d4b24d8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
889 / 20172 / m202503200101 / config-hash: 12870141940964717103
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 22:45:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33527
x-xss-protection
0
server
cafe
wrapper.min.js
cpt.geniee.jp/hb/v1/219632/1441/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.137.133.154 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
0614ad45d47a5da6d9880c2e175c88526cd223c16d2121e48bab3a9e1121f55d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=3600, private
content-encoding
gzip
etag
W/"67e29c9e-2f10"
cross-origin-resource-policy
cross-origin
expires
Tue, 25 Mar 2025 23:45:18 GMT
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
application/javascript
last-modified
Tue, 25 Mar 2025 12:07:58 GMT
server
nginx
ad-serv.min.js
ad-specs.guoshipartners.com/static/js/ 		50 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
168.95.246.2 Los Angeles, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS
168-95-246-2.hinet-ip.hinet.net
Software
HiNetCDN / OneAD
Resource Hash
8aad7f034c2e39ee145189b327d6b1df64240486e08c7eba41d399e7e72797a6

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
W/"67dbbf75-c7b9"
age
241
access-control-allow-methods
GET,POST,OPTIONS,PUT
x-varnish
521929587 506724922
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Tue, 25 Mar 2025 22:45:17 GMT
content-type
application/javascript
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Thu, 20 Mar 2025 07:10:45 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control
public, max-age=360
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
*
x-powered-by
OneAD
server
HiNetCDN
onead-lib.min.js
ad-specs.guoshipartners.com/static/js/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
168.95.246.2 Los Angeles, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS
168-95-246-2.hinet-ip.hinet.net
Software
HiNetCDN / OneAD
Resource Hash
fcf4b958769eb294a5743dffac9b9def998a568b1126f9ca3d270c9cc67268d3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
W/"67e22b0a-6524"
age
1
access-control-allow-methods
GET,POST,OPTIONS,PUT
x-varnish
165118487 157123679
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Tue, 25 Mar 2025 22:45:17 GMT
content-type
application/javascript
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Tue, 25 Mar 2025 04:03:22 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control
public, max-age=360
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
*
x-powered-by
OneAD
server
HiNetCDN
vue.min.js
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 		84 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
age
1679820
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Tue, 25 Mar 2025 22:45:17 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230020-FRA, cache-mad22037-MAD
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
33184
x-jsd-version
2.5.16
renews.js
storage.reurl.cc/javascripts/ 		404 B
551 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/renews.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
96263c85-48da-45d4-b62f-c981410b5f92
access-control-expose-headers
*, Authorization, X-Authorization
cache-control
public,max-age=28800
age
6879
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
404
date
Tue, 25 Mar 2025 20:50:38 GMT
last-modified
Tue, 09 Jul 2024 09:45:35 GMT
content-type
text/javascript; charset=utf-8
vary
Origin
loading.js
storage.reurl.cc/javascripts/ 		134 B
230 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/loading.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
7b77c903-9045-4990-ae5c-b8fd1a0e83f3
access-control-expose-headers
*, Authorization, X-Authorization
content-encoding
gzip
age
27941
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 14:59:36 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=28800
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
134
oid
onead.onevision.com.tw/v2/et/ 		374 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onead.onevision.com.tw/v2/et/oid?cb=window.text_etag_callback_2qf4e
Requested by
Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
f8d50a9eef0d09407a2d604332fe0f601736cd30f92488db151a0f82e4b349f1

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
etag
d37a589d-09ca-11f0-a73e-0242ac120002
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
548084835
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
application/javascript
last-modified
Tue, 25 Mar 2025 22:45:18 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control
max-age=600
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
374
x-onead-backend
onead-http-event-96jd-gohttp
server
gws
x-powered-by
OneAD
page.php
www.facebook.com/plugins/ Frame FD42 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-mL1Zv8KW' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
zstd
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-mL1Zv8KW' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Tue, 25 Mar 2025 22:45:18 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster
?1
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma
no-cache
priority
u=0,i
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7485881973829026694&cpp=C3&cv=1021244234&st=1742942718367"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7485881973829026694&cpp=C3&cv=1021244234&st=1742942718367", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-connection-quality
GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8350, tp=13, tpl=0, uplat=73, ullat=0
x-fb-debug
OVLqfSNzXBXbOtjjJEhGPALUDd53MoAhlXv2c+spiaWTZ3TNoVXxRgta+MSVJ6Mwh/HWc82jbLFQIhIBKffv6A==
x-xss-protection
0
fbevents.js
connect.facebook.net/en_US/ 		252 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/pixel.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-lga3.fbcdn.net
Software
/
Resource Hash
13b3fea42a999bd1edc7815ad83b8529ad25262807607a54101486b76d2a39a0
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-eZuEgIqw' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-eZuEgIqw' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8351, tp=13, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
xaJPmHKb05U29VtYTJ5y2/P0U9lnkNjFOS8RTqrpGtmYZFrLs3SaV1TejnJlkv2pygNhnh9YA6NLWv++Rt+8zw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
64608
x-xss-protection
0
origin-agent-cluster
?1
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/ga2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
age
4420
report-to
{"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 23:31:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 21:31:38 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:225:0
content-length
20994
server
Golfe2
feeds
re-news.tw/ 		6 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://re-news.tw/feeds
Requested by
Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/renews.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
175.26.160.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
46f9a79c3e96688a7551981a9d5c6791c19f9d91269d4ef1ffaf2045d4eebb9b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
public,max-age=3600
etag
W/"19b9-IYpNfiXD/R+ZOHuoIeIBdOKcKeE"
age
1380
via
1.1 google
access-control-allow-origin
https://reurl.cc
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6585
date
Tue, 25 Mar 2025 22:22:18 GMT
content-type
text/html; charset=utf-8
x-powered-by
Express
vary
Origin
adsrv
onead.onevision.com.tw/v2/ 		177 B
465 B 		Script
General
Check archive.org
Download Go to
Full URL
https://onead.onevision.com.tw/v2/adsrv?version=20240208&uid=1000480&category=-1&cookie=true&ip=&guid=d37a58a8-09ca-11f0-a73e-0242ac120002&channel=0&volume=0.5&r=&adid=&response_freq_multiple=native-drive.0&web_location=https%3A%2F%2Freurl.cc%2FXqAx30&title=Dynamics%20365%20Customer%20Voice&fp=04c6d3e15a52f9e0d5fe2d47f4a29cde&_t=1742942718558&cb=ONEAD_text_response_2qf4e&pb=0&spid=&bgid=0
Requested by
Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
a0ce2a355a601b85855df74804fb2d7e7490661f36a36f2868e693f37abcc79f

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
8753159
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
application/javascript
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-onead-guid
d37a58a8-09ca-11f0-a73e-0242ac120002
access-control-allow-credentials
true
x-onead-message
browser_incompatible
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
177
x-onead-backend
onead-http-query-ksfn-gohttp
server
gws
x-powered-by
OneAD
1675200226052423
connect.facebook.net/signals/config/ 		74 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1675200226052423?v=2.9.190&r=stable&domain=reurl.cc&hme=c1f2cecb0bd2e60711f2156ceae0254b57f69ec526dbc6c13633615b2168eda4&ex_m=71%2C124%2C109%2C113%2C62%2C4%2C102%2C70%2C16%2C98%2C90%2C51%2C55%2C178%2C181%2C193%2C189%2C190%2C192%2C29%2C103%2C53%2C78%2C191%2C173%2C176%2C186%2C187%2C194%2C135%2C41%2C199%2C196%2C197%2C34%2C148%2C15%2C50%2C203%2C202%2C137%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C110%2C52%2C112%2C39%2C111%2C30%2C95%2C26%2C174%2C177%2C145%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C104%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C106%2C105%2C107%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C244%2C171%2C122%2C160%2C153%2C2%2C36%2C64%2C42%2C108%2C45%2C80%2C69%2C114%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C101%2C115
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-lga3.fbcdn.net
Software
/
Resource Hash
0c310205ab2dbf30ae9b8a24ee1359f493e1bf5c982c124e42af22b759ac07ce
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-SbPfYyuR' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-SbPfYyuR' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=132, rtx=0, c=82, mss=1232, tbw=77059, tp=74, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
AmFXufC651E6awKMHdKFxZWTpxtkZQ0BuvkjmXhEeo+9QSRLNpmSTflxnjemDcK8dlenwANQHuhKlLc41w2n8A==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-fb-optimizer
0
document-policy
force-load-at-top
content-length
16786
x-xss-protection
0
origin-agent-cluster
?1
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/ 		525 KB
165 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
13877525710090312892
age
39481
x-content-type-options
nosniff
expires
Wed, 25 Mar 2026 11:47:17 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 25 Mar 2025 11:47:17 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168748
x-xss-protection
0
server
cafe
yads-async.js
yads.c.yimg.jp/js/ 		210 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yads.c.yimg.jp/js/yads-async.js
Requested by
Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
183.79.219.252 , Japan, ASN24572 (YAHOO-JP-AS-AP Yahoo Japan, JP),
Reverse DNS
Software
/
Resource Hash
e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
etag
"fad34f610280b86070657d734b70d7bc"
age
429
x-content-type-options
nosniff
date
Tue, 25 Mar 2025 22:38:10 GMT
content-type
text/javascript
last-modified
Tue, 18 Mar 2025 07:38:42 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=600, stale-while-revalidate=1200
accept-ch
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
ats-carp-promotion
1
x-amz-request-id
7e423960-cb23-4f7d-bf49-4d28efe2c600
permissions-policy
ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
accept-ranges
bytes
content-length
58654
x-xss-protection
1; mode=block
x-amz-server-side-encryption
AES256
gnshbrequest-v4.23.3.js
cpt.geniee.jp/hb/v1/lib/ 		181 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Requested by
Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.137.133.154 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=86400, private
content-encoding
gzip
etag
W/"67d140eb-2d3d7"
cross-origin-resource-policy
cross-origin
expires
Wed, 26 Mar 2025 22:45:18 GMT
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
application/javascript
last-modified
Wed, 12 Mar 2025 08:08:11 GMT
server
nginx
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/ 		63 KB
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
6101005619b1d8a0e6d234dc41330613febb164b982205854bf7416cff6d43fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
6539103362049255065
age
31403
x-content-type-options
nosniff
expires
Tue, 01 Apr 2025 14:01:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 25 Mar 2025 14:01:55 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23391
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503250101"
collect
www.google-analytics.com/j/ 		3 B
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=80402616&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FXqAx30&ul=en-us&de=UTF-8&dt=Dynamics%20365%20Customer%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=938350222&gjid=1181671146&cid=804779731.1742942719&tid=UA-102456694-1&_gid=1893893300.1742942719&_r=1&_slc=1&z=728785488
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

report-to
{"group":"ascnsrsgac:175:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:18 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:175:0
content-length
3
server
Golfe2
collect
www.google-analytics.com/ 		35 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=80402616&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FXqAx30&ul=en-us&de=UTF-8&dt=Dynamics%20365%20Customer%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=3&el=MTYyLjI0NS4yMDYuMjQ2&ev=1&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=804779731.1742942719&tid=UA-102456694-1&_gid=1893893300.1742942719&z=728884684
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

age
13111
report-to
{"group":"ascnsrsgac:163:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 19:06:47 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:163:0
content-length
35
server
Golfe2
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742942718769&sw=1600&sh=1200&v=2.9.190&r=stable&ec=0&o=4252&fbp=fb.1.1742942718764.378007176769945147&cs_est=true&pm=1&hrl=d962bb&ler=empty&cdl=API_unavailable&it=1742942718600&coo=false&cs_cc=1&exp=k0&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8398, tp=14, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Tue, 25 Mar 2025 22:45:18 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742942718769&sw=1600&sh=1200&v=2.9.190&r=stable&ec=0&o=4252&fbp=fb.1.1742942718764.378007176769945147&cs_est=true&pm=1&hrl=d962bb&ler=empty&cdl=API_unavailable&it=1742942718600&coo=false&cs_cc=1&exp=k0&rqm=FGET
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-Go04tSEF' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7485881973593404579&cpp=C3&cv=1021244234&st=1742942718990"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
LXYCjS5rNFfj1REqmFZkDFkd4ZCOcG18ezZscxjpO94GT8UKqGexrxNkuVP6sDuMKgiBJP6Yb3YUC2sMqkcCIA==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7485881973593404579&cpp=C3&cv=1021244234&st=1742942718990", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-Go04tSEF' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8718, tp=16, tpl=0, uplat=87, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
vzn
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=OneDATA
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true
  • https://onead.onevision.com.tw/v2/pixel/vzn?id=y-o_17LgtE2p.RbLhCzOXnytS1qVNp9pqJgD89vg--~A
170 B
202 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-o_17LgtE2p.RbLhCzOXnytS1qVNp9pqJgD89vg--~A
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
x-vendor
vzn
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
570818871
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
y-o_17LgtE2p.RbLhCzOXnytS1qVNp9pqJgD89vg--~A
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-96jd-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

strict-transport-security
max-age=31536000
location
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-o_17LgtE2p.RbLhCzOXnytS1qVNp9pqJgD89vg--~A
age
0
referrer-policy
no-referrer-when-downgrade
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
text/html
server
ATS
ltm
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
  • https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
  • https://onead.onevision.com.tw/v2/pixel/ltm?id=d59cb0ddf44607c2b3416d6da61c6ec2
170 B
202 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/ltm?id=d59cb0ddf44607c2b3416d6da61c6ec2
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
x-vendor
ltm
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
548084879
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
d59cb0ddf44607c2b3416d6da61c6ec2
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-96jd-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

expires
0
cache-control
no-cache
location
https://onead.onevision.com.tw/v2/pixel/ltm?id=d59cb0ddf44607c2b3416d6da61c6ec2
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
0
date
Tue, 25 Mar 2025 22:45:19 GMT
pragma
no-cache
ttd
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1
  • https://onead.onevision.com.tw/v2/pixel/ttd?id=5ebdc6ec-2245-4e8d-8027-ae36850b5432
170 B
202 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/ttd?id=5ebdc6ec-2245-4e8d-8027-ae36850b5432
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
x-vendor
ttd
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
558863485
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
5ebdc6ec-2245-4e8d-8027-ae36850b5432
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-96jd-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

location
https://onead.onevision.com.tw/v2/pixel/ttd?id=5ebdc6ec-2245-4e8d-8027-ae36850b5432
content-length
197
date
Tue, 25 Mar 2025 22:45:19 GMT
server
Kestrel
/
ps.eyeota.net/pixel/bounce/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=3m51m51&uid=d37a58a8-09ca-11f0-a73e-0242ac120002&t=ajs
  • https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=d37a58a8-09ca-11f0-a73e-0242ac120002&t=ajs
1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=d37a58a8-09ca-11f0-a73e-0242ac120002&t=ajs
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
HTTP/1.1
Server
3.233.22.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-22-19.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Content-Length
1228
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Tue, 25 Mar 2025 22:45:19 GMT
Content-Type
application/javascript

Redirect headers

Location
/pixel/bounce/?pid=3m51m51&uid=d37a58a8-09ca-11f0-a73e-0242ac120002&t=ajs
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Tue, 25 Mar 2025 22:45:19 GMT
cm
trc.taboola.com/sg/onedata/1/ 		0
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/onedata/1/cm
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-fastly-to-nlb-rtt
155407
x-timer
S1742942719.331619,VS0,VE157
x-vcl-time-ms
157
via
1.1 varnish
accept-ranges
bytes
x-cache
MISS
content-length
0
date
Tue, 25 Mar 2025 22:45:19 GMT
x-service-version
v1
server
nginx
x-cache-hits
0
x-served-by
cache-toj-leto2350056-TOJ
renews-title1.png
re-news.tw/images/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://re-news.tw/images/renews-title1.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
175.26.160.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
public,max-age=3600
etag
W/"5fad-191b5b37a20"
age
2575
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24493
date
Tue, 25 Mar 2025 22:02:23 GMT
last-modified
Tue, 03 Sep 2024 02:25:24 GMT
x-powered-by
Express
content-type
image/png
Asia_50_Best_2025_Logo.jpg
mma.prnasia.com/media2/2618655/5215362/ 		93 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mma.prnasia.com/media2/2618655/5215362/Asia_50_Best_2025_Logo.jpg?p=medium600
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6812:60e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
62df9552f522742e671b35e353bff19aebd47f2ee577d9404a934c71a5af101f

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
29903
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 25 Mar 2025 14:26:57 GMT
server-timing
intid;desc=ac50b1008e22db1e
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
image/jpeg
last-modified
Tue, 25 Mar 2025 14:26:56 GMT
vary
*, Accept-Encoding
access-control-allow-headers
Content-Type
cache-control
public, max-age=1
cf-ray
9261f019f995f7ab-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
95051
x-powered-by
ASP.NET
server
cloudflare
1742890397-1d49852731a8889989f1f668643ab9be-840x525.jpg
img.gbyhn.com.tw/2025/03/ 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.gbyhn.com.tw/2025/03/1742890397-1d49852731a8889989f1f668643ab9be-840x525.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6d35ac9e9b5434ed65654b99f1a486c403b06a1eae26823aa428afdcb974cc3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cf-cache-status
HIT
age
50696
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1nPQ6B8Ustpc0uS60Aa9JOeSB%2FF%2F7jphOUgZ%2F%2BUqekFsyAwQjJmUwf2KW7glZvFk64r%2BmQQxI3%2BEpPhkY%2B0esf51vF6fc%2Fopjv0cmaWwgHvEgESvgLCvutUEFmu0NbQmUEUK"}],"group":"cf-nel","max_age":604800}
expires
Tue, 01 Apr 2025 08:20:49 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=97894&min_rtt=97679&rtt_var=36783&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4136&recv_bytes=4389&delivery_rate=32628&cwnd=12000&unsent_bytes=0&cid=0fa6fd34b8c0807b&ts=131&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
image/jpeg
last-modified
Tue, 25 Mar 2025 08:13:18 GMT
vary
Accept-Encoding
priority
u=1,i
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
9261f01c9f16e78e-DFW
accept-ranges
bytes
content-length
47092
x-turbo-charged-by
LiteSpeed
server
cloudflare
%E5%8F%B0%E7%81%A3-Pay-%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6%E8%88%87%E6%8C%87%E5%AE%9A%E9%80%9A%E8%B7%AF%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2020/10/ 		0
0
2025032402565924.jpg
img.racingcharger.tw/wp-content/uploads/ 		152 KB
152 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.racingcharger.tw/wp-content/uploads/2025032402565924.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.1.220.9 , Taiwan, ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW),
Reverse DNS
ph2.g-dns.com
Software
Apache /
Resource Hash
95634eb651772e9ecc489c8a2e12cccb71cd06089ae3f03f8dab3654ce669c8c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

accept-ranges
bytes
content-length
155748
date
Tue, 25 Mar 2025 22:45:19 GMT
last-modified
Mon, 24 Mar 2025 02:57:04 GMT
content-type
image/jpeg
server
Apache
1f449.png
s.w.org/images/core/emoji/15.0.3/72x72/ 		423 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/15.0.3/72x72/1f449.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=315360000
x-nc
HIT bur 2
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
423
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
image/png
last-modified
Tue, 30 Jan 2024 01:21:05 GMT
server
nginx
x-frame-options
SAMEORIGIN
file.png
static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 		1010 KB
1011 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211c:ca00:1e:5c56:d400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.27.1.1 /
Resource Hash
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-cf-id
K9SKb9P0Cg7VSt_gc8J2b31NWQf2Usi_mH-c6BUq-RbUEUkP1yld5w==
cache-control
public, max-age=15552000, immutable
timing-allow-origin
*
age
3790099
via
1.1 google, 1.1 13123a343330dc5aacb74d5b3c4fdf0e.cloudfront.net (CloudFront)
x-wixmp-trace
projects/wix-media-infrastructure/traces/2spVhEK7hN7G4oknE9KNdNWC2Cu
access-control-allow-origin
*
x-seen-by
image-manipulator-79c6fd85fd-jw8kv
content-length
1033732
alt-svc
h3=":443"; ma=86400
date
Mon, 10 Feb 2025 01:57:00 GMT
content-type
image/png
x-cache
Hit from cloudfront
server
openresty/1.27.1.1
x-amz-cf-pop
JFK52-P4
%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
blog.alphaloan.co/wp-content/uploads/2021/04/ 		0
0
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je53o2v9181474282za200&_p=1742942718084&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102015666~102482433~102788824~102803279~102813109~102887800~102926061~102926327&cid=804779731.1742942719&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1742942719&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2359
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.174 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f14.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:87:0
report-to
{"group":"ascnsrsggc:87:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:87:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:87:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
text/plain
server
Golfe2
js
www.googletagmanager.com/gtag/ 		439 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0&cx=c&gtm=45je53o2v9181474282za200&tag_exp=102015666~102482433~102788824~102803279~102813109~102887800~102926061~102926327
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0093087eabbc54738b9d84e826eebe06b97482a362feecee306a4e3c23b7e72a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires
Tue, 25 Mar 2025 22:45:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1020:0
content-length
145147
x-xss-protection
0
server
Google Tag Manager
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je53o2v897965293za200zb9181474282&_p=1742942718084&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926327&cid=804779731.1742942719&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1742942719&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2419
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
report-to
{"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:137:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
543 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N394QBRGC0&cid=804779731.1742942719&gtm=45je53o2v897965293za200zb9181474282&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926327
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:112:0
report-to
{"group":"ascnsrsggc:112:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:112:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:112:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame D9F9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=804779731.1742942719&gtm=45je53o2v897965293za200zb9181474282&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926327&z=1609690192
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 25 Mar 2025 22:45:19 GMT
expires
Tue, 25 Mar 2025 22:45:19 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
128002626
fundingchoicesmessages.google.com/i/ 		196 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/128002626?ers=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
df95786ec646501005f649bb791b948fde2ae66a7ab9a81342cf262a0949ffa1
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-bDjiGZ6NGgN0NWAvk2Jgwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmLw15BiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDj-P-7ZzybwYvaKRUxKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGpgbGRsZ6BmbxBYYAIaEsOw"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-bDjiGZ6NGgN0NWAvk2Jgwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
policy-check
cpt.geniee.jp/hb/v1/ 		12 B
162 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cpt.geniee.jp/hb/v1/policy-check?loc=https%3A%2F%2Freurl.cc%2FXqAx30&list_id=mid-219632&gam_id=gam-424536528%2Cgam-0
Requested by
Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.137.133.154 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
*
cache-control
max-age=10800, private
content-length
12
date
Tue, 25 Mar 2025 22:45:19 GMT
content-type
application/json
server
nginx
cross-origin-resource-policy
cross-origin
AGSKWxWofDjuY95xruSHziPUa3GGbGi6HPQsuXwuTyazfH58ncDTu4Il6u5vWtc-Qjm8NFOhY4Z-YXaTY96PyaEc6HQqjjhQQZQVZMEr6y_vXK-KU4WlryS7h_JSpRCy41V_xPelAZDLAA==
fundingchoicesmessages.google.com/f/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWofDjuY95xruSHziPUa3GGbGi6HPQsuXwuTyazfH58ncDTu4Il6u5vWtc-Qjm8NFOhY4Z-YXaTY96PyaEc6HQqjjhQQZQVZMEr6y_vXK-KU4WlryS7h_JSpRCy41V_xPelAZDLAA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyOTQyNzE5LDk3NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLG51bGwsW1s4LCJkYUh6ekRVd0hHUSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
da0b229074ed616433a50ef15781237ab26bdeb694b40219de68ad1a3050110b
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-PFkonYwRvQUMP3dWfoO3DA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmII0pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFuDkanvTsZxNYsf6lqpJGUn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUbyRgZGpgbGRsZ6BWXyBIQDY-ytV"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-PFkonYwRvQUMP3dWfoO3DA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame B6C4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
2700
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28858
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 25 Mar 2025 22:00:20 GMT
expires
Tue, 25 Mar 2025 22:50:20 GMT
last-modified
Mon, 24 Mar 2025 19:44:53 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
esp.js
oa.openxcdn.net/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-goog-metageneration
1
content-encoding
gzip
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag
"df5542b88bc0e368c6999754a5b9e2ba"
age
639951
x-goog-stored-content-encoding
gzip
expires
Wed, 18 Mar 2026 12:59:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
7927
date
Tue, 18 Mar 2025 12:59:29 GMT
last-modified
Thu, 27 May 2021 18:30:51 GMT
content-type
application/javascript
x-guploader-uploadid
AKDAyIvuhycBiZV9JeORnaJQHZmOjiL0vuW97VD_EUR507Gfo-1WAjwPJLIgsSbqvowsnZT2CV3ySGx02hF6
cache-control
no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
x-goog-generation
1622140251693895
content-length
7927
server
UploadServer
sync.min.js
tags.crwdcntrl.net/lt/c/16589/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-28.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
30b32e97f2e3e06deb742bf2e19daeb4f4657a956e836c2a25a7df2bc72f7500

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

vary
Accept-Encoding
cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"7db46e1255a018ecf02f47b2c19c26c4"
age
48987
via
1.1 d60ae27dae636821c1e43441a8146e02.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Xa1hoNX9bJ_yeqU4oxRSGMDprEwQh1X4r8-7rt4nNCYpDFofExMy9w==
date
Tue, 25 Mar 2025 09:08:53 GMT
content-type
text/javascript
last-modified
Tue, 20 Aug 2024 18:47:40 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
x-amz-server-side-encryption
AES256
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
861bdaf24bda5c0db45c6ebe1c94a9eb
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2729
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 05 Feb 2025 14:45:21 GMT
server
Google Frontend
x-cloud-trace-context
dfdbc11ef63b2a73e7e714f54ffc4392
publishertag.ids.js
static.criteo.net/js/ld/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-a641"
cross-origin-resource-policy
cross-origin
expires
Wed, 26 Mar 2025 22:45:20 GMT
access-control-allow-origin
*
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
ob.js
cdn-ima.33across.com/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ima.33across.com/ob.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
public, max-age=259200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"678fc4ec-4599"
age
273567
cf-ray
9261f0215b85cb7a-LAX
expires
Fri, 28 Mar 2025 22:45:20 GMT
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
application/javascript
last-modified
Tue, 21 Jan 2025 16:01:48 GMT
vary
Accept-Encoding
server
cloudflare
ads
securepubads.g.doubleclick.net/gampad/ 		183 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2532067914478494&correlator=2778738210365572&eid=31090592%2C95355141%2C95355264%2C83321073%2C83321344&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fifs&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C13848%2C18535%2C13856%2C13860%2C14209%2C14210&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7&prev_iu_szs=300x250%2C1x1%7C320x480%2C300x250%2C300x250%2C1x1%7C320x50%7C300x100%7C320x100%2C300x250&ifi=1&didk=3663017418~954026992~3220679602~2335188262~1073006158~4279657583&dids=div-gpt-ad-1692339097859-0~div-gpt-ad-1706005027566-0~div-gpt-ad-1682415009667-0~div-gpt-ad-1682415043506-0~div-gpt-ad-1683598631228-0~div-gpt-ad-1683598657711-0&adfs=1641170635~~3999208325~~4276429512~3230137061&sfv=1-0-41&sc=1&cookie_enabled=1&abxe=1&dt=1742942719997&lmt=1742942719&adxs=1005%2C-9%2C245%2C-9%2C245%2C625&adys=108%2C-9%2C108%2C-9%2C455%2C108&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C-1%7C0%7C-1%7C0%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=380x250%7C0x-1%7C380x250%7C0x-1%7C1140x50%7C380x250&msz=350x250%7C0x-1%7C350x250%7C0x-1%7C1110x50%7C350x250&fws=0%2C2%2C0%2C2%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742942717345&idt=1790&adks=1451399479%2C4066066610%2C827794272%2C3475397127%2C3271617715%2C3242553145&frm=20&eoidce=1&td=1&egid=37876&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
04df675f4ee9d89656a13870784e32956695799c6c79e628a747d6a2f4af2bd1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
dcb
google-lineitem-id
6690069789,6405456366,6424070779,-2,6499557592,6499556608
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2,-2,-2,-2,-2,-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138468304473,138452341869,138456634296,-2,138462658624,138462658495
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
14563
x-xss-protection
0
server
cafe
container.html
626729f0fde5fa5aef7b37ca1f83ed81.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame FFF9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://626729f0fde5fa5aef7b37ca1f83ed81.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.225 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f1.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 25 Mar 2025 22:45:20 GMT
expires
Tue, 25 Mar 2025 22:45:20 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
AGSKWxXUeN-Kxn5eOxFVcbBBPahOxkEhDrEFjSLb5SljK_anPtqQ97qAyAJL6Q2sAwgfuvu8SEkYgU3AoXiFev5afnXTPo9jZNjqs83Ktyr9B1GE_dkd4yw7-uGMoNedn79ZOX3KenbwbQ==
fundingchoicesmessages.google.com/f/ 		9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXUeN-Kxn5eOxFVcbBBPahOxkEhDrEFjSLb5SljK_anPtqQ97qAyAJL6Q2sAwgfuvu8SEkYgU3AoXiFev5afnXTPo9jZNjqs83Ktyr9B1GE_dkd4yw7-uGMoNedn79ZOX3KenbwbQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyOTQyNzIwLDE2MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcmV1cmwuY2MvWHFBeDMwIixudWxsLFtbOCwiZGFIenpEVXdIR1EiXSxbOSwiZW4tVVMiXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwiIl0sWzI5LCJmYWxzZSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7c3ceff73cfe5e875c549a01defbdc769b76db59cba1d8cdb4332e9aae3f629b
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-5UlnGnJs41-mZLyoqLtqSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw15BiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFuDkanvTsZxM40P-jTEkjKb8wPjk_r6QoM6m0JL8oLTkttTi1qCy1KN7IwMjUwNjIWM_ALL7AEADjQSui"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-5UlnGnJs41-mZLyoqLtqSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
view
securepubads.g.doubleclick.net/pcs/ Frame 1FF8 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsujKFHO_puGftgt3Gg5gK673022XGaO2atSR0bzZKfJx5GbHbdgTwSbq5MvYOSsIvdhIMGi7Lk5nADiv2nszJ6temOO7mKm81cVNaBTA-h4aSexOVYRT5GdHiIiTVw6uo09z3VSTEGyDRO8lM1w_jaJkJOp9WE3zKh-nUsUJN8WINBEu0dBsghOFxPeldjVPuLjzXbpIfmUV1YZQAQoip6hixkipphfq4cX8Jbua1P6X75dnU8Pk8uZ1futL6TM5i90q2Wsyp-WWJSQU358NeKiS7RwgltSjkOyExdqYqPHG--1uFxA_o1lHFBmP-0NtpPPcIRSGTGIvj9gKPNgHATUWuZuxVF91AKeqVBqpK0YII12ifwlCWlsrHDv0pp-hmIgD7-Ot6vWqu6RdG-yc8d2SIojywfAEKWoiOc7DvwlZatZYhgza8ROIA&sai=AMfl-YQfHgWyMzHGZUt-m4y04gWt8pv1Y9rME51JtRJPvJ_I1FPUsQiJGe7HMP49YBoMRE0rpsVYUFdxiIfFl_i84X9GeeMO89lpTkzZi0jVAU0IoZUHkYIUPYG30h8&sig=Cg0ArKJSzONwxqa0xJzPEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Tue, 25 Mar 2025 22:45:20 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 1FF8 		40 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
c878ae706fa2478cd7a60e16d04155ece7fe8dadaeaa99f14af9bddf0b0e7fef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
2902462894664344687
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 22:45:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
15182
x-xss-protection
0
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 1FF8 		219 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
771
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 23:32:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 25 Mar 2025 22:32:29 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=ISO-8859-1
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame ED56 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuZ4nG7bEaky7vN53dZ1uMv-u1Wvl3kPoOyxvRRCrvXZDforJiKO_DP5wXiXbemCd-xbIvnOlFwgYBaUNRMa8O4IoDitcqlwCkl8K1T56K6Zoc1sGiyXNVCy4lWtI7DfROLr8aSjDdrPrqSK0SLbmJ5ul-OFR0LWDs1bfqZ-v2hDYF3VdidBnfXFIo8yaSsDNWrEQoLaVyPTJjIkWAWDuVB9PQjl6oG7aCh04dxIF4HhqLpgpcCoyXPHNDusMr15etMOCcQeDkc6j4Xwe0IHNrvav7jz3c2Fd7oil4dHm9HawjB2ekguFaakY8w0YZaHLIjkyxZfn53Y1jwf4grNiTLNtQ2FxIOSJyTdJAIkGAPxfdZKDDgxXSTkHN7ENQbavQsoStoDGFN6Bxuvv5_K1KSekZBVcZoGGBMHBzfBrbXb3vboSpSmMp1ZQ&sai=AMfl-YQjcmGbDIdG0AqPOqni7ac2p2vzzAgPFLhhRaew8Sd5hXuKUeKkHO-vTgQXLlJBJtwPZ_CU_Lm-B9A6SKsjOWVDY1SlAUnsbH_ZXj7oeI1FQ-GKQQi78ky-inw&sig=Cg0ArKJSzJzgH0VBZ6HzEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Tue, 25 Mar 2025 22:45:20 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
cf_reurl_tw_gam.js
api.popin.cc/searchbox/ Frame ED56 		129 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Content-Encoding
gzip
ETag
W/"84c303c8957ac66aa38f2a88e2291b99"
x-amz-version-id
u2A0lYWFB7No0ZP_ZBKUcX5kfrhgSMHf
Expires
Tue, 25 Mar 2025 23:45:20 GMT
Date
Tue, 25 Mar 2025 22:45:20 GMT
Last-Modified
Wed, 19 Mar 2025 07:07:58 GMT
Content-Type
text/javascript
Vary
Accept-Encoding
Transfer-Encoding
chunked
X-Cache-Status
HIT from 10.252.55.25
x-amz-replication-status
PENDING
Cache-Control
max-age=3600
Timing-Allow-Origin
*
Connection
keep-alive
Cross-Origin-Resource-Policy
cross-origin
Server
nginx
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame ED56 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
771
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 23:32:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 25 Mar 2025 22:32:29 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=ISO-8859-1
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 4364 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_6q7Fs0tjrZkameLs71SwTeEQsn51nAnEhLydccQeo5QUu5UKrcAYP1SBfbWCRb-cfFFc4VVA7HnRPZYmTAnoObyy5KkGngkU0puRakNR9c4cOnXMo6l7WwxW2OqnOgTnfiN6c2BH_SETTlqa4hYGOx_nIuSfwoMxBfVBkdZnzqmaQjHThQv9y133_UZbbqiVEjxeKv1D_s19EEYrS59E0DLQ-lle_uZ6ZwaTJBlcMpA7ud-Qied3OXM137jUdHrx4YRXmyMcWl4NbeVRfH1xzoUVu2uYoVeAktoX7rDRmcRyGpzAq2zx9cNJ1maIRurhCwcpadW4XK_P8DxaddV6zREBP06REmcMoQF4AsNaUJRXSc47n0ukQWRboN4Zy6K0ZX4i2HdbBevJhvNHTX83P8zKQGjaUIoOHzqKQgMC8rdDfclxHUfGwd6fz81Aclk&sai=AMfl-YR6OdDM71OY7a9Akt04A0EKvMuy4GwjIOsYq8SG7VXAJg2LCggNLj6frkx7DCmY1G4uw-uQZPfd8Jvtng0ZKUpD0HFFErTKQedlzzz3ckLgarwI9HiN--11HO4&sig=Cg0ArKJSzOQFV_JrpDt5EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Tue, 25 Mar 2025 22:45:20 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame 4364 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:6e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
5
via
1.1 be85287d15abd3cfecdfa319493ba256.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
O4ERg1D1S_7NbVasI4agMnUdSYMdyiMU0Jdb6miIYPlfxvz8u0RPBg==
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 4364 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
771
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 23:32:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 25 Mar 2025 22:32:29 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=ISO-8859-1
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame AB27 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss6SLxZvAkq5FEu6hZtEBgiSrxOF7q85WwBYruXb47vrZ408XRRcAxJCxnSy9RABlrzUXqGDJ8ubd_zUbtFwCtpi30B9mdtwiBs3t1VRky438tqGYi0pExQmqR_HzDlJKorxiUSbeE4xm_UOn2_ejOtrhKPP7jBkhJ1ayqZWBiLx9_hEjOSIGAgvdAjadNh02Oy0hAObh1VSOkR2zrV1fAlj4DrQZMggqa7OYt-EJ68MHhXqd2bzbYoaUFtP2QWwQtAX2hpcaP_SVrcUkidrGcKgzvy0I7d3xdpAj7_76HBL3nc59O26oAqaYvANWFOAho69vqK-uSt67sxPSKRmJVj7us8qiUJQ_sE-zQTD6jSxkMyyD59d_rPEL1Ii2Z-B6YszsnrkUOYOx-2qbcFjh0Q9iN5Tw3mF8rfahJup2fQcvl8TwgRvgIHC0FgiSx_UNQ&sai=AMfl-YTegYrmTWc5yxg9M-WP1amSy79KJmaum7mbYMOyqmzdqKgEdv40RupO6hPxIYPHV9ugcrasLNtqoGqCFRxPGe2hwers6agFveGA_Thfa1G3efaGxmjE4DSY7yc&sig=Cg0ArKJSzIzTzT5coH7bEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Tue, 25 Mar 2025 22:45:20 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame AB27 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:6e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
5
via
1.1 be85287d15abd3cfecdfa319493ba256.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
O4ERg1D1S_7NbVasI4agMnUdSYMdyiMU0Jdb6miIYPlfxvz8u0RPBg==
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame AB27 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
771
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 23:32:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 25 Mar 2025 22:32:29 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=ISO-8859-1
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
map
bcp.crwdcntrl.net/6/ 		235 B
563 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
98.84.75.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-84-75-39.compute-1.amazonaws.com
Software
/
Resource Hash
9e18d3dae56f9ee36ed324c49ab8a87729fd3ff4dac97380b16629155a6d1ea5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://reurl.cc
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
235
date
Tue, 25 Mar 2025 22:45:20 GMT
content-type
application/json;charset=utf-8
syncframe
gum.criteo.com/ Frame E27D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

cache-control
private, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 25 Mar 2025 22:45:20 GMT
server
Kestrel
server-processing-duration-in-ticks
459660
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 1FF8 		185 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
366981711984dae1cc6edd14926c661e75f433a963e299435dab3fade5b01672
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
16225981605638296132
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 22:45:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
60717
x-xss-protection
0
server
cafe
capmapping.htm
cdn.holmesmind.com/js/ Frame BA8B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fa00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
6
content-length
12184
content-type
text/html
date
Tue, 25 Mar 2025 22:45:16 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 edcde1a12cafce029607be0b1782d4aa.cloudfront.net (CloudFront)
x-amz-cf-id
-OIGcaS52idT7Yst20tuVGL-R4tMdFZxfI98QP1rhj1JjjER0o3gVQ==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame 2491 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:6e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
51
via
1.1 be85287d15abd3cfecdfa319493ba256.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
jcm0FTW2jy2nB0_aGLaKUGfG8-6iP7fogJfhwGNvjebfCv0_n8BgOg==
date
Tue, 25 Mar 2025 22:44:31 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
capmapping.htm
cdn.holmesmind.com/js/ Frame C87B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:fa00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
6
content-length
12184
content-type
text/html
date
Tue, 25 Mar 2025 22:45:16 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 edcde1a12cafce029607be0b1782d4aa.cloudfront.net (CloudFront)
x-amz-cf-id
-OIGcaS52idT7Yst20tuVGL-R4tMdFZxfI98QP1rhj1JjjER0o3gVQ==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame C4C3 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:6e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
51
via
1.1 be85287d15abd3cfecdfa319493ba256.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
jcm0FTW2jy2nB0_aGLaKUGfG8-6iP7fogJfhwGNvjebfCv0_n8BgOg==
date
Tue, 25 Mar 2025 22:44:31 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
adxcm_-affiliate-link.
fundingchoicesmessages.google.com/f/AGSKWxVXkFR65UqBbNnKAqCWtYd1eXrBkL0_nagNqhoeFMjnGAWpR1MIICaQpqCwyfpmkBMQOucz1mnFU3iQ1_1Q6bacVPV36gkKvJsUOeoJDkhr-e9fn_2aE0wlIXE1Dc3Ib-0MVMAnlWi1O_jIxLf5GcutJGNFV... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVXkFR65UqBbNnKAqCWtYd1eXrBkL0_nagNqhoeFMjnGAWpR1MIICaQpqCwyfpmkBMQOucz1mnFU3iQ1_1Q6bacVPV36gkKvJsUOeoJDkhr-e9fn_2aE0wlIXE1Dc3Ib-0MVMAnlWi1O_jIxLf5GcutJGNFVq_tMtYckWs-xIH5nKkM3zulD_ohSBUE/_-inspire-ad./ads/square3.-article-advert-/adxcm_-affiliate-link.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
0a6880ff1f9fe45313c723efcd693af8603952003402aead17850beb138e08b3
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-YwPEQEklAQK5ENA_U7dAJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmLw0pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFuDkan_TsZxO4MK1NUkkjKb8wPjk_r6QoM6m0JL8oLTkttTi1qCy1KN7IwMjUwNjIWM_ALL7AEADFmiru"
content-security-policy
script-src 'report-sample' 'nonce-YwPEQEklAQK5ENA_U7dAJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
lidar.js
pagead2.googlesyndication.com/pagead/js/ 		251 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
5404d9af6d898dd5e915beef38d2b6183982e39a557694e0821cf17139760509
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
319788235636082801
age
863
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 23:30:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 25 Mar 2025 22:30:58 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
80706
x-xss-protection
0
server
cafe
AGSKWxVFuW_dPSmbbmX9deMwjGHArnW1wPkzSR6MX8McnRJNDN0f1JjpBX-xxV-JPh_rqcIx7MjsgRetS85oU6a5d0equtGNIRtlM1oOmGwG_iB-4Q8VAm6dQvt3fYEuIunJUrFH6h2HTg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVFuW_dPSmbbmX9deMwjGHArnW1wPkzSR6MX8McnRJNDN0f1JjpBX-xxV-JPh_rqcIx7MjsgRetS85oU6a5d0equtGNIRtlM1oOmGwG_iB-4Q8VAm6dQvt3fYEuIunJUrFH6h2HTg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-eZ20xQAk-pyMGrtWzeK_Mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw0ZBi-FB_mfUHEAtxczQ-6dnPJnBh0sdwJZek_ML45Py8ktS8Et3ElGJdELsoM6m0JL8IhZ1aBlKRk5-enpmXHm9kYGRqYGxkomdgGl9gAABI4iQ_"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-eZ20xQAk-pyMGrtWzeK_Mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
gen_204
pagead2.googlesyndication.com/pagead/ Frame ED56 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4364 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame ED56 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f6d92b76a76bf2df5bbc0bda62406018a68ff43cba8531923d60297d48ffe367

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame 4364 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
939f850eddbfd8b31dacd72b3ae982a463be8381e01f515eab2992be6340383c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1FF8 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame AB27 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame ED56 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4364 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1FF8 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame AB27 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 1FF8 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d77ab0a4a569cf9b0f51252793eedcb39deb36adebdeeae0120da9bbf5750b0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame AB27 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ffaecbab80e8a8e995e00e6540c6987eccf2d7e691f39973466c2b2d70ff728

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
Preset.js
ad.holmesmind.com/adserver/ Frame 2491 		7 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14209
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
43a71fb6e8f61126f7dfb3fe8a1a01eba8cfbff5cd7d681bba0e62f64ad924c7

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 2491 		30 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:6e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
via
1.1 be85287d15abd3cfecdfa319493ba256.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
RefreshHit from cloudfront
content-length
30621
x-amz-cf-id
aHCkxxsw3NqwUNGriLmbPHxkaJDI7HJC6-rhleRv8HQvY5AO4R0j5A==
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
Preset.js
ad.holmesmind.com/adserver/ Frame C4C3 		2 KB
795 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame C4C3 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:6e00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
via
1.1 be85287d15abd3cfecdfa319493ba256.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
RefreshHit from cloudfront
content-length
30621
x-amz-cf-id
aHCkxxsw3NqwUNGriLmbPHxkaJDI7HJC6-rhleRv8HQvY5AO4R0j5A==
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
AGSKWxVFuW_dPSmbbmX9deMwjGHArnW1wPkzSR6MX8McnRJNDN0f1JjpBX-xxV-JPh_rqcIx7MjsgRetS85oU6a5d0equtGNIRtlM1oOmGwG_iB-4Q8VAm6dQvt3fYEuIunJUrFH6h2HTg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVFuW_dPSmbbmX9deMwjGHArnW1wPkzSR6MX8McnRJNDN0f1JjpBX-xxV-JPh_rqcIx7MjsgRetS85oU6a5d0equtGNIRtlM1oOmGwG_iB-4Q8VAm6dQvt3fYEuIunJUrFH6h2HTg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-j2NCQVkUj_vv3rH19AFZxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw15Bi-FB_mfUHEAtxczQ-6dnPJtBxor1cySUpvzA-OT-vJDWvRDcxpVgXxC7KTCotyS9CYaeWgVTk5KenZ-alxxsZGJkaGBuZ6BmYxhcYAAAvpSPm"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-j2NCQVkUj_vv3rH19AFZxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
show_ads_impl.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/ Frame 1FF8 		501 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
c8e9318c3c4d4267ff19a29ff8e36700e7e2b9de1dc992191a6e7157c4b97924
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
16655410260656470125
age
2666
x-content-type-options
nosniff
expires
Tue, 08 Apr 2025 22:00:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 25 Mar 2025 22:00:55 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
163372
x-xss-protection
0
server
cafe
AGSKWxVFuW_dPSmbbmX9deMwjGHArnW1wPkzSR6MX8McnRJNDN0f1JjpBX-xxV-JPh_rqcIx7MjsgRetS85oU6a5d0equtGNIRtlM1oOmGwG_iB-4Q8VAm6dQvt3fYEuIunJUrFH6h2HTg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVFuW_dPSmbbmX9deMwjGHArnW1wPkzSR6MX8McnRJNDN0f1JjpBX-xxV-JPh_rqcIx7MjsgRetS85oU6a5d0equtGNIRtlM1oOmGwG_iB-4Q8VAm6dQvt3fYEuIunJUrFH6h2HTg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-GjY20h3EI9lkiwNEDy3_DQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw0JBi-FB_mfUHEAvxcDQ-6dnPJvDjU-NGRiWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkamBsZKJnYBpfYAAAc_Ykrw"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-GjY20h3EI9lkiwNEDy3_DQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxVFuW_dPSmbbmX9deMwjGHArnW1wPkzSR6MX8McnRJNDN0f1JjpBX-xxV-JPh_rqcIx7MjsgRetS85oU6a5d0equtGNIRtlM1oOmGwG_iB-4Q8VAm6dQvt3fYEuIunJUrFH6h2HTg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVFuW_dPSmbbmX9deMwjGHArnW1wPkzSR6MX8McnRJNDN0f1JjpBX-xxV-JPh_rqcIx7MjsgRetS85oU6a5d0equtGNIRtlM1oOmGwG_iB-4Q8VAm6dQvt3fYEuIunJUrFH6h2HTg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-hqWkLpu_Sr2ejMl3AcOIqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmII0pBi-FB_mfUHEAvxcDQ-6dnPJrDg_pxNjEouSfmF8cn5eSWpeSW6iSnFuiB2UWZSaUl-EQo7tQykIic_PT0zLz3eyMDI1MDYyETPwDS-wAAAYGskag"
content-security-policy
script-src 'report-sample' 'nonce-hqWkLpu_Sr2ejMl3AcOIqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxWu39xZGfMjb1oo7tH3ZlIjMCcsAFBmTwlR75UNzRNjsz7M4yzws8x59pe8ajMixTPgYMq3cDtDC5zCl7whveDNNExuvTokaXqdf1VRr6KLFHobEjohYxBBoyRCObQilJlHy9nKmw==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWu39xZGfMjb1oo7tH3ZlIjMCcsAFBmTwlR75UNzRNjsz7M4yzws8x59pe8ajMixTPgYMq3cDtDC5zCl7whveDNNExuvTokaXqdf1VRr6KLFHobEjohYxBBoyRCObQilJlHy9nKmw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyOTQyNzIxLDI5MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLG51bGwsW1s4LCJkYUh6ekRVd0hHUSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
a6d4317cafb10dd29ce8b3157c1bcf46a4ffc68543efbb9186090aa0252b99af
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ZQuCownz3iYA2AOpxMwXPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjctDikmLw0JBiOHHrNtMFIG69eY51OhAbrT3P6gLEhgqXWJ2B-P66S6zPgfhD_WXWH0BcJHGFtQWIhXg4Gp_07GcT6Fi7dR-jkkZSfmF8cn5eSVFmUmlJflFaclpqcWpRWWpRvJGBkamBsZGxnoFZfIEhAC1rMJ8"
content-security-policy
script-src 'report-sample' 'nonce-ZQuCownz3iYA2AOpxMwXPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
view
securepubads.g.doubleclick.net/pcs/ Frame 1FF8 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstyS15sQuk7_1yUJ6kx_s3cOJE4hQzMx3jIhrAotn4MS_f2vt1ZpA-4DWeylXqp8nM48f19BfWG7fN7C1eOs6pDA1_Djajr8__RbU7ztnj1gg0Cw2vRtLHvVrWoFUpBae-SLz8GNWX-1daFca_vZb7HkLZ-u0KFx4vx5GUXrFBBBZhMUDGpLjdy6KvT_SFOD0lXEkIPorM1wV8WOGACvtClInHGWQqE5WLQw2Su7fdLkqNBWAnoaRLdiC_eqH6kgjUmfukDdycSK6JdyphuSLY9w_RlTth6wsX5ny_HF1MdSM0G78-KuBKT36rfAoAKYYnojA7sm2KyUvOiWj_I555wwTcm6iNBy-bFzA2y0bbz4Idh4QDFQ-CTd50zOKtTFT6na_tEq3Un-ktXoNeeMplu03xFwWuuHI4GsytHVh_j0is16QMG6AghWWNi&sai=AMfl-YQeazXQSDFf7YKkGrXD7PGnXwHxUCPUD9nchsoNWOcnjjxGayNIOnGJCdGFFt4KQpR0hLIO0K_QyvvBOldJSgcnvhailoaQ1jI_2O3CT8SQORg1F4hiRyMapSE&sig=Cg0ArKJSzO252HrmRu3zEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 22:45:21 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20250324/r20190131/ Frame A902 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20250324/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.130 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

age
9185
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4228
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 25 Mar 2025 20:12:16 GMT
etag
2080659458937595761
expires
Tue, 08 Apr 2025 20:12:16 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
adx.holmesmind.com/adx-file/20220715/ Frame 3297
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=3173046724&pi=t.ma~as.2784%2F13803&w=300&lmt=17429427...
  • https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:8800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/XqAx30
Sec-Browsing-Topics
();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

age
2
content-type
application/xml
date
Tue, 25 Mar 2025 22:45:20 GMT
server
AmazonS3
via
1.1 dd0e76eb9b3ff90ab87e33f1490318e8.cloudfront.net (CloudFront)
x-amz-cf-id
aRgAAvVO37wM4QsiWUzBFuTUIdjoYO-hQVp-CZQWGgVX9w1Y3iDAow==
x-amz-cf-pop
JFK52-P2
x-cache
Error from cloudfront

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 25 Mar 2025 22:45:21 GMT
location
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame 1FF8 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250324&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
cafe /
Resource Hash
dbec5a35c91c2309e503947a91174fdb288e3d842805e550cc505bf8b6173f5e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13036
date
Tue, 25 Mar 2025 22:45:21 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
AGSKWxWLB7BYr9FUfUE3jVL_nU3TSfh8wBY1LP0A-rdjIR_YRYB4BbRFuY_HsHBS6SEDWuw3ZNKChEqrvQWOMeJio6b7h1OtFAnVO0htb6qUz-Xx0EdzisuI9AjE5EizLXz2OJLdI6v_2A==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWLB7BYr9FUfUE3jVL_nU3TSfh8wBY1LP0A-rdjIR_YRYB4BbRFuY_HsHBS6SEDWuw3ZNKChEqrvQWOMeJio6b7h1OtFAnVO0htb6qUz-Xx0EdzisuI9AjE5EizLXz2OJLdI6v_2A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-WSLH2S6aXu07JHdeAqXnUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:21 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmJw0JBi-FB_mfUHEAvxcDQ-6dnPJtDQebCXScklKb8wPjk_ryQ1r0Q3MaVYF8QuykwqLckvQmGnloFU5OSnp2fmpccbGRiZGhgbmegZmMYXGAAAN9sj4w"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-WSLH2S6aXu07JHdeAqXnUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
td_js_sdk_171.js
api.popin.cc/ Frame ED56 		68 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.popin.cc/td_js_sdk_171.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Transfer-Encoding
chunked
X-Cache-Status
HIT from 10.252.55.25
Cache-Control
max-age=3600
Timing-Allow-Origin
*
Content-Encoding
gzip
ETag
W/"d7d7ebc58d77dc27a2c068acdf41021d"
Connection
keep-alive
Cross-Origin-Resource-Policy
cross-origin
Expires
Tue, 25 Mar 2025 23:45:21 GMT
Date
Tue, 25 Mar 2025 22:45:21 GMT
Last-Modified
Tue, 28 May 2024 09:22:02 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Server
nginx
x-amz-server-side-encryption
AES256
recommend
tw.popin.cc/popin_discovery/ Frame ED56 		691 B
895 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tw.popin.cc/popin_discovery/recommend?mode=new&url=https%3A%2F%2Freurl.cc%2FXqAx30&&device=pc&media=reurl.cc&extra=windows&agency=popinag&topn=50&ad=10&r_category=all&country=tw&redirect=true&uid=e1540bae513948e57831742978721596&info=eyJ1c2VyX3RkX29zIjoiV2luZG93cyIsInVzZXJfdGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsInVzZXJfdGRfYnJvd3NlciI6IkNocm9tZSIsInVzZXJfdGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidXNlcl90ZF9zY3JlZW4iOiIxNjAweDEyMDAiLCJ1c2VyX3RkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInVzZXJfdGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiIsInVzZXJfdGRfcmVmZXJyZXIiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInVzZXJfdGRfcGF0aCI6Ii9YcUF4MzAiLCJ1c2VyX3RkX2NoYXJzZXQiOiJ1dGYtOCIsInVzZXJfdGRfbGFuZ3VhZ2UiOiJlbi11cyIsInVzZXJfdGRfY29sb3IiOiIyNC1iaXQiLCJ1c2VyX3RkX3RpdGxlIjoiIiwidXNlcl90ZF91cmwiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInVzZXJfdGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ1c2VyX3RkX2hvc3QiOiJyZXVybC5jYyIsInVzZXJfZGV2aWNlIjoicGMiLCJ1c2VyX3RpbWUiOjE3NDI5NDI3MjE1OTcsImZydWl0X2JveF9wb3NpdGlvbiI6IiIsImZydWl0X3N0eWxlIjoiIn0=&alg=ltr&uis=%7B%22ss_fl_pp%22%3Anull%2C%22ss_yh_tag%22%3Anull%2C%22ss_pub_pp%22%3Anull%2C%22ss_im_pp%22%3Anull%2C%22ss_im_id%22%3Anull%2C%22ss_gn_pp%22%3Anull%7D&callback=_p6_9e850c2db144
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.189 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
d4e992f06b488e5d9467d634245a22e19aad7f05d825922ccd5dc40f8b0ca752

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-length
691
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
application/javascript;charset=UTF-8
server
nginx/1.13.5
cross-origin-resource-policy
cross-origin
track.js
ad.tagtoo.co/media/ad/ Frame ED56 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.tagtoo.co/media/ad/track.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.12.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
34.12.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
80279f6baf172b794e35da391ac30711c57a3276abda4280d170920df9cca9b1

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type,Access-Control-Allow-Origin
content-encoding
gzip
x-goog-hash
crc32c=wTuGGA==, md5=5ROst+pHZlGo3jXf0Ga7EA==
etag
"e513acb7ea476651a8de35dfd066bb10"
age
3311
x-goog-stored-content-encoding
gzip
expires
Wed, 09 Apr 2025 21:50:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
1810
date
Tue, 25 Mar 2025 21:50:10 GMT
last-modified
Thu, 20 Mar 2025 09:18:49 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AKDAyIsChoImTzQs5HzWxkJENDMjEH5Gsg0QwkWmPSMIKE4YOSgFsQ9_PTDNZQ0qautgL2mh
cache-control
public, max-age=1296000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1742462329152868
content-length
1810
server
UploadServer
tuec.js
uec.tagtoo.co/ Frame ED56 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uec.tagtoo.co/tuec.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.150.21 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
21.150.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-goog-metageneration
1
content-encoding
gzip
x-goog-hash
crc32c=IxwxIw==, md5=L6Ez21DNgdh7j/uHKaarNQ==
etag
"2fa133db50cd81d87b8ffb8729a6ab35"
age
1138
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
3770
date
Tue, 25 Mar 2025 22:26:23 GMT
last-modified
Tue, 12 Dec 2023 09:08:46 GMT
content-type
application/javascript
vary
Accept-Encoding
x-guploader-uploadid
AKDAyIuquopVD5x6kQ-5Qkgn8IwPqSr0KUnCucx6CDOzmH2SKcNv-IGWo14xBMAMh87pAZrHizLeg7k
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
accept-ranges
bytes
x-goog-generation
1702372126688115
content-length
3770
server
UploadServer
utag.js
t.ssp.hinet.net/ Frame ED56 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Tue, 25 Mar 2025 22:55:22 GMT
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
popin_discovery5-min.js
api.popin.cc/ Frame ED56 		156 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.popin.cc/popin_discovery5-min.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
46e977bd2e693545c10424af0ca8ae2061ce096d8e5658d997fa9ca60471e26d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Content-Encoding
gzip
ETag
W/"51910bb1cd9873a17caea8588a900e56"
x-amz-version-id
MCe3oXQalSYt2eLBNz01lVj92TQAzYxl
Expires
Tue, 25 Mar 2025 23:45:22 GMT
Date
Tue, 25 Mar 2025 22:45:22 GMT
Last-Modified
Mon, 24 Mar 2025 06:26:46 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Transfer-Encoding
chunked
X-Cache-Status
HIT from 10.252.55.26
x-amz-replication-status
PENDING
Cache-Control
max-age=3600
Timing-Allow-Origin
*
Connection
keep-alive
Cross-Origin-Resource-Policy
cross-origin
Server
nginx
x-amz-server-side-encryption
AES256
discoverylogs
log.popin.cc/log/popin_media/ Frame ED56 		66 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNCwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJsb2MiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInRkX29zIjoiV2luZG93cyIsInRkX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJ0ZF9vc192ZXJzaW9uIjoiMTAuMC4wIiwidGRfYnJvd3NlciI6IkNocm9tZSIsInRkX2Jyb3dzZXJfdmVyc2lvbiI6Ijg4LjAuNDMyNCJ9&t=1742942721599
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
"5c12092b-42"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
66
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
image/jpeg
last-modified
Thu, 13 Dec 2018 07:24:27 GMT
server
nginx/1.13.5
discoverylogs
log.popin.cc/log/popin_media/ Frame ED56 		66 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjowLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ1aWQiOiJlMTU0MGJhZTUxMzk0OGU1NzgzMTc0Mjk3ODcyMTU5NiIsInRkX3RpdGxlIjoiIiwiZXh0cmEiOiIiLCJpbnRlcmFjdGlvbl9udW1iZXIiOjAsInBvcGluX3ZlcnNpb24iOjYsInRkX29zIjoiV2luZG93cyIsInRkX29zX3ZlcnNpb24iOiIxMC4wLjAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiJ9&t=1742942721602
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
"5c12092b-42"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
66
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
image/jpeg
last-modified
Thu, 13 Dec 2018 07:24:27 GMT
server
nginx/1.13.5
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame 1FF8 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503200101/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 22:45:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
0.js
ecs.tagtoo.co/js/ Frame ED56 		201 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecs.tagtoo.co/js/0.js
Requested by
Host: ad.tagtoo.co
URL: https://ad.tagtoo.co/media/ad/track.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.218.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.218.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type, Access-Control-Allow-Origin
content-encoding
gzip
x-goog-hash
crc32c=2mAcSQ==, md5=ijKbxOP20q6Aq4WlmoGeCA==
etag
"8a329bc4e3f6d2ae80ab85a59a819e08"
age
1553
x-goog-stored-content-encoding
gzip
expires
Tue, 25 Mar 2025 23:49:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
56322
date
Tue, 25 Mar 2025 22:19:29 GMT
last-modified
Fri, 14 Feb 2025 14:16:26 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AKDAyItilbMUwNDSyTt5UlGRawXwQ1zqOJH_uMm-PIJFw25fQJ5Ue3Z9mjGLAJN-ag2pSraCkWlWY-0
cache-control
public, max-age=5400
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1739542586669957
content-length
56322
server
UploadServer
/
www.facebook.com/tr/ Frame ED56 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?eid=1742942722176&id=404012299753340&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FXqAx30&rl=https%3A%2F%2Freurl.cc%2FXqAx30&if=true&ts=1742942722175&sw=1600&sh=1200&v=2.9.44&r=stable&fbp=fb.1.1742942718764.378007176769945147&it=1742942722168&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
GOOD; q=0.7, rtt=132, rtx=0, c=29, mss=1232, tbw=12482, tp=26, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
graph.facebook.com/ Frame ED56 		226 B
340 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?ids=https%3A%2F%2Freurl.cc%2FXqAx30&callback=_p6_9e850c2ea0c8
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.71.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-shv-01-lga3.facebook.com
Software
/
Resource Hash
6134c6c59e726d019f9145dc34ec2eec12b87fc9db8f9eec4e3d7ec9fe3a863e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-fb-trace-id
HFpxvjwR5Rx
facebook-api-version
v16.0
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
text/javascript; charset=UTF-8
vary
Origin
error-mid
8e68bbe2a47c2fdfd4ab35b0ffaaab39
priority
u=3,i
x-fb-debug
r/ukEE7jitPlDLlfdaqzWYkRmGV6K0vU8AWTFvVYdY06gfinlOthYOkKBM3HxDaSycS3ohtC4qmfbTNYK85Tcw==
strict-transport-security
max-age=15552000; preload
x-fb-rev
1021244234
cache-control
no-store
x-fb-connection-quality
GOOD; q=0.7, rtt=132, rtx=0, c=24, mss=1232, tbw=8354, tp=13, tpl=0, uplat=27, ullat=0
pragma
no-cache
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-request-id
Ae0eNkuVeVsOBpVECGLrfc9
access-control-allow-origin
*
content-length
226
discoverylogs
log.popin.cc/log/popin_media/ Frame ED56 		66 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjoyLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ1aWQiOiJlMTU0MGJhZTUxMzk0OGU1NzgzMTc0Mjk3ODcyMTU5NiIsInRkX3ZlcnNpb24iOiIxLjcuMSIsInRkX2NsaWVudF9pZCI6ImQyNjkyN2VkLTZjOWMtNDE2My1iZTdlLTNmYzIyZWFiMjE4ZCIsInRkX2NoYXJzZXQiOiJ1dGYtOCIsInRkX2xhbmd1YWdlIjoiZW4tdXMiLCJ0ZF9jb2xvciI6IjI0LWJpdCIsInRkX3NjcmVlbiI6IjE2MDB4MTIwMCIsInRkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInRkX3RpdGxlIjoiIiwidGRfdXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ0ZF91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgSGVhZGxlc3NDaHJvbWUvODguMC40MzI0LjE5MCBTYWZhcmkvNTM3LjM2IiwidGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0ZF9ob3N0IjoicmV1cmwuY2MiLCJ0ZF9wYXRoIjoiL1hxQXgzMCIsInRkX3JlZmVycmVyIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfb3MiOiJXaW5kb3dzIiwidGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsImNsaWVudF9pZCI6ImQyNjkyN2VkLTZjOWMtNDE2My1iZTdlLTNmYzIyZWFiMjE4ZCIsImV4dHJhIjoiIiwiaW50ZXJhY3Rpb25fbnVtYmVyIjowLCJwb3Bpbl92ZXJzaW9uIjo2fQ==&t=1742942722210
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
"5c12092b-42"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
66
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
image/jpeg
last-modified
Thu, 13 Dec 2018 07:24:27 GMT
server
nginx/1.13.5
log.gif
r.popin.cc/ Frame ED56 		35 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.popin.cc/log.gif?type=related-tw&uid=e1540bae513948e57831742978721596&url=https%3A%2F%2Freurl.cc%2FXqAx30&t=1742942722212
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.188 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
"5d67318b-23"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
35
date
Tue, 25 Mar 2025 22:45:22 GMT
content-type
image/gif
last-modified
Thu, 29 Aug 2019 01:59:39 GMT
server
nginx
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame D4A5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
378
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 25 Mar 2025 22:39:04 GMT
expires
Tue, 25 Mar 2025 23:29:04 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame E4AC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.132 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-3vlbGLbLPVmbNR9CRCxG_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-3vlbGLbLPVmbNR9CRCxG_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Tue, 25 Mar 2025 22:45:22 GMT
expires
Tue, 25 Mar 2025 22:45:22 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 1FF8 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssVJsis_Z_PgapHM2VQDDbtAE45S53lq7JS5_RHlCzAtkhNIbh1mKEot7n5559yHOkc4wk8HLQxaaUkRPDGeAMF6Dzz9p54i3dxytJJ2HU6TIYRYKGXHnUwr-S0nvzjioVRfZsWwZB2qyZRt8gI6WMqYJ6J44vg8Kn5BPucTcPm9MI&sig=Cg0ArKJSzKVqKnhgdVPvEAE&id=lidar2&mcvt=1000&p=108,1030,358,1330&tm=1325.900001525879&tu=325.8000030517578&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1451399479&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3887552100&rst=1742942720376&rpt=1066&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 25 Mar 2025 22:45:22 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
t.ssp.hinet.net/ Frame ED56 		37 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
3fce1687d3a83cbd958c11f1421f08858d5150c877e6bafd0e1766dee46ac278
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Tue, 25 Mar 2025 22:45:23 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
view
securepubads.g.doubleclick.net/pcs/ Frame ED56 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssgIdPk1UXjZ-hrwPTXPU8s3M8GN7D3v8dVBK_TbwOaGOr1deAQ51cVp1v4tDHI5IYsDWPV5e52xHpOvlkr4xQo6qO3YczNVjZMNHPeQY0u4HGR9uYs9ZwEbEu3u7AhE-cIPEo5rGVzHBS5Z45Nx4iY0taXb38JizzH5he1AVCoYG4nGqORqbKdsc1m9_of3JyVq1pvPo6AD1gTwH9r6A6yq1rVqswV4oOlA8NbHb_0t2-YWjhUYdhYVHBNFSAuLhMPQhg9XkBlqSTzbN60Lyf-3TXy0GhBcW8Uw9bdXAbyqPJh8hRLpgRxng1NmjyNIe-dNhxvOPz5JILoVqKCqeAXoeeKfSUkR8ac9ifE1odeP7rtMh6pgizYkxeBYkkoCh0v3cFSCw-qg3lipxK6kA0k-mweJBiIdBXiUelL0GSFAQFzTzE0kFuqtre6&sai=AMfl-YSnn6zEIxJRftPPW3PHQKDHxMAX3FJhfzHcWP1D-tM5YaQwQK2lzu7Vus8qvN9MnmQX1NG74jEB88kseaEW8_c7o1MUdPW28PZ_RzOudVDNk4rldBqJM3q7rP4&sig=Cg0ArKJSzE50iV8Mnhx-EAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Tue, 25 Mar 2025 22:45:22 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Tue, 25 Mar 2025 22:45:22 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
emome2
t.ssp.hinet.net/ Frame ED56 		30 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=4280df9a-6e58-47e9-90d3-38ebff41bdeb
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Tue, 25 Mar 2025 22:45:23 GMT
content-type
application/json
vary
Accept-Encoding, Origin
server
nginx
activeview
pagead2.googlesyndication.com/pcs/ Frame ED56 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssM1ApFqL33qdvsNwOHsLLbJJ7WzLvAqhlIrskHMV8-0go5qnUEB_Puha2_t7Wj5lyC-0tEwEafLKzzk03Qd4Xsh9360AWXiX5U5rJO7URSWXBwbiPj0YAhDmuUW6jpSQ3hi7786oD9mbuoIpF1s9Mx-IExKNpnNhRQDuGQsOC6N1g&sig=Cg0ArKJSzNh-043Wr50lEAE&id=lidar2&mcvt=1000&p=108,270,358,570&tm=2835.400001525879&tu=1835.2000007629395&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=827794272&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3887552100&rst=1742942720390&rpt=2488&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 25 Mar 2025 22:45:23 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
sodar
ep1.adtrafficquality.google/pagead/ Frame 1FF8 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
creditcards.com.tw
URL
https://creditcards.com.tw/wp-content/uploads/2020/10/%E5%8F%B0%E7%81%A3-Pay-%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6%E8%88%87%E6%8C%87%E5%AE%9A%E9%80%9A%E8%B7%AF%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4-1080x630.jpg?crop=1
Domain
blog.alphaloan.co
URL
https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20250324&jk=1871165626744034&bg=!pKelp-jNAAaCZO-FomQ7ADQBe5WfOJSOpkUfpoo4QIPscwTHz21n3L3GRq0qcXRsnzVqr-jJwR2UbSH7PwbLid-m-2KrAgAAAFdSAAAABGgBB34ANazi9DBFvBLCH85-fy-4we4iIauIDtJfxnuczG1y3AmXuZjijUt9jxU05jfhqp9PDi6JzucxCgBn7VpL9YgANkN5iUqawZbJy-A55cbX6GT2xLCNoINnC8CeSC8wiDpIq7rDUMUyN3sKsiwk-Rqt8CFjdMqpHClTnoehq4I6q7bGa7AGkpdkLxB9dvPYjHk202XQiTODPX56PZitc6e0dpkCpi9X5cV3aCw25K9DyxAhSwBw-QXiswUe2ALTW4B80I2ARIUItoa3IP7xL9RmpXtdvfgbO_9KUpLraPalXNWOdl6wSi0F1IQPGrJ3vDg2ha5KQb8yKjCCzZicWNkXsbBFDcB5Npalgc8jiJVqbz2wVtjSG5Aosv65UCIp1G68oZbF804ymsjCIgU9hC-hc9HaOIUP2AcRPFBOxiToyaz3sUvWtJbmavZU8bOA60NdDjlvg9OolUxK6PRUFODNnPyCkU3YEuBtafl4qehFfhULNrNRNFQRDxAG7URvXKsXhgkmTAzbvlKvH2wazSb3yY1UbaCJFt7LZKzl3KMd-Soak3w8n-eYyhHiIiwdKRgcC6kHMLSP1pmK7JxtCen9Jz4QX_LHZ6Jn-7wYzi8kyulDaLtB3jKxknoto8MoL0w18L5Iu2j-kkrkEjvwd3igaLSAlfkwjsxgISNIzKI8yS59MJIK75oRREcHndULzNgPhYf8DGN-13bd10W1mdRTDVBEgtHOxeJ_bdRnxPN06_6eJ-C0B5QE4mvM8PqFiLFziiIkkdCkK4Xh_0utXurhAxW33qTQNqoZqh_VTd90QqUAUF6L6mpVWFMZDIQR-3WpOKUSMU49ZoWSAiVo72bcf3ohP2kPn4ClWetc0f17gRCPYtsMf_jIH2buRphCuao-sM-C5lFr12TxxsZGwf00nREsyTt5Opj0DW1h54zy7pH5Ongi90OLD63n9--Yp4hqVa8a-yJtFyM0gNuSGIjSHrF8_vI2m1n-Oo13GS0Xl-pfFFTU259-Nt_sH3u9qvh6sC2ST20CoCyIP0viJ24OY_q2KYy81-jw3F6rYIy1G-teveoIysLB76iYStMe6f6ypTjzjpTL7J0ZdY6M7_nh4WoMJ2bJr2co4Q

Verdicts & Comments Add Verdict or Comment

221 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 function| gtag object| dataLayer object| gnshbrequest object| googletag function| custom_call_ND object| ONEAD_TEXT object| ONEAD_text_pubs function| ONEAD_text_response object| ONEAD_TEXT_INFO function| ONEAD_text_response_2qf4e function| text_etag_callback_2qf4e function| custom_call_MIR object| _ONEAD object| ONEAD_pubs function| fbq function| _fbq string| labelToken string| category string| GoogleAnalyticsObject function| ga function| Vue object| renews function| getRenewsFeeds object| app object| ggeac object| google_tag_data object| google_js_reporting_queue boolean| gn_wrapper_executed object| gn_wrapper_queue object| gnpb string| gn_pvid string| gn_native_template object| __gn_config boolean| gnslibincluded boolean| __gnpb_analytics number| __gn_prebid_sampling_rate number| gn_aladdin_vendor_id number| gn_beacon_rate object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| onYouTubeIframeAPIReady object| google_reactive_ads_global_state object| YJ_YADS function| getGnshbrequestSlots object| gecptparams object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| YTk3NmUzMjkyZTQyZjBlNWxvYWRlcl9qcw== string| YTk3NmUzMjkyZTQyZjBlNWNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| google_tag_topics_state number| google_unique_id object| YAHOO function| YadsTimelineManager function| yadsTimelinePoolAds object| YJ_UADF function| gAdController function| yadsDispatchDeliverProduct function| yadsRenderAd_v2 object| yadsInnerFuncs function| yadsRequestAsync object| regeneratorRuntime object| ox_esp object| _33across function| lotameIsCompatible function| sync16589_aa function| sync16589_c function| sync16589_f object| sync16589_h function| sync16589_ca function| sync16589_j function| sync16589_da object| sync16589_ object| sync16589_ia object| sync16589_ja object| sync16589_s object| sync16589_wa function| sync16589_a function| sync16589_b function| sync16589_g function| sync16589_i function| sync16589_k function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_q function| sync16589_r function| sync16589_fa function| sync16589_ea function| sync16589_ga function| sync16589_ha function| sync16589_t function| sync16589_v function| sync16589_w function| sync16589_x function| sync16589_ka function| sync16589_la function| sync16589_y function| sync16589_ma function| sync16589_z function| sync16589_A function| sync16589_u function| sync16589_C function| sync16589_na function| sync16589_oa function| sync16589_pa function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_qa function| sync16589_G function| sync16589_H function| sync16589_I function| sync16589_K function| sync16589_M function| sync16589_L function| sync16589_N function| sync16589_O function| sync16589_J function| sync16589_ra function| sync16589_sa function| sync16589_ta function| sync16589_ua function| sync16589_va function| sync16589_P function| sync16589_Q function| sync16589_xa function| sync16589_R function| sync16589_ya function| sync16589_za function| sync16589_Aa function| sync16589_S function| sync16589_Ba function| sync16589_Ca function| sync16589_Da function| sync16589_Ea function| sync16589_T function| sync16589_Fa function| sync16589_U function| sync16589_V function| sync16589_W function| sync16589_X function| sync16589_Ga function| sync16589_Y function| sync16589_Z function| sync16589__ function| sync16589_0 function| sync16589_1 function| sync16589_2 function| sync16589_Ha function| sync16589_3 function| sync16589_Ja function| sync16589_Ia function| sync16589_4 function| sync16589_La function| sync16589_Ma function| sync16589_Ka function| sync16589_Na function| sync16589_Qa function| sync16589_Pa function| sync16589_Oa function| sync16589_Sa function| sync16589_Ua function| sync16589_Ra function| sync16589_6 function| sync16589_Ta function| sync16589_Xa function| sync16589_Wa function| sync16589_Va function| sync16589_7 function| sync16589_5 function| sync16589_8 function| sync16589_Ya function| sync16589_Za function| sync16589__a function| sync16589_0a function| sync16589_9 function| sync16589_1a function| sync16589_$ function| sync16589_2a function| sync16589_3a function| sync16589_4a object| lotame_sync_16589 object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_159 object| Criteo object| Criteo_identitytag_159 boolean| a917d99c-c6a3-4c03-a2e9-5961c5308524 number| __google_lidar_ function| __google_lidar_radf_ boolean| googFloatingToolbarManagerAsyncPositionUpdate object| google_ad_modifications number| google_global_correlator object| google_prev_clients

46 Cookies

Domain/Path Name / Value
onead.onevision.com.tw/ Name: onevision_guid
Value: d37a58a8-09ca-11f0-a73e-0242ac120002
onead.onevision.com.tw/ Name: oid
Value: d37a589d-09ca-11f0-a73e-0242ac120002
reurl.cc/ Name: oid
Value: %257B%2522oid%2522%253A%2522d37a58a8-09ca-11f0-a73e-0242ac120002%2522%252C%2522ts%2522%253A-62135596800%252C%2522v%2522%253A%252220201117%2522%257D
.reurl.cc/ Name: _gid
Value: GA1.2.1893893300.1742942719
.reurl.cc/ Name: _gat
Value: 1
.reurl.cc/ Name: _fbp
Value: fb.1.1742942718764.378007176769945147
.reurl.cc/ Name: _ga_ZDFZCDVDK1
Value: GS1.1.1742942719.1.0.1742942719.0.0.0
.reurl.cc/ Name: _ga
Value: GA1.1.804779731.1742942719
.adsrvr.org/ Name: TDID
Value: 5ebdc6ec-2245-4e8d-8027-ae36850b5432
.prnasia.com/ Name: __cf_bm
Value: LY6UFArnAOSdFnxr.Rn7sfVT4_Ns3FgSBv2TGJq7New-1742942719-1.0.1.1-CeHJZsxC_QF9w8LvI0I1vwlq.Of40fz2Ba37lpls3tr1PWEB1Kbh3t7uoid4cyQ6JnyF.Ie.ggLnwGULpnPv_kPMrY3KuwWUlOP.6oDC6GM
.reurl.cc/ Name: _ga_N394QBRGC0
Value: GS1.1.1742942719.1.0.1742942719.60.0.0
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwiWpYCyrv71PRAFOAE.
.eyeota.net/ Name: mako_uid
Value: 195cf7b4d20-26d20000010a412c
.eyeota.net/ Name: SERVERID
Value: 16684~DM
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: d59cb0ddf44607c2b3416d6da61c6ec2
.yahoo.com/ Name: A3
Value: d=AQABBP8x42cCEOl7L5GlOSTs-6efOFa4fb8FEgEBAQGD5GftZ9wr0iMA_eMAAA&S=AQAAAjFWdRIpkpfvGYMwsz-H1RU
.analytics.yahoo.com/ Name: IDSYNC
Value: 19d3~2o9a
.doubleclick.net/ Name: IDE
Value: AHWqTUnQqBJMXohboaPgCZvhSrdeAae0YEzxJXZpM8LV_5nRZPLMPf0Y2-z4jEwOf3c
.reurl.cc/ Name: __gads
Value: ID=27d3876ed00e37ee:T=1742942720:RT=1742942720:S=ALNI_MZ-PNz_64p2MYKkwhd2tv6T2JH24g
.reurl.cc/ Name: __gpi
Value: UID=0000100146a1c8a8:T=1742942720:RT=1742942720:S=ALNI_MbcJaa_h43dNtJsZk9qTXITg6R5Lg
.reurl.cc/ Name: __eoi
Value: ID=2693bb9388daf00b:T=1742942720:RT=1742942720:S=AA-AfjYli3M9cJQGKs7ilA99eoPJ
.reurl.cc/ Name: _cc_id
Value: d59cb0ddf44607c2b3416d6da61c6ec2
.reurl.cc/ Name: panoramaId_expiry
Value: 1743029120523
.reurl.cc/ Name: panoramaId
Value: ee8737eb30c0442bdf9c222f98a6a9fb927a3dba90ddd849517ad88c723f2134
.reurl.cc/ Name: panoramaIdType
Value: panoDevice
.criteo.com/ Name: uid
Value: 83bf9b82-9363-4968-8cdb-f2f2e37bfe63
.reurl.cc/ Name: FCNEC
Value: %5B%5B%22AKsRol8EPe93waI8YrnPAGMEbZp109sOOnBPSrJbVEwE9ChyisIJh4J4bhIY0Sfmr1xhbrYlpPtbBLthyGkV-LDLQ9cr8kGj2VZ644J6LLDqVeDLY1Cco3u3ssPGMc7pdVoQCTJFOtEokKwdk3F28tdT8JmrWjxq5A%3D%3D%22%5D%5D
.reurl.cc/ Name: _ss_pp_id
Value: e1540bae513948e57831742978721596
.reurl.cc/ Name: CFFPCKUUID
Value: 8514-0jON58gcgNSGMKpT6TfhuD578JXHGDXH
.holmesmind.com/ Name: P
Value: 391202-rdjSojgnMYnFpefrQ9jfzpo9YDc3Jg0A
.holmesmind.com/ Name: Vision
Value: 20250326-23:59,20250326-09,20250326-09,20250326-23:59
.holmesmind.com/ Name: C
Value: null
.holmesmind.com/ Name: RK
Value: null
.holmesmind.com/ Name: test_cookie
Value: CheckForPermission
.reurl.cc/ Name: ISMD5VERSION
Value: 1
.reurl.cc/ Name: FPUUID
Value: 1042-a3f6feec0ebd3892eb7b6e7554bd7053
.holmesmind.com/ Name: fcm
Value: 1
.reurl.cc/ Name: _td
Value: d26927ed-6c9c-4163-be7e-3fc22eab218d
.reurl.cc/ Name: _tg_csi
Value: 1
.popin.cc/ Name: uid
Value: e1540bae513948e57831742978721596
.lndata.com/ Name: admckid
Value: 2503260645221985517
track.91app.io/ Name: deviceid
Value: e541f62f-e12b-47d1-8e31-060488e559a6
.hinet.net/ Name: uuid
Value: 4280df9a-6e58-47e9-90d3-38ebff41bdeb
.reurl.cc/ Name: __htid
Value: 4280df9a-6e58-47e9-90d3-38ebff41bdeb
.reurl.cc/ Name: _ht_em
Value: 1

2 Console Messages

Source Level URL
Text
rendering warning URL: https://reurl.cc/XqAx30(Line 76)
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0B01C00DC3E0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
Message:
Failed to load resource: net::ERR_CONNECTION_REFUSED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

626729f0fde5fa5aef7b37ca1f83ed81.safeframe.googlesyndication.com
ad-specs.guoshipartners.com
ad.holmesmind.com
ad.tagtoo.co
adx.holmesmind.com
analytics.google.com
api.popin.cc
bcp.crwdcntrl.net
blog.alphaloan.co
cdn-ima.33across.com
cdn.holmesmind.com
cdn.jsdelivr.net
cms.analytics.yahoo.com
connect.facebook.net
cpt.geniee.jp
creditcards.com.tw
ecs.tagtoo.co
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
graph.facebook.com
gum.criteo.com
img.gbyhn.com.tw
img.racingcharger.tw
invstatic101.creativecdn.com
log.popin.cc
match.adsrvr.org
mma.prnasia.com
oa.openxcdn.net
onead.onevision.com.tw
pagead2.googlesyndication.com
ps.eyeota.net
r.popin.cc
re-news.tw
reurl.cc
s.w.org
securepubads.g.doubleclick.net
static.criteo.net
static.wixstatic.com
stats.g.doubleclick.net
storage.reurl.cc
t.ssp.hinet.net
tags.crwdcntrl.net
td.doubleclick.net
trc.taboola.com
tw.popin.cc
uec.tagtoo.co
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
yads.c.yimg.jp
blog.alphaloan.co
creditcards.com.tw
ep1.adtrafficquality.google
103.1.220.9
104.18.28.101
107.178.241.176
108.138.128.28
119.63.193.220
119.63.198.143
119.63.198.188
119.63.198.189
142.250.176.194
142.250.65.174
142.250.80.34
142.250.81.225
142.250.81.226
142.250.81.238
142.251.40.130
142.251.40.132
15.197.193.217
157.240.241.35
168.95.246.2
172.67.150.31
183.79.219.252
192.0.77.48
2001:4998:1c:800::1001
203.137.133.154
203.75.214.136
2600:9000:211c:ca00:1e:5c56:d400:93a1
2600:9000:247b:6e00:0:e06c:e940:93a1
2600:9000:247b:8800:0:e06c:e940:93a1
2600:9000:247b:fa00:0:e06c:e940:93a1
2606:4700::6812:60e1
2607:f8b0:4004:c19::9d
2607:f8b0:4006:80a::2008
2607:f8b0:4006:817::200e
2607:f8b0:4006:81d::2001
2607:f8b0:4006:81d::2002
2607:f8b0:4006:823::200e
2620:100:a00b::12
2620:100:a00b::30
2a04:4e42:200::300
2a04:4e42::485
3.233.22.19
31.13.71.1
31.13.71.7
34.102.146.192
34.102.218.41
34.107.150.21
34.111.12.34
34.149.98.30
34.160.26.175
34.96.70.87
35.185.130.121
54.178.103.138
98.84.75.39
0093087eabbc54738b9d84e826eebe06b97482a362feecee306a4e3c23b7e72a
00bc01a13e6b20f23dcb452f926605c77f253da235ae64f0c4f4061efd0cf6ad
04df675f4ee9d89656a13870784e32956695799c6c79e628a747d6a2f4af2bd1
0614ad45d47a5da6d9880c2e175c88526cd223c16d2121e48bab3a9e1121f55d
0a6880ff1f9fe45313c723efcd693af8603952003402aead17850beb138e08b3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c310205ab2dbf30ae9b8a24ee1359f493e1bf5c982c124e42af22b759ac07ce
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2
13b3fea42a999bd1edc7815ad83b8529ad25262807607a54101486b76d2a39a0
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f
2ffaecbab80e8a8e995e00e6540c6987eccf2d7e691f39973466c2b2d70ff728
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
30b32e97f2e3e06deb742bf2e19daeb4f4657a956e836c2a25a7df2bc72f7500
3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3
3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
366981711984dae1cc6edd14926c661e75f433a963e299435dab3fade5b01672
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
3fce1687d3a83cbd958c11f1421f08858d5150c877e6bafd0e1766dee46ac278
43a71fb6e8f61126f7dfb3fe8a1a01eba8cfbff5cd7d681bba0e62f64ad924c7
46e977bd2e693545c10424af0ca8ae2061ce096d8e5658d997fa9ca60471e26d
46f9a79c3e96688a7551981a9d5c6791c19f9d91269d4ef1ffaf2045d4eebb9b
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
5404d9af6d898dd5e915beef38d2b6183982e39a557694e0821cf17139760509
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd
5d867055bfb6c0bbd33aeb9e6c3dfe39ac73337bcf4babac0cfa2276a2b98369
5fd6d2f384862570e971ac439548a7b52ca9c17ce3344566ede8b0a1d4b24d8a
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6101005619b1d8a0e6d234dc41330613febb164b982205854bf7416cff6d43fd
6134c6c59e726d019f9145dc34ec2eec12b87fc9db8f9eec4e3d7ec9fe3a863e
62df9552f522742e671b35e353bff19aebd47f2ee577d9404a934c71a5af101f
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e
698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b
72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517
7c3ceff73cfe5e875c549a01defbdc769b76db59cba1d8cdb4332e9aae3f629b
80279f6baf172b794e35da391ac30711c57a3276abda4280d170920df9cca9b1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624
8aad7f034c2e39ee145189b327d6b1df64240486e08c7eba41d399e7e72797a6
939f850eddbfd8b31dacd72b3ae982a463be8381e01f515eab2992be6340383c
95634eb651772e9ecc489c8a2e12cccb71cd06089ae3f03f8dab3654ce669c8c
9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3
9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf
9e18d3dae56f9ee36ed324c49ab8a87729fd3ff4dac97380b16629155a6d1ea5
a0ce2a355a601b85855df74804fb2d7e7490661f36a36f2868e693f37abcc79f
a6d4317cafb10dd29ce8b3157c1bcf46a4ffc68543efbb9186090aa0252b99af
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22
bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa
c878ae706fa2478cd7a60e16d04155ece7fe8dadaeaa99f14af9bddf0b0e7fef
c8e9318c3c4d4267ff19a29ff8e36700e7e2b9de1dc992191a6e7157c4b97924
cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1
d4e992f06b488e5d9467d634245a22e19aad7f05d825922ccd5dc40f8b0ca752
d77ab0a4a569cf9b0f51252793eedcb39deb36adebdeeae0120da9bbf5750b0e
da0b229074ed616433a50ef15781237ab26bdeb694b40219de68ad1a3050110b
dbec5a35c91c2309e503947a91174fdb288e3d842805e550cc505bf8b6173f5e
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df95786ec646501005f649bb791b948fde2ae66a7ab9a81342cf262a0949ffa1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d35ac9e9b5434ed65654b99f1a486c403b06a1eae26823aa428afdcb974cc3
e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
eaafcf4275fdf4a0fde224f48b5166459893a990b9513c40a86757a6ade2d801
ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6d92b76a76bf2df5bbc0bda62406018a68ff43cba8531923d60297d48ffe367
f8d50a9eef0d09407a2d604332fe0f601736cd30f92488db151a0f82e4b349f1
fcf4b958769eb294a5743dffac9b9def998a568b1126f9ca3d270c9cc67268d3
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99