urlscan.io logo urlscan.io
SecurityTrails logo

reurl.cc Open in urlscan Pro
35.185.130.121  Public Scan

Go To Rescan Add Verdict Report
URL: https://reurl.cc/XqAx30
Submission: On March 26 via api from JP — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 57 IPs in 6 countries across 40 domains to perform 301 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 200657.
TLS certificate: Issued by R11 on March 14th 2025. Valid for: 3 months.
This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 35.185.130.121 396982 (GOOGLE-CL...)
2 2a04:4e42::485 54113 (FASTLY)
5 34.149.98.30 396982 (GOOGLE-CL...)
1 151.101.1.55 54113 (FASTLY)
2 2607:f8b0:400... 15169 (GOOGLE)
38 2607:f8b0:400... 15169 (GOOGLE)
3 203.137.133.152 4694 (IDCF IDC ...)
2 168.95.246.1 131660 (CHTCDN Da...)
2 2a03:2880:f00... 32934 (FACEBOOK)
5 2607:f8b0:400... 15169 (GOOGLE)
4 2a03:2880:f10... 32934 (FACEBOOK)
10 2607:f8b0:400... 15169 (GOOGLE)
1 182.22.31.124 23816 (YAHOO Yah...)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 34.96.70.87 396982 (GOOGLE-CL...)
16 2620:100:a00b... 19750 (AS-CRITEO)
1 104.18.28.101 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
5 107.178.241.176 396982 (GOOGLE-CL...)
2 34.160.26.175 396982 (GOOGLE-CL...)
1 2620:100:a00b... 19750 (AS-CRITEO)
3 119.63.193.220 38627 (BAIDUJP B...)
31 2607:f8b0:400... 15169 (GOOGLE)
44 2600:9000:247... 16509 (AMAZON-02)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 192.0.78.24 2635 (AUTOMATTIC)
1 103.1.220.9 131149 (YUANJHEN-...)
1 192.0.77.48 2635 (AUTOMATTIC)
1 2600:9000:211... 16509 (AMAZON-02)
6 2600:9000:247... 16509 (AMAZON-02)
3 3 2001:4998:14:... 14777 (YAHOO)
2 2 34.204.120.14 14618 (AMAZON-AES)
2 2 3.33.220.150 16509 (AMAZON-02)
1 2 34.197.192.192 14618 (AMAZON-AES)
1 2a04:4e42::300 54113 (FASTLY)
9 54.178.103.138 16509 (AMAZON-02)
1 2 2607:f8b0:400... 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
10 2607:f8b0:400... 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
1 119.63.198.189 38627 (BAIDUJP B...)
1 34.111.12.34 396982 (GOOGLE-CL...)
1 34.107.150.21 396982 (GOOGLE-CL...)
17 203.75.214.136 3462 (HINET Dat...)
3 119.63.198.143 38627 (BAIDUJP B...)
4 103.132.192.30 138552 (RTBHOUSE-...)
8 16 35.190.36.98 15169 (GOOGLE)
8 8 172.105.221.29 63949 (AKAMAI-LI...)
4 210.59.219.34 3462 (HINET Dat...)
10 2620:100:a00b::5 19750 (AS-CRITEO)
1 34.102.218.41 396982 (GOOGLE-CL...)
1 119.63.198.188 38627 (BAIDUJP B...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2600:141b:1c0... 20940 (AKAMAI-AS...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... ()
301 57
1    35.185.130.121 (Taipei, Taiwan)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com
reurl.cc
2    2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
5    34.149.98.30 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 30.98.149.34.bc.googleusercontent.com
storage.reurl.cc
1    151.101.1.55 (San Francisco, United States)

ASN54113 (FASTLY, US)
anymind360.com
2    2607:f8b0:4006:81d::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
38    2607:f8b0:4006:808::2002 (United States)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
3    203.137.133.152 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)
cpt.geniee.jp
2    168.95.246.1 (Los Angeles, United States)

ASN131660 (CHTCDN Data Communication Business Group, TW)
PTR: 168-95-246-1.hinet-ip.hinet.net
ad-specs.guoshipartners.com
2    2a03:2880:f00e:13:face:b00c:0:3 (Toronto, Canada)

ASN32934 (FACEBOOK, US)
connect.facebook.net
5    2607:f8b0:4006:80e::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2a03:2880:f10e:83:face:b00c:0:25de (Toronto, Canada)

ASN32934 (FACEBOOK, US)
www.facebook.com
10    2607:f8b0:4006:80a::200e (United States)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    182.22.31.124 (Japan)

ASN23816 (YAHOO Yahoo Japan Corporation, JP)
yads.c.yimg.jp
2    2607:f8b0:4006:80c::200e (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    2607:f8b0:4004:c17::9b (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2607:f8b0:4006:817::2002 (United States)

ASN15169 (GOOGLE, US)
td.doubleclick.net
1    34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com
oa.openxcdn.net
1    34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com
invstatic101.creativecdn.com
16    2620:100:a00b::30 (United States)

ASN19750 (AS-CRITEO, US)
static.criteo.net
1    104.18.28.101 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn-ima.33across.com
1    2607:f8b0:4006:816::2001 (United States)

ASN15169 (GOOGLE, US)
a7393592d38620db98c8f66efce41717.safeframe.googlesyndication.com
5    107.178.241.176 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.241.178.107.bc.googleusercontent.com
onead.onevision.com.tw
2    34.160.26.175 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 175.26.160.34.bc.googleusercontent.com
re-news.tw
1    2620:100:a00b::12 (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
3    119.63.193.220 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
api.popin.cc
31    2607:f8b0:4006:80c::2002 (United States)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
44    2600:9000:247b:f800:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.holmesmind.com
1    2606:4700:3034::ac43:961f (United States)

ASN13335 (CLOUDFLARENET, US)
img.gbyhn.com.tw
1    2606:4700::6812:60e1 (United States)

ASN13335 (CLOUDFLARENET, US)
mma.prnasia.com
1    192.0.78.24 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
creditcards.com.tw
1    103.1.220.9 (Taiwan)

ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW)
PTR: ph2.g-dns.com
img.racingcharger.tw
1    192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org
s.w.org
1    2600:9000:211c:5600:1e:5c56:d400:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.wixstatic.com
6    2600:9000:247b:a000:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.holmesmind.com
adx.holmesmind.com
3    2001:4998:14:800::1000 (United States)

ASN14777 (YAHOO, US)
cms.analytics.yahoo.com
ups.analytics.yahoo.com
2    34.204.120.14 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-120-14.compute-1.amazonaws.com
bcp.crwdcntrl.net
2    3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
2    34.197.192.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-192-192.compute-1.amazonaws.com
ps.eyeota.net
1    2a04:4e42::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
9    54.178.103.138 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
ad.holmesmind.com
2    2607:f8b0:4006:80b::2002 (United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
5    2607:f8b0:4006:80f::2002 (United States)

ASN15169 (GOOGLE, US)
ep1.adtrafficquality.google
10    2607:f8b0:4006:80e::2001 (United States)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google
5    2607:f8b0:4006:821::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
1    119.63.198.189 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
tw.popin.cc
1    34.111.12.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.12.111.34.bc.googleusercontent.com
ad.tagtoo.co
1    34.107.150.21 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 21.150.107.34.bc.googleusercontent.com
uec.tagtoo.co
17    203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net
t.ssp.hinet.net
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net
3    119.63.198.143 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
log.popin.cc
4    103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net
prebid-asia.creativecdn.com
16    35.190.36.98 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 98.36.190.35.bc.googleusercontent.com
ad2.apx.appier.net
8    172.105.221.29 (Tokyo, Japan)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1875-29.members.linode.com
gocm.c.appier.net
4    210.59.219.34 (Taichung City, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 210-59-219-34.hinet-ip.hinet.net
prebid.scupio.com
10    2620:100:a00b::5 (United States)

ASN19750 (AS-CRITEO, US)
bidder.criteo.com
1    34.102.218.41 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 41.218.102.34.bc.googleusercontent.com
ecs.tagtoo.co
1    119.63.198.188 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)
r.popin.cc
1    2607:f8b0:4006:817::2001 (United States)

ASN15169 (GOOGLE, US)
384abc650096ad08a42011c65298f066.safeframe.googlesyndication.com
1    2600:141b:1c00:41::17db:2464 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
cdn.forms.office.net
1    2607:f8b0:4006:809::2001 (United States)

ASN15169 (GOOGLE, US)
5f708138ab692b83bdfd3dee094b1421.safeframe.googlesyndication.com
1    2607:f8b0:4006:820::2001 (None, )

ASN- ()
666a803caa4998daebc267a5c9c00760.safeframe.googlesyndication.com
Apex Domain
Subdomains		 Transfer
59 holmesmind.com
cdn.holmesmind.com — Cisco Umbrella Rank: 144812
ad.holmesmind.com — Cisco Umbrella Rank: 113263
adx.holmesmind.com
93 KB
42 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 289
stats.g.doubleclick.net — Cisco Umbrella Rank: 284
td.doubleclick.net — Cisco Umbrella Rank: 327
googleads.g.doubleclick.net — Cisco Umbrella Rank: 70
268 KB
35 googlesyndication.com
a7393592d38620db98c8f66efce41717.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 157
384abc650096ad08a42011c65298f066.safeframe.googlesyndication.com
5f708138ab692b83bdfd3dee094b1421.safeframe.googlesyndication.com
03645f1727afbb47e4365cdc87f1dd1b.safeframe.googlesyndication.com Failed
666a803caa4998daebc267a5c9c00760.safeframe.googlesyndication.com
380 KB
24 appier.net
ad2.apx.appier.net — Cisco Umbrella Rank: 115896
gocm.c.appier.net — Cisco Umbrella Rank: 5598
6 KB
17 hinet.net
t.ssp.hinet.net — Cisco Umbrella Rank: 92735
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net
5 KB
17 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 649
analytics.google.com — Cisco Umbrella Rank: 253
www.google.com — Cisco Umbrella Rank: 10
72 KB
16 criteo.net
static.criteo.net — Cisco Umbrella Rank: 1135
56 KB
15 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 512
ep2.adtrafficquality.google — Cisco Umbrella Rank: 514
72 KB
11 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 610
bidder.criteo.com — Cisco Umbrella Rank: 1746
2 KB
8 popin.cc
api.popin.cc — Cisco Umbrella Rank: 22807
tw.popin.cc — Cisco Umbrella Rank: 125846
log.popin.cc — Cisco Umbrella Rank: 93722
r.popin.cc — Cisco Umbrella Rank: 102226
97 KB
6 reurl.cc
reurl.cc — Cisco Umbrella Rank: 200657
storage.reurl.cc — Cisco Umbrella Rank: 279374
7 KB
5 onevision.com.tw
onead.onevision.com.tw — Cisco Umbrella Rank: 153929
2 KB
5 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 3260
prebid-asia.creativecdn.com — Cisco Umbrella Rank: 20685
4 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 116
22 KB
4 scupio.com
prebid.scupio.com — Cisco Umbrella Rank: 143006
9 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 129
229 B
3 tagtoo.co
ad.tagtoo.co — Cisco Umbrella Rank: 167837
uec.tagtoo.co — Cisco Umbrella Rank: 130520
ecs.tagtoo.co — Cisco Umbrella Rank: 121351
62 KB
3 yahoo.com
cms.analytics.yahoo.com — Cisco Umbrella Rank: 3132
ups.analytics.yahoo.com — Cisco Umbrella Rank: 830
933 B
3 geniee.jp
cpt.geniee.jp — Cisco Umbrella Rank: 35259
70 KB
2 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1557
2 KB
2 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 564
1 KB
2 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1587
730 B
2 re-news.tw
re-news.tw
31 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 255
80 KB
2 guoshipartners.com
ad-specs.guoshipartners.com — Cisco Umbrella Rank: 181880
24 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 107
264 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 427
58 KB
1 office.net
cdn.forms.office.net — Cisco Umbrella Rank: 24956
5 KB
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 1016
189 B
1 wixstatic.com
static.wixstatic.com — Cisco Umbrella Rank: 8835
1011 KB
1 w.org
s.w.org — Cisco Umbrella Rank: 7227
731 B
1 racingcharger.tw
img.racingcharger.tw
152 KB
1 creditcards.com.tw
creditcards.com.tw
65 KB
1 prnasia.com
mma.prnasia.com
63 KB
1 gbyhn.com.tw
img.gbyhn.com.tw
94 KB
1 33across.com
cdn-ima.33across.com — Cisco Umbrella Rank: 1907
7 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 3358
8 KB
1 yimg.jp
yads.c.yimg.jp — Cisco Umbrella Rank: 31472
58 KB
1 anymind360.com
anymind360.com — Cisco Umbrella Rank: 15232
46 KB
0 alphaloan.co Failed
blog.alphaloan.co Failed
301 40
Domain Requested by
49 cdn.holmesmind.com securepubads.g.doubleclick.net
cdn.holmesmind.com
ad.holmesmind.com
38 securepubads.g.doubleclick.net reurl.cc
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
31 pagead2.googlesyndication.com securepubads.g.doubleclick.net
pagead2.googlesyndication.com
16 ad2.apx.appier.net 8 redirects reurl.cc
cdn.holmesmind.com
16 static.criteo.net securepubads.g.doubleclick.net
cdn.holmesmind.com
reurl.cc
static.criteo.net
13 t.ssp.hinet.net api.popin.cc
cdn.holmesmind.com
t.ssp.hinet.net
10 bidder.criteo.com static.criteo.net
10 ep2.adtrafficquality.google pagead2.googlesyndication.com
ep2.adtrafficquality.google
securepubads.g.doubleclick.net
10 fundingchoicesmessages.google.com securepubads.g.doubleclick.net
9 ad.holmesmind.com cdn.holmesmind.com
8 gocm.c.appier.net 8 redirects
5 www.google.com ep2.adtrafficquality.google
5 ep1.adtrafficquality.google pagead2.googlesyndication.com
reurl.cc
securepubads.g.doubleclick.net
5 onead.onevision.com.tw ad-specs.guoshipartners.com
reurl.cc
5 www.google-analytics.com storage.reurl.cc
www.google-analytics.com
reurl.cc
www.googletagmanager.com
5 storage.reurl.cc reurl.cc
4 f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net reurl.cc
4 prebid.scupio.com cdn.holmesmind.com
4 prebid-asia.creativecdn.com cdn.holmesmind.com
4 www.facebook.com reurl.cc
3 log.popin.cc reurl.cc
3 api.popin.cc reurl.cc
api.popin.cc
3 cpt.geniee.jp reurl.cc
cpt.geniee.jp
2 googleads.g.doubleclick.net 1 redirects pagead2.googlesyndication.com
2 ps.eyeota.net 1 redirects reurl.cc
2 match.adsrvr.org 2 redirects
2 bcp.crwdcntrl.net 2 redirects
2 ups.analytics.yahoo.com 2 redirects
2 re-news.tw storage.reurl.cc
reurl.cc
2 analytics.google.com www.googletagmanager.com
2 connect.facebook.net storage.reurl.cc
connect.facebook.net
2 ad-specs.guoshipartners.com reurl.cc
2 www.googletagmanager.com reurl.cc
2 cdn.jsdelivr.net reurl.cc
1 666a803caa4998daebc267a5c9c00760.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 5f708138ab692b83bdfd3dee094b1421.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 cdn.forms.office.net
1 384abc650096ad08a42011c65298f066.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 r.popin.cc reurl.cc
1 ecs.tagtoo.co ad.tagtoo.co
1 uec.tagtoo.co api.popin.cc
1 ad.tagtoo.co api.popin.cc
1 tw.popin.cc api.popin.cc
1 adx.holmesmind.com pagead2.googlesyndication.com
1 trc.taboola.com reurl.cc
1 cms.analytics.yahoo.com 1 redirects
1 static.wixstatic.com reurl.cc
1 s.w.org reurl.cc
1 img.racingcharger.tw reurl.cc
1 creditcards.com.tw reurl.cc
1 mma.prnasia.com reurl.cc
1 img.gbyhn.com.tw reurl.cc
1 gum.criteo.com static.criteo.net
1 a7393592d38620db98c8f66efce41717.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 cdn-ima.33across.com securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 td.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 yads.c.yimg.jp cpt.geniee.jp
1 anymind360.com reurl.cc
1 reurl.cc
0 03645f1727afbb47e4365cdc87f1dd1b.safeframe.googlesyndication.com Failed securepubads.g.doubleclick.net
0 blog.alphaloan.co Failed reurl.cc
301 64

This site contains links to these domains. Also see Links.

Domain
re-news.tw
youtils.cc
www.comptw.com
stockinfo.tw
Subject Issuer Validity Valid
reurl.cc
R11		 2025-03-14 -
2025-06-12		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
storage.reurl.cc
WR3		 2025-03-14 -
2025-06-12		 3 months crt.sh
anymind360.com
R10		 2025-02-15 -
2025-05-16		 3 months crt.sh
*.google-analytics.com
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
*.g.doubleclick.net
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
*.geniee.jp
GeoTrust TLS RSA CA G1		 2024-07-30 -
2025-08-30		 a year crt.sh
ad-specs.guoshipartners.com
Go Daddy Secure Certificate Authority - G2		 2025-01-08 -
2026-01-21		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2025-01-02 -
2025-04-02		 3 months crt.sh
*.google.com
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
edge01.yahoo.co.jp
Cybertrust Japan SureServer CA G4		 2025-02-07 -
2026-03-06		 a year crt.sh
*.doubleclick.net
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
oa.openxcdn.net
WR3		 2025-03-12 -
2025-06-10		 3 months crt.sh
invstatic101.creativecdn.com
WR3		 2025-02-12 -
2025-05-13		 3 months crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-03 -
2025-05-03		 3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2024-09-05 -
2025-09-30		 a year crt.sh
onead.onevision.com.tw
R10		 2025-02-03 -
2025-05-04		 3 months crt.sh
wp.re-news.tw
WR3		 2025-03-04 -
2025-06-02		 3 months crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-09 -
2025-05-10		 3 months crt.sh
*.popin.cc
Secure Site Pro CA G2		 2024-09-23 -
2025-10-24		 a year crt.sh
*.holmesmind.com
Go Daddy Secure Certificate Authority - G2		 2025-03-06 -
2026-04-07		 a year crt.sh
gbyhn.com.tw
WE1		 2025-03-06 -
2025-06-04		 3 months crt.sh
*.prnasia.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-10-23 -
2025-11-23		 a year crt.sh
tls.automattic.com
E6		 2025-02-14 -
2025-05-15		 3 months crt.sh
img.racingcharger.tw
R11		 2025-02-15 -
2025-05-16		 3 months crt.sh
s.w.org
E6		 2025-02-28 -
2025-05-29		 3 months crt.sh
*.wixstatic.com
R11		 2025-01-23 -
2025-04-23		 3 months crt.sh
*.taboola.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-12-01 -
2025-12-31		 a year crt.sh
adtrafficquality.google
WR2		 2025-03-10 -
2025-06-02		 3 months crt.sh
ad.tagtoo.co
WR3		 2025-02-20 -
2025-05-21		 3 months crt.sh
uec.tagtoo.co
WR3		 2025-02-23 -
2025-05-24		 3 months crt.sh
*.t.ssp.hinet.net
HiPKI OV TLS CA - G1		 2025-02-12 -
2026-02-12		 a year crt.sh
*.creativecdn.com
RapidSSL TLS RSA CA G1		 2024-04-05 -
2025-04-30		 a year crt.sh
*.scupio.com
Sectigo RSA Organization Validation Secure Server CA		 2024-09-27 -
2025-10-28		 a year crt.sh
ecs.tagtoo.co
WR3		 2025-03-22 -
2025-06-20		 3 months crt.sh
cdn.forms.office.net
Microsoft Azure ECC TLS Issuing CA 04		 2025-01-31 -
2026-01-26		 a year crt.sh

This page contains 47 frames:

Primary Page: https://reurl.cc/XqAx30
Frame ID: 5DA3305FCDEB7246604B1DCB308B15AA
Requests: 69 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=646764243.1742964353&gtm=45je53o2v897965293za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102788824~102803279~102813109~102887799~102926062~102926327&z=1215738718
Frame ID: 13D0E5D4AF693C3B8530E55427A3AE15
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: AD2648FC14D900DA5201F1DC987E9702
Requests: 1 HTTP requests in this frame

Frame: https://a7393592d38620db98c8f66efce41717.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Frame ID: A57FA4869EDF3008A3BBFE29754191C3
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: 838962511461CBF5F5F8983F0F643242
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Frame ID: 56CC325F5315D56120117EFF2E3D5284
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJbIZj6bl_jLnCWwCXfaJo5_PEzuJ8Z2wpIs1Ss7xdpGhYCzJ4LYfpgtNlM5gJGkVXDih5diOdeRFvs3eoU-7KhBuYXeC_b4NB0yERCaEPDk_ORkFOo_d8xXkM6mDyvuhWjK7MnC5bdbh0oUXGs2uPB7ChLHN2ovBt2DpUKCTPBT88RFfUs468_qNVCSfWb9HZMiV2AdjYbiNyx5UDnGjb18AHWc8Gh3IxkQFsYhNjQB-cvRxxF-C9hMCoqEmkFbsbue1QzoA61EtZJiptaMtwWGoX4mPenUcOaWeUqlO0Su6baIcBpcLXUYe5F_8i0Kw_82hWSyQtEw4jnjFZCTnv7ogJSEi0vQSMdo0gsQKgmnAfFsDivsQAC2oAdARS_LtGK6SflKL4wI7SOqGJJsbFS8_Yztaela03S-xWsJBj1g0JRcrn3atyaA&sai=AMfl-YTtJUNMLRP6paXtBBVgrz_IkWagTfMLY7IcB1i3vbPET6-AUo8Wcqauht0iu-a2twgMz51Lt-B4SiuTedHAvk1Oa7MyhqMnljQGp3A4bib91Fjxz_TUqYAOSsqe&sig=Cg0ArKJSzH5r5dHoAn0WEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 95C42D7E1A18D1D447D482F86BF44924
Requests: 24 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvATG2sz18f9mspCeEd5JdEkURkJPw7l1XcJQzQTsq_dOHD6rOCPaSouUgzQv4RbA0apW_T2Q1M91IWBledol-RJMUMV0dcWWSGtDN6170G7Poh1BExRCQHesssSjN0NBH-ICd4vHhLDtsH6snkQ32bYQXm_8G10-M02bgQcuqDJAI9DvT33OoxjgMzpAcoRh6OuGP0rMXuxrw3d3Goy4gCHGjicNwqm0tDKdBsayAKeu67JIw3mduim5oVAUCdk2e9Ht5qQWuzI-0ZAg0DnXG0rSsrWRLaiXuutfWP9rYn9yAief2mBRVZ-D9RKmeCIhDQFIBPz43EFTuftkZsHfvCu-cLreANK9RZxsirkYQpJ3s29LF5QmBR_Tbk_yWyJy7Ih3LLqJArFZ7ZbYSndp_5Q27dXhnzIhd6inr60yR1de2h21K3OR2AIA&sai=AMfl-YRv1JFfQ7S8Ab6iiQ3pYFMUMInkR6PzXG_f5mMoNqqh1wVt0EP39LDMAQ2A6Xe2dxCG0mpd0RB0bTjuF98CFULcRq1IBA1sLWCKkIowYWCbkz1tFuvEmiTxEyzt&sig=Cg0ArKJSzLp-0t8_D60gEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: BF5ED33B26A42189EB948D6ED7D98D9A
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvpd2f5R6VlfXMlrPRvA2zNOez3saHrR9DqqNCrzuYnsgt5oXIdklcQtdbBWFeyBr7rShURIMng5eGsN3IP5MG8l7mQ_iuU2ubYmnOl5pPVXOU--bIaIC6CnOzS1GTW2AHP9K_lwBgpZikUx5Cqnk48HfxHrUGPVOFt8ooowiv3l9pNjmsXDQGGO0392hG_O82Lq6uYOX-ZHfX7ewRgs8F3S2d4oTfg7g15vJkGn-F0MvNpkCcsnlJ8LmBN_eI_27snlLPmCGJHetNOLPx0dL_TDPrG9SKetws5FnxmZkLqLutFIqLTglIQBXcJW4iOeRCp3qrNKB-21x1SMj7Jy2StF-CJW1zUH-daBL6FmrrD2nekFwRBsDbDGRMX0MPP-B2f_O43xiZLDLfmOyH0ZURlPpeDwafcsxIeY9C2Fn3EwO-LJPJb3FpP4yblz1JrSf0&sai=AMfl-YQDk8mhh2PhG5sbIVEbIZyJxVVIwCDRDsA_pav3232LIOzL73VrQDs1yjhgFc0uLmboW3vH6_RSweOZAevzik9gMotoL9tIhpmUHQ-smi2wvZGxuWW5Wtfq7fvG&sig=Cg0ArKJSzPaWFMNp0wiiEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: A29358701545B6353F31E381AFABDED0
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 7BAD6884F28A0CEA45409F1079409966
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 0F1F3D248023FBE4134D27FA08623D9B
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250324/r20190131/zrt_lookup.html
Frame ID: 2F80F224C9BBF8C76BF5E5B4466BB0D8
Requests: 1 HTTP requests in this frame

Frame: https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Frame ID: 463A9C26755BD4464D94CED0A4CA0263
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 1DA944FF5A397D7A965F6504CB7A0619
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 223294BF6C5927209057F8809588204F
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: DBD14FA642495C390FB7D867A47F19B5
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 49B5F4D5908B4387FF36D1E7B9DF4F13
Requests: 1 HTTP requests in this frame

Frame: https://384abc650096ad08a42011c65298f066.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3
Frame ID: 4CF832B3B4BD3EFE58007098F7065BE4
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: ACF1671DECD7FD0023C2EA7FC006B660
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9A2F1AAF8B6A370A81A165E00391C850
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuo3b06F8bBObo9-5hGWjPAhc7uCdLcGf-k8iu7sSq3wDR_a92uFEVNp5x8JIqOzygClny4Jzfhy7mHaediCseoZHFC-f5nVdzqlyjVB_MmD5XCq98NkcAkBr-gY0JvdBx3HkSeKap1xXbgINzOU7d_kCEvRC7Zf6WkExEQptM8Z8oBPhcp_fFBOzIg_cAYu-E6M5l43ZSFIMawid5M4QhUI_lkWBd50XoZMQMUJL_iMiLTKDx4HK1EcESO59kwkPYPULUgyBBzYAk1zo_PRo1-LMCA2Z6LDQTXP09o1eUfs3exL1oY3dWzJFGjIHD8yulMl186NkdPf_YEs_wZrknY4H81bZCzjZO_PXfXQiUvsOp4ySGNODAkL6ZiuYneXIKD3jO6pJXtUtBPqorTlYCXkUPvA8oeeVFc4sONCTRXxw8I2hkLy1mOiG2RPG6VKintF--X3Xyj4Q&sai=AMfl-YTkUz-4Y_LV4bO2_m4Q5Zw01SeAOJ9IyCywJgsuVaEbB5G0vMOmMNkNPluWwmkm4k8aDLBS_7mV1fOWZEA33QtN78-Sqy5xC-ACrXk62H5i6q3c0dMSK3tDaQTe&sig=Cg0ArKJSzNLLy5qDS3zFEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 13516F2A22A6B8EE8587C059A801689E
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f
Frame ID: 86352B7FD71702AF509511E3FE7D84AF
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: C2FF8F14ECC2DBCD190BCA70CF6FEB8E
Requests: 23 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: AFAA91D083053EAFCDDF641C6BEB551A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CBA48C9F32A99E536B5B753C1520D756
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: D75A659C0E5208DD98898E7510E8425C
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 82CCBB034B04B41EA2CD0DDD6FF3AAF4
Requests: 1 HTTP requests in this frame

Frame: https://5f708138ab692b83bdfd3dee094b1421.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=6
Frame ID: A93919D5FBC042582E5AAC497273E62A
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 1E53DD8ACBFA89E23AB4D6041A596292
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A38516C5DEBC434B72306AE2AA9A1028
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvsWxdPImBZBddN1pGIjYaTjx8oBOhKHYCew--F8DEIPTrYqSjzN-eyvC5Ja5V1rhQcqLAe9hN3YBLgMFwHKbHJWNUxLiCXUrRE7hXrO9FIfr6oE-TwWs5JNJdffFnOdJFdgU40bf4mpS-5xehZ-bcac7zsx4sCcK87EhjjKWWnbXjVmqVc1AQYvGNkMmybSjPSIysVdOFSs1JBuCjI6vF1fbG8jBTNsMLLXY6WbTzCeiJZj5SRrjz2p63iytEzrBQ5d1PUhgCFcJx8XVLjMseQjlWpQqAQWG8XEbypEBEhcFrfm5cBagLLyeXE3yYtW2gO1oFF1Sv-zMdte7NUVQn8f3oYNAok9f_twpMz1XW7tnZIkUlR1AdWCNqBMEyi4jhYlGS8zkKbgMI9N7gVrcMFKAbK-8KU8CPBC_ebqp8HBcD3KDoHJzSihtBGF486Eo8n2zjEPgTwWg&sai=AMfl-YSB0m1R11g9sSttwAcmtHdXu5jmo2AzLPXIOsF0Pnw1ANpkFYZwyJ_JZhvhvFCBxrFH34RoInPdpkPfLpneJgg1NaCyXKMzQn_4KOrlL5WSZShbnFpL_zLzGQvm&sig=Cg0ArKJSzNFfnEljdceyEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: AA60863E4013D0BFED8A53FFB1A27D30
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f
Frame ID: A5A140AF3F97690D57A62C94E43A65A9
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 19FD7D2D1C438C9F646804BD7DA8FED3
Requests: 22 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 3C5D60FC2D26A07D929680037ECBAF44
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: BE4F0F0D2358D1D258A4AFAF592D3E83
Requests: 1 HTTP requests in this frame

Frame: https://03645f1727afbb47e4365cdc87f1dd1b.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=9
Frame ID: 1B3F07C235C1828A1D026A2323043616
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvD5GSw3uNVcFIGNCTlchU1JKCAGCmFnrYqwbZUCxwmRqexugVua2sRQ7rcOCzgjLrAOvs75525kbNeLK1x72K6LSnuEW14fnxwSrRz6WyfmFQ4QBqe0YfpWFnTcL5XJHG7Xpcj37u-OB86HtjEQctUE1uitN_FUs-t1pF-gtiN_x6UFWmDik3ZEKQNRgRhhiPz1pyeBvQQgnzpGtVPKm7vrnDbOV01BIwsBZstRVAM7fNkcAkOrhDjJjZEVDmquJhZeTKyjHnqqMj8FaEVvytcf3Rcwb_TrrVP2few7Yk_zdlWiogNwQ1xkLMRa285lAb0WscZ2aONcBPcGiaZkfUpxH0ixiL9BfXxvsQYEHpRf68B-PhNxZIUFB12aQndFLpjjeWjOC9yPTp3FpOa705SeE_dhLOJsQnD5gjpGE1HE_8tVhJELsQGPOPvVQiE1g1tExmpfxemEw&sai=AMfl-YSxwiTRzwvsugqs_0D2ct2OiCDFb06ZpocU7EibKAl7G3FStQx2n9l-ZKghgRt5AEKh8Vz6baNfJEq-FfjElp8BKD8JEMPnGkXZKelJPvjkVuLIGKOMwoC-IA1a&sig=Cg0ArKJSzCyHtMNfElcvEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: E3871FE42D26FF91B0A0F735313DD7C4
Requests: 8 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f
Frame ID: 701A9BAC8402EB2613ABDB71F8FE17B2
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: A00B58D61CA32F1C9D3964649EE01CB6
Requests: 22 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 60C16F19017EF27473FE6A479F8AD54B
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: AEAA5EA0F11D8E604A9AA56C7EA5ADE1
Requests: 1 HTTP requests in this frame

Frame: https://666a803caa4998daebc267a5c9c00760.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=12
Frame ID: 0E2CF05A84E276C43CF03E9908B03DB3
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: AFE4E0D15FAE4145F24A15DF67169B1D
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A8C9DA101E23EED86CCB70BECCD3D4DF
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstaj6CPIvYPHWUMkW4COhbDXWLOhF7gfqvRUp53Mst1hfv1VJcNUKT_1csDZA6kpZ5n0yvumMRPSTpzS2XjVSbkomKObKWK6gprCznwX_-YpI-uAT0Y9Mf2EIihQIfTcEg7Qn2WwKsbgwO0X5DDcUrO1K6USm-mjQw5PltXIkN0ACcDRGi1OBGL0J0r_4nJO4UB0NxTaisl2hIZl2IuPp7EMBYsw3l-yID3CPWhdQyhlc08JrqfDy1c4p8jX3LZ7nvt0D4d-hCDkYyOQ2IRHTB-v4-mgpbVJfpimGe9ErMfX7_RkjNJTScQWLyDkOscO5fiWCBZ_uzc4wur7212IdwpZoaxAvgQzV_kTdyXdXlBgZ8CIj526tJ_yLQZhupBDYoMq3uhIlSsqCXdGaBHwwZQdKkhjQEZT-2nygVkbtH3shOah2NGTfSFhg4Fkl9LkqlG1vWaWNfS4Q&sai=AMfl-YSIzY7UjENe1F0pjMt1SF1mHueAy37dj8e0CV0D9Ic-IlTByD0zcD85rSZyvP1WTQeCGwEr7hqsEsLSPJMMGWNPN_z3ECgoe3qsAqrcLnnHpaYXJToj_kFBqKl7&sig=Cg0ArKJSzKD12XWNsV9yEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 4DEF07015B5E82BC46B769415E084497
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f
Frame ID: 00CFA73794F6DD5300004A522BF40380
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20231115
Frame ID: 995E16FD4BE78F36D23F18508EE12AAD
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Dynamics 365 Customer Voice

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/vue(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

301
Requests

91 %
HTTPS

50 %
IPv6

40
Domains

64
Subdomains

57
IPs

6
Countries

3189 kB
Transfer

11994 kB
Size

47
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76
  • https://cms.analytics.yahoo.com/cms?partner_id=OneDATA HTTP 302
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA HTTP 302
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/vzn?id=y-EBWCdyFE2p9uYEqsgrWAf0mCZJFz0Wi9z2w9aA--~A
Request Chain 77
  • https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id} HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/ltm?id=e0a726a458b8693316be6a8e64b7641c
Request Chain 78
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/ttd?id=3188e852-08d4-40f1-ab2c-917d4fa90976
Request Chain 79
  • https://ps.eyeota.net/pixel?pid=3m51m51&uid=3309d0d1-09fd-11f0-9b1b-0242ac120002&t=ajs HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=3309d0d1-09fd-11f0-9b1b-0242ac120002&t=ajs
Request Chain 85
  • https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=776186313&pi=t.ma~as.2784%2F13803&w=300&lmt=1742964354&url=https%3A%2F%2Freurl.cc%2FXqAx30&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1742964353882&bpp=319&bdt=121&idt=486&shv=r20250324&mjsv=m202503240101&ptt=5&saldr=sd&cookie=ID%3D9108f7a39ce1675e%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_Ma1vtvH_qGID4i43UgxWrqZMYZaiA&gpic=UID%3D000010865d546cc2%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_MbJzFAlJ_dU68Fv2n-hxS2M1_H73Q&eo_id_str=ID%3Df38574e2354de41a%3AT%3D1742964353%3ART%3D1742964353%3AS%3DAA-AfjaN4W0L-6umPS0BXG150rCT&correlator=5132752307062&frm=23&ife=4&pv=2&nhd=1&u_tz=-600&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=270&ady=172&biw=1600&bih=1200&isw=300&ish=250&ifk=3231471538&scr_x=0&scr_y=0&eid=95356498%2C95356505%2C31091230%2C95356096%2C95355300&oid=2&pvsid=3004472422137813&tmod=1890971546&uas=0&nvt=1&fc=640&brdim=570%2C570%2C570%2C570%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=1.upqm7zjlekoc&fsb=1&dtd=532 HTTP 302
  • https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Request Chain 114
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=YfEB1k4dD0KyOse6g4bjZw
Request Chain 116
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=t1IzbKFYD9WrKmvwg4bjZw
Request Chain 165
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=oRX_7D33ADG_JsXchIbjZw
Request Chain 166
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=S7IUMEc9ABqsoKM_hIbjZw
Request Chain 216
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=SraJvajVAvCsX9TkhobjZw
Request Chain 217
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=uXW-8QkbAwmtXeb8hobjZw
Request Chain 261
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=rC_S0sShAhGCuCbaiIbjZw
Request Chain 262
  • https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=MZbIvV4lCayhu-bTiIbjZw

301 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request XqAx30
reurl.cc/ 		15 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.130.185.35.bc.googleusercontent.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
dda1acd2c0245b63823a0738dd053df858589ef769e9461949b5b9c8577ad697

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-origin
*
access-control-expose-headers
*, Authorization, X-Authorization
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 26 Mar 2025 04:45:51 GMT
referrer-policy
no-referrer-when-downgrade
server
nginx/1.18.0 (Ubuntu)
target
https://ecv.microsoft.com/dDTk9Vwh4y
vary
Accept-Encoding Origin
x-request-id
ce043a58-598b-4acb-b3ce-b6ef8b33d74a
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 		152 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
age
1287889
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-eddf8230028-FRA, cache-lga21983-LGA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
25648
x-jsd-version
4.3.1
style.css
storage.reurl.cc/stylesheets/rwd/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/stylesheets/rwd/style.css?v=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
fdac9f03-2ed8-45ed-841f-32b5e88bfc75
access-control-expose-headers
*, Authorization, X-Authorization
content-encoding
gzip
age
20807
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:59:05 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=28800
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
904
ats.js
anymind360.com/js/9479/ 		186 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://anymind360.com/js/9479/ats.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.55 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
a6a132211fe21475c262557eeb7c3efad716f5ece2f3552e2894e097a9fd7bf0
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
content-encoding
gzip
x-goog-hash
crc32c=jUf8sg==, md5=XZKb74lEVE/od15TDzGdTQ==
etag
"5d929bef8944544fe8775e530f319d4d"
age
91228
x-goog-stored-content-encoding
gzip
expires
Tue, 25 Mar 2025 03:25:24 GMT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-goog-stored-content-length
46393
x-cache
HIT, HIT
date
Wed, 26 Mar 2025 04:45:52 GMT
last-modified
Thu, 12 Dec 2024 05:32:33 GMT
content-type
application/javascript; charset=UTF-8
x-served-by
cache-tyo11968-TYO, cache-lga21927-LGA
x-cache-hits
403, 0
x-guploader-uploadid
AKDAyIsrPuw8ifNtD81o7Xxuf1lDyzbiss0eW2huuq6aLX5eBK1LQnRqF1fA_732iPuLehLG
strict-transport-security
max-age=31557600
vary
Accept-Encoding
cache-control
max-age=1200
x-goog-storage-class
STANDARD
x-timer
S1742964352.190582,VS0,VE1
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1733981553094287
content-length
46393
server
UploadServer
pixel.js
storage.reurl.cc/javascripts/ 		429 B
524 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/pixel.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
9d21f9e4-bdc2-4dc6-8cc4-701adb0e19e3
access-control-expose-headers
*, Authorization, X-Authorization
cache-control
public,max-age=28800
age
14972
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
429
date
Wed, 26 Mar 2025 00:36:20 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/javascript; charset=utf-8
vary
Origin
ga2.js
storage.reurl.cc/javascripts/ 		536 B
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/ga2.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
f3d510eb-8be7-4efa-9243-63310c60ad9d
access-control-expose-headers
*, Authorization, X-Authorization
cache-control
public,max-age=28800
age
16322
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
536
date
Wed, 26 Mar 2025 00:13:50 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/javascript; charset=utf-8
vary
Origin
js
www.googletagmanager.com/gtag/ 		363 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ee55c68fc2c26f92ef98cf06c0762b56b1f872922c0ebefbd3a442596d46cbcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires
Wed, 26 Mar 2025 04:45:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1020:0
content-length
124098
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		439 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f8b2dcfabca6c1b85affe6719687a34e0d00e41355456a80367f2f93104e1308
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires
Wed, 26 Mar 2025 04:45:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1020:0
content-length
145055
x-xss-protection
0
server
Google Tag Manager
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		105 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
98a13a8195bb791392a727d3dde6b0936e7a2f41f42f9ee5c9bf2b08f0d64865
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
892 / 20173 / m202503200101 / config-hash: 2851412147286529057
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33491
x-xss-protection
0
server
cafe
wrapper.min.js
cpt.geniee.jp/hb/v1/219632/1441/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.137.133.152 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
0614ad45d47a5da6d9880c2e175c88526cd223c16d2121e48bab3a9e1121f55d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=3600, private
content-encoding
gzip
etag
W/"67e29c9e-2f10"
cross-origin-resource-policy
cross-origin
expires
Wed, 26 Mar 2025 05:45:52 GMT
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
application/javascript
last-modified
Tue, 25 Mar 2025 12:07:58 GMT
server
nginx
ad-serv.min.js
ad-specs.guoshipartners.com/static/js/ 		50 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
168.95.246.1 Los Angeles, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS
168-95-246-1.hinet-ip.hinet.net
Software
HiNetCDN / OneAD
Resource Hash
8aad7f034c2e39ee145189b327d6b1df64240486e08c7eba41d399e7e72797a6

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
W/"67dbbf75-c7b9"
age
241
access-control-allow-methods
GET,POST,OPTIONS,PUT
x-varnish
521929587 506724922
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
application/javascript
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Thu, 20 Mar 2025 07:10:45 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control
public, max-age=360
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
*
x-powered-by
OneAD
server
HiNetCDN
onead-lib.min.js
ad-specs.guoshipartners.com/static/js/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-specs.guoshipartners.com/static/js/onead-lib.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
168.95.246.1 Los Angeles, United States, ASN131660 (CHTCDN Data Communication Business Group, TW),
Reverse DNS
168-95-246-1.hinet-ip.hinet.net
Software
HiNetCDN / OneAD
Resource Hash
fcf4b958769eb294a5743dffac9b9def998a568b1126f9ca3d270c9cc67268d3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
W/"67e22b0a-6524"
age
1
access-control-allow-methods
GET,POST,OPTIONS,PUT
x-varnish
165118487 157123679
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
application/javascript
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Tue, 25 Mar 2025 04:03:22 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control
public, max-age=360
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
*
x-powered-by
OneAD
server
HiNetCDN
vue.min.js
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 		84 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
age
1031107
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230020-FRA, cache-lga21983-LGA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
33184
x-jsd-version
2.5.16
renews.js
storage.reurl.cc/javascripts/ 		404 B
401 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/renews.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
2f12f8ff-aeb7-4281-949e-2a9f22bf0e3a
access-control-expose-headers
*, Authorization, X-Authorization
content-encoding
gzip
age
22764
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 22:26:28 GMT
last-modified
Tue, 09 Jul 2024 09:45:35 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=28800
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
282
loading.js
storage.reurl.cc/javascripts/ 		134 B
257 B 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.reurl.cc/javascripts/loading.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.98.30 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
30.98.149.34.bc.googleusercontent.com
Software
/
Resource Hash
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-request-id
bfc54a0c-3e04-4b1c-814e-9c10e7ca4431
access-control-expose-headers
*, Authorization, X-Authorization
cache-control
public,max-age=28800
age
22847
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
134
date
Tue, 25 Mar 2025 22:25:05 GMT
last-modified
Thu, 29 Sep 2022 09:52:31 GMT
content-type
text/javascript; charset=utf-8
vary
Origin
fbevents.js
connect.facebook.net/en_US/ 		252 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/pixel.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00e:13:face:b00c:0:3 Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
13b3fea42a999bd1edc7815ad83b8529ad25262807607a54101486b76d2a39a0
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-coxcpzh0' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-coxcpzh0' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=26, rtx=0, c=23, mss=1232, tbw=4597, tp=9, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
jluScqfgJaf7a56xM2z5AorLy7IwR7pxHUgs3AtglPTHbqFDayD4f31nW9CoiG0Z9KjFXPBwbWFHQwVivrpEIA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
64608
x-xss-protection
0
origin-agent-cluster
?1
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/ga2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
age
6776
report-to
{"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:52:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 02:52:56 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:225:0
content-length
20994
server
Golfe2
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/ 		525 KB
165 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
13877525710090312892
age
3739
x-content-type-options
nosniff
expires
Thu, 26 Mar 2026 03:43:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 03:43:33 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168748
x-xss-protection
0
server
cafe
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/ 		63 KB
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6101005619b1d8a0e6d234dc41330613febb164b982205854bf7416cff6d43fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
6539103362049255065
age
53037
x-content-type-options
nosniff
expires
Tue, 01 Apr 2025 14:01:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 25 Mar 2025 14:01:55 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23391
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503250101"
collect
www.google-analytics.com/j/ 		3 B
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=950204661&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FXqAx30&ul=en-us&de=UTF-8&dt=Dynamics%20365%20Customer%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=210735033&gjid=839542284&cid=646764243.1742964353&tid=UA-102456694-1&_gid=1693567136.1742964353&_r=1&_slc=1&z=1198605164
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

report-to
{"group":"ascnsrsgac:175:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:52 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:175:0
content-length
3
server
Golfe2
collect
www.google-analytics.com/ 		35 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=950204661&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FXqAx30&ul=en-us&de=UTF-8&dt=Dynamics%20365%20Customer%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=3&el=NS4xODEuMjM0LjEzMg&ev=1&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=646764243.1742964353&tid=UA-102456694-1&_gid=1693567136.1742964353&z=1182364153
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

age
70669
report-to
{"group":"ascnsrsgac:163:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 25 Mar 2025 09:08:03 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:163:0
content-length
35
server
Golfe2
1675200226052423
connect.facebook.net/signals/config/ 		74 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1675200226052423?v=2.9.190&r=stable&domain=reurl.cc&hme=c1f2cecb0bd2e60711f2156ceae0254b57f69ec526dbc6c13633615b2168eda4&ex_m=71%2C124%2C109%2C113%2C62%2C4%2C102%2C70%2C16%2C98%2C90%2C51%2C55%2C178%2C181%2C193%2C189%2C190%2C192%2C29%2C103%2C53%2C78%2C191%2C173%2C176%2C186%2C187%2C194%2C135%2C41%2C199%2C196%2C197%2C34%2C148%2C15%2C50%2C203%2C202%2C137%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C110%2C52%2C112%2C39%2C111%2C30%2C95%2C26%2C174%2C177%2C145%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C104%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C106%2C105%2C107%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C244%2C171%2C122%2C160%2C153%2C2%2C36%2C64%2C42%2C108%2C45%2C80%2C69%2C114%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C101%2C115
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00e:13:face:b00c:0:3 Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0c310205ab2dbf30ae9b8a24ee1359f493e1bf5c982c124e42af22b759ac07ce
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *;script-src 'nonce-YiKhTdLe' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' blob: *;script-src 'nonce-YiKhTdLe' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com https://*.google-analytics.com;font-src 'self' data: blob: *;img-src 'self' data: blob: * https://*.google-analytics.com;media-src 'self' data: blob: *;child-src 'self' data: blob: *;frame-src 'self' data: blob: *;manifest-src 'self' data: blob: *;object-src 'self' data: blob: *;worker-src 'self' data: blob: *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=16, rtx=0, c=77, mss=1232, tbw=73189, tp=68, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
vrjoCPRaGvy7Yiu9+0Ymx0cuFx1pXbWfxvYVeoaQ98i+drx/iAxMVnC0Bzrpu0cWlkjItxRLly84BP1quCD3EQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
16786
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742964352846&sw=1600&sh=1200&v=2.9.190&r=stable&ec=0&o=4252&fbp=fb.1.1742964352838.440344226671414603&cs_est=true&pm=1&hrl=d962bb&ler=empty&cdl=API_unavailable&it=1742964352746&coo=false&cs_cc=1&exp=k0&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=23, mss=1232, tbw=4749, tp=12, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1742964352846&sw=1600&sh=1200&v=2.9.190&r=stable&ec=0&o=4252&fbp=fb.1.1742964352838.440344226671414603&cs_est=true&pm=1&hrl=d962bb&ler=empty&cdl=API_unavailable&it=1742964352746&coo=false&cs_cc=1&exp=k0&rqm=FGET
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-Ki1YEG4O' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7485974891697026719&cpp=C3&cv=1021259494&st=1742964352974"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
OGUIRlcIaZv90pCtrjuWn9KyxIQICzqMeBwTWndN66ctR8kuKionqTFdBMlxf2h7bh/RZg5ZLfpgkqFRomJi5w==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7485974891697026719&cpp=C3&cv=1021259494&st=1742964352974", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-Ki1YEG4O' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=24, mss=1232, tbw=5117, tp=15, tpl=0, uplat=51, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
128002626
fundingchoicesmessages.google.com/i/ 		196 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/128002626?ers=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
39e8292ad09906fd5e18d008049394e98e2dddd45194c3ebee7f8e780c21aa3d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-VB9GED_mTHpv5gZ_EZAv0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjctDikmLw1ZBiOHHrNtMFIG69eY51OhAbrT3P6gLEhgqXWJ2B-P66S6zPgfhD_WXWH0BcJHGFtQWIhbg5Gnv79rMJTLjQbqqkkZRfGJ-cn1dSlJlUWpJflJacllqcWlSWWhRvZGBkamBsZKxnYBZfYAgA5KwvwQ"
content-security-policy
script-src 'report-sample' 'nonce-VB9GED_mTHpv5gZ_EZAv0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
yads-async.js
yads.c.yimg.jp/js/ 		210 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yads.c.yimg.jp/js/yads-async.js
Requested by
Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.22.31.124 , Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software
/
Resource Hash
e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
etag
"fad34f610280b86070657d734b70d7bc"
age
79
x-content-type-options
nosniff
date
Wed, 26 Mar 2025 04:44:34 GMT
content-type
text/javascript
last-modified
Tue, 18 Mar 2025 07:38:44 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=600, stale-while-revalidate=1200
accept-ch
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
ats-carp-promotion
1
x-amz-request-id
2382c80e-f19f-4def-8e77-1497f9a0936b
permissions-policy
ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
accept-ranges
bytes
content-length
58654
x-xss-protection
1; mode=block
x-amz-server-side-encryption
AES256
gnshbrequest-v4.23.3.js
cpt.geniee.jp/hb/v1/lib/ 		181 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Requested by
Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/219632/1441/wrapper.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.137.133.152 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=86400, private
content-encoding
gzip
etag
W/"67d140eb-2d3d7"
cross-origin-resource-policy
cross-origin
expires
Thu, 27 Mar 2025 04:45:53 GMT
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
application/javascript
last-modified
Wed, 12 Mar 2025 08:08:11 GMT
server
nginx
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je53o2v897965293za200&_p=1742964352243&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887799~102926062~102926327&cid=646764243.1742964353&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1742964353&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1925
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
report-to
{"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:137:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
552 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N394QBRGC0&cid=646764243.1742964353&gtm=45je53o2v897965293za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=102482433~102788824~102803279~102813109~102887799~102926062~102926327
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:112:0
report-to
{"group":"ascnsrsggc:112:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:112:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:112:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 13D0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-N394QBRGC0&gacid=646764243.1742964353&gtm=45je53o2v897965293za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102482433~102788824~102803279~102813109~102887799~102926062~102926327&z=1215738718
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:53 GMT
expires
Wed, 26 Mar 2025 04:45:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je53o2v9181474282za200&_p=1742964352243&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102509683~102788824~102803279~102813109~102887800~102926327&cid=646764243.1742964353&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1742964353&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2001
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:87:0
report-to
{"group":"ascnsrsggc:87:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:87:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:87:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/plain
server
Golfe2
AGSKWxVAGwwcNa81XDRqxCK-CvdnSkFsL8BwzWS3L20lEEoHG_8XmBGpM2dEnqhi1ueJtJUuiUwvKS1NE3rTKSeivZiU9QzuoBFLzMhClP_ueOgz18_D0IcVmrzNAehXlACOYGvOrjBgmQ==
fundingchoicesmessages.google.com/f/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVAGwwcNa81XDRqxCK-CvdnSkFsL8BwzWS3L20lEEoHG_8XmBGpM2dEnqhi1ueJtJUuiUwvKS1NE3rTKSeivZiU9QzuoBFLzMhClP_ueOgz18_D0IcVmrzNAehXlACOYGvOrjBgmQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyOTY0MzUzLDI4NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLG51bGwsW1s4LCJkYUh6ekRVd0hHUSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6db792f8234d214fd5b7223a555c03683438255d5f75bc3c38ec0891b5363ae4
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-OIVLowsiao3Hu3oOaQQpAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjctDikmII0JBiOHHrNtMFIG69eY51OhAbrT3P6gLEhgqXWJ2B-P66S6zPgfhD_WXWH0BcJHGFtQWIhXg4Gnv79rMJ_Hj3dxqjkkZSfmF8cn5eSVFmUmlJflFaclpqcWpRWWpRvJGBkamBsZGxnoFZfIEhAEXLMSM"
content-security-policy
script-src 'report-sample' 'nonce-OIVLowsiao3Hu3oOaQQpAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame AD26 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
1496
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28858
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:20:57 GMT
expires
Wed, 26 Mar 2025 05:10:57 GMT
last-modified
Mon, 24 Mar 2025 19:44:53 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
esp.js
oa.openxcdn.net/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-goog-metageneration
1
content-encoding
gzip
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag
"df5542b88bc0e368c6999754a5b9e2ba"
age
349454
x-goog-stored-content-encoding
gzip
expires
Sun, 22 Mar 2026 03:41:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
7927
date
Sat, 22 Mar 2025 03:41:39 GMT
last-modified
Thu, 27 May 2021 18:30:51 GMT
content-type
application/javascript
x-guploader-uploadid
AKDAyIsdwgfW2Hk1prg1bQXhGXHpE9pIdxTNc3WVtEHTazCwMJFwODu5oO36DbArtHknTzua
cache-control
no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
x-goog-generation
1622140251693895
content-length
7927
server
UploadServer
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
861bdaf24bda5c0db45c6ebe1c94a9eb
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2729
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 05 Feb 2025 14:45:21 GMT
server
Google Frontend
x-cloud-trace-context
3af347a3c2e6f1f1124052cf164229e3
publishertag.ids.js
static.criteo.net/js/ld/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-a641"
cross-origin-resource-policy
cross-origin
expires
Thu, 27 Mar 2025 04:45:53 GMT
access-control-allow-origin
*
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
ob.js
cdn-ima.33across.com/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ima.33across.com/ob.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
public, max-age=259200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"678fc4ec-4599"
age
415890
cf-ray
92640048a901dafc-EWR
expires
Sat, 29 Mar 2025 04:45:53 GMT
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
application/javascript
last-modified
Tue, 21 Jan 2025 16:01:48 GMT
vary
Accept-Encoding
server
cloudflare
ads
securepubads.g.doubleclick.net/gampad/ 		219 KB
16 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2616549332254756&correlator=2311604673742773&eid=31086814%2C31089990%2C83321073%2C31086809&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fifs&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C13848%2C18535%2C13856%2C13860%2C14209%2C14210&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7&prev_iu_szs=300x250%2C1x1%7C320x480%2C300x250%2C300x250%2C1x1%7C320x50%7C300x100%7C320x100%2C300x250&ifi=1&didk=3663017418~954026992~3220679602~2335188262~1073006158~4279657583&dids=div-gpt-ad-1692339097859-0~div-gpt-ad-1706005027566-0~div-gpt-ad-1682415009667-0~div-gpt-ad-1682415043506-0~div-gpt-ad-1683598631228-0~div-gpt-ad-1683598657711-0&adfs=916259745~~2578326023~~~2287716272&sfv=1-0-41&sc=1&cookie_enabled=1&abxe=1&dt=1742964353321&lmt=1742964353&adxs=1005%2C-9%2C245%2C-9%2C-9%2C625&adys=171%2C-9%2C171%2C-9%2C-9%2C171&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C-1%7C0%7C-1%7C-1%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=380x250%7C0x-1%7C380x250%7C0x-1%7C0x-1%7C380x250&msz=350x250%7C0x-1%7C350x250%7C0x-1%7C0x-1%7C350x250&fws=0%2C2%2C0%2C2%2C2%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742964351990&idt=958&cust_params=url%3D%252FXqAx30%26ref%3Dnull&adks=1451399479%2C4066066610%2C827794272%2C3475397127%2C3271617715%2C3242553145&frm=20&eoidce=1&td=1&egid=61607&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f253290fcc29f7f2a23f88a3c984a239539b7482cc449ea1f8e7fdff324ec99a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
dcb
google-lineitem-id
6424070779,6405456366,6690069789,6295930452,6499557592,6499556608
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2,-2,-2,-2,-2,-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138456634296,138452341869,138468304473,138433089508,138462658624,138462658495
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
16033
x-xss-protection
0
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ 		1 KB
419 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2616549332254756&correlator=2311604673742773&eid=31086814%2C31089990%2C83321073%2C31086809&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fifs&gdpr=0&iu_parts=21787810958%2CTW_reurl.cc_res_all_truvid_1x1%2CTW_reurl.cc_res_allsite_top_avs&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%7C336x280%7C1x1%2C1x1&ifi=7&didk=3347717449~2825456951&dids=ats-slider-10~ats-insert_ads-8&adfs=948047239~3992581161&sfv=1-0-41&sc=1&cookie_enabled=1&abxe=1&dt=1742964353337&lmt=1742964353&adxs=15%2C800&adys=33%2C171&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=7%7C8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=1570x0%7C1600x0&msz=1570x0%7C1600x0&fws=0%2C0&ohw=0%2C0&topics=9&tps=9&htps=10&a3p=Eh0KDmVzcC5jcml0ZW8uY29tGKPSlYbdMkgAUgIIZBIbCgwzM2Fjcm9zcy5jb20Yo9KVht0ySABSAghkEhcKCHJ0YmhvdXNlGKLSlYbdMkgAUgIIZBIUCgVvcGVueBii0pWG3TJIAFICCGQ.&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742964351990&idt=958&cust_params=url%3D%252FXqAx30%26ref%3Dnull&adks=3936558959%2C940499867&frm=20&eoidce=1&td=1&egid=61607&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0d6ea7f15b98f69ab162af494df563f3c419869b58500f83955f47fff3c5626d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
dcb
google-lineitem-id
-2,-2
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2,-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
-2,-2
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
387
x-xss-protection
0
server
cafe
container.html
a7393592d38620db98c8f66efce41717.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame A57F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://a7393592d38620db98c8f66efce41717.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:53 GMT
expires
Wed, 26 Mar 2025 04:45:53 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
AGSKWxUjaGWeUdbwpAUFKShrLHs4u0SgD1JuPpXPYcJHemEHH2LM4dspXD-kCP762KxGwaZzlOYjVQ8F-ViUO3ozR_UAnoYSsaHEkWDTblC82XBKJmK4pEvO5AGWRfL2-RQIlqZ3ugKWcA==
fundingchoicesmessages.google.com/f/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUjaGWeUdbwpAUFKShrLHs4u0SgD1JuPpXPYcJHemEHH2LM4dspXD-kCP762KxGwaZzlOYjVQ8F-ViUO3ozR_UAnoYSsaHEkWDTblC82XBKJmK4pEvO5AGWRfL2-RQIlqZ3ugKWcA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyOTY0MzUzLDM5NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcmV1cmwuY2MvWHFBeDMwIixudWxsLFtbOCwiZGFIenpEVXdIR1EiXSxbOSwiZW4tVVMiXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwiIl0sWzI5LCJmYWxzZSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d590dc7c95b44e7c882fc78dad5ca260574f5480572c835e265bc2434411dcb2
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-zNtL-kiwGQTltR9vqkwnRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw0ZBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDgae_v2swl0LDtwklFJIym_MD45P6-kKDOptCS_KC05LbU4tagstSjeyMDI1MDYyFjPwCy-wBAA7OErRw"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-zNtL-kiwGQTltR9vqkwnRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
oid
onead.onevision.com.tw/v2/et/ 		372 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onead.onevision.com.tw/v2/et/oid?cb=window.text_etag_callback_40sqt
Requested by
Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
e1fc915a5fe4e34a2a4ee45bf1b9e292e15cb607acbef3e678e38b40bd5371d2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
etag
3309d0c4-09fd-11f0-9b1b-0242ac120002
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
579895379
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
application/javascript
last-modified
Wed, 26 Mar 2025 04:45:53 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control
max-age=600
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
372
x-onead-backend
onead-http-event-lwr8-gohttp
server
gws
x-powered-by
OneAD
page.php
www.facebook.com/plugins/ Frame 8389 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Freurl.cc%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-j5WFmp6a' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
zstd
content-security-policy
default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-j5WFmp6a' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:53 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster
?1
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma
no-cache
priority
u=0,i
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7485974895295758858&cpp=C3&cv=1021259494&st=1742964353547"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7485974895295758858&cpp=C3&cv=1021259494&st=1742964353547", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=23, mss=1232, tbw=4601, tp=9, tpl=0, uplat=96, ullat=0
x-fb-debug
bugZSgrnxRHBGLexUK/2ZMBN8H6wgsJ2cU+oLGcqV5+D+rpKDySsvLlm1ulHTBuHKrcRIfS9C89nZgs0qJjfxA==
x-xss-protection
0
feeds
re-news.tw/ 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://re-news.tw/feeds
Requested by
Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/renews.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
175.26.160.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
54cee9fee34389ba3cd31ce3a08d5d7d507b233d1e983b2bd234921127abeb9d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
W/"1bc9-drHOjkD2X27TZtGQci+iBiDGWdw"
via
1.1 google
access-control-allow-origin
https://reurl.cc
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7113
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/html; charset=utf-8
x-powered-by
Express
vary
Origin
syncframe
gum.criteo.com/ Frame 56CC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=reurl.cc&gdpr=0&gdpr_consent=
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

cache-control
private, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:52 GMT
server
Kestrel
server-processing-duration-in-ticks
434435
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
policy-check
cpt.geniee.jp/hb/v1/ 		12 B
162 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cpt.geniee.jp/hb/v1/policy-check?loc=https%3A%2F%2Freurl.cc%2FXqAx30&list_id=mid-219632&gam_id=gam-424536528%2Cgam-0
Requested by
Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v4.23.3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.137.133.152 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
*
cache-control
max-age=10800, private
content-length
12
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
application/json
server
nginx
cross-origin-resource-policy
cross-origin
view
securepubads.g.doubleclick.net/pcs/ Frame 95C4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJbIZj6bl_jLnCWwCXfaJo5_PEzuJ8Z2wpIs1Ss7xdpGhYCzJ4LYfpgtNlM5gJGkVXDih5diOdeRFvs3eoU-7KhBuYXeC_b4NB0yERCaEPDk_ORkFOo_d8xXkM6mDyvuhWjK7MnC5bdbh0oUXGs2uPB7ChLHN2ovBt2DpUKCTPBT88RFfUs468_qNVCSfWb9HZMiV2AdjYbiNyx5UDnGjb18AHWc8Gh3IxkQFsYhNjQB-cvRxxF-C9hMCoqEmkFbsbue1QzoA61EtZJiptaMtwWGoX4mPenUcOaWeUqlO0Su6baIcBpcLXUYe5F_8i0Kw_82hWSyQtEw4jnjFZCTnv7ogJSEi0vQSMdo0gsQKgmnAfFsDivsQAC2oAdARS_LtGK6SflKL4wI7SOqGJJsbFS8_Yztaela03S-xWsJBj1g0JRcrn3atyaA&sai=AMfl-YTtJUNMLRP6paXtBBVgrz_IkWagTfMLY7IcB1i3vbPET6-AUo8Wcqauht0iu-a2twgMz51Lt-B4SiuTedHAvk1Oa7MyhqMnljQGp3A4bib91Fjxz_TUqYAOSsqe&sig=Cg0ArKJSzH5r5dHoAn0WEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:53 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
cf_reurl_tw_gam.js
api.popin.cc/searchbox/ Frame 95C4 		129 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Content-Encoding
gzip
ETag
W/"84c303c8957ac66aa38f2a88e2291b99"
x-amz-version-id
u2A0lYWFB7No0ZP_ZBKUcX5kfrhgSMHf
Expires
Wed, 26 Mar 2025 05:45:54 GMT
Date
Wed, 26 Mar 2025 04:45:54 GMT
Last-Modified
Wed, 19 Mar 2025 07:07:58 GMT
Content-Type
text/javascript
Vary
Accept-Encoding
Transfer-Encoding
chunked
X-Cache-Status
HIT from 10.252.55.25
x-amz-replication-status
PENDING
Cache-Control
max-age=3600
Timing-Allow-Origin
*
Connection
keep-alive
Cross-Origin-Resource-Policy
cross-origin
Server
nginx
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 95C4 		219 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
747
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 05:33:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:33:26 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame BF5E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvATG2sz18f9mspCeEd5JdEkURkJPw7l1XcJQzQTsq_dOHD6rOCPaSouUgzQv4RbA0apW_T2Q1M91IWBledol-RJMUMV0dcWWSGtDN6170G7Poh1BExRCQHesssSjN0NBH-ICd4vHhLDtsH6snkQ32bYQXm_8G10-M02bgQcuqDJAI9DvT33OoxjgMzpAcoRh6OuGP0rMXuxrw3d3Goy4gCHGjicNwqm0tDKdBsayAKeu67JIw3mduim5oVAUCdk2e9Ht5qQWuzI-0ZAg0DnXG0rSsrWRLaiXuutfWP9rYn9yAief2mBRVZ-D9RKmeCIhDQFIBPz43EFTuftkZsHfvCu-cLreANK9RZxsirkYQpJ3s29LF5QmBR_Tbk_yWyJy7Ih3LLqJArFZ7ZbYSndp_5Q27dXhnzIhd6inr60yR1de2h21K3OR2AIA&sai=AMfl-YRv1JFfQ7S8Ab6iiQ3pYFMUMInkR6PzXG_f5mMoNqqh1wVt0EP39LDMAQ2A6Xe2dxCG0mpd0RB0bTjuF98CFULcRq1IBA1sLWCKkIowYWCbkz1tFuvEmiTxEyzt&sig=Cg0ArKJSzLp-0t8_D60gEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:53 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame BF5E 		40 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b6346ec755a2aac6af52cb1deb7ad54a1acffa3442a1a0d4de5245b12b881958
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
6650456182288346233
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
15182
x-xss-protection
0
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame BF5E 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
747
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 05:33:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:33:26 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame A293 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvpd2f5R6VlfXMlrPRvA2zNOez3saHrR9DqqNCrzuYnsgt5oXIdklcQtdbBWFeyBr7rShURIMng5eGsN3IP5MG8l7mQ_iuU2ubYmnOl5pPVXOU--bIaIC6CnOzS1GTW2AHP9K_lwBgpZikUx5Cqnk48HfxHrUGPVOFt8ooowiv3l9pNjmsXDQGGO0392hG_O82Lq6uYOX-ZHfX7ewRgs8F3S2d4oTfg7g15vJkGn-F0MvNpkCcsnlJ8LmBN_eI_27snlLPmCGJHetNOLPx0dL_TDPrG9SKetws5FnxmZkLqLutFIqLTglIQBXcJW4iOeRCp3qrNKB-21x1SMj7Jy2StF-CJW1zUH-daBL6FmrrD2nekFwRBsDbDGRMX0MPP-B2f_O43xiZLDLfmOyH0ZURlPpeDwafcsxIeY9C2Fn3EwO-LJPJb3FpP4yblz1JrSf0&sai=AMfl-YQDk8mhh2PhG5sbIVEbIZyJxVVIwCDRDsA_pav3232LIOzL73VrQDs1yjhgFc0uLmboW3vH6_RSweOZAevzik9gMotoL9tIhpmUHQ-smi2wvZGxuWW5Wtfq7fvG&sig=Cg0ArKJSzPaWFMNp0wiiEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:53 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame A293 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
32
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
5WG-IcNTbHw3XPi4liisIGHs3NKXFBELiC3sMxyDlB_VlS9B3eaqbA==
date
Wed, 26 Mar 2025 04:45:22 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame A293 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
747
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 05:33:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:33:26 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
renews-title1.png
re-news.tw/images/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://re-news.tw/images/renews-title1.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.26.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
175.26.160.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
public,max-age=3600
etag
W/"5fad-191b5b37a20"
age
8
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24493
date
Wed, 26 Mar 2025 04:45:45 GMT
last-modified
Tue, 03 Sep 2024 02:25:24 GMT
x-powered-by
Express
content-type
image/png
1742958487-ef22d3df746c5a878260701de6ad66d6-840x525.jpg
img.gbyhn.com.tw/2025/03/ 		94 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.gbyhn.com.tw/2025/03/1742958487-ef22d3df746c5a878260701de6ad66d6-840x525.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:961f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b049b025813709783b10448b65d383a83d3504b2975c1f829f0280f43c32249d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cf-cache-status
HIT
age
2446
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nxudfkxu7w2gn%2FklURxvEaGOCnQ645JLnNPJ0qHQmBFW7lbY7KRA8iiOXu%2Fe5DOCn5Eu3wEvyvTa8Y%2FiuhRFXB1lLGDCpMfKctquU%2BmwTzbvS6FIEquACNq0kBis3ZLiquE4bGYB09ucd%2FthXbpF"}],"group":"cf-nel","max_age":604800}
expires
Wed, 02 Apr 2025 03:14:15 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6643&min_rtt=3303&rtt_var=3343&sent=14&recv=10&lost=0&retrans=0&sent_bytes=4234&recv_bytes=5640&delivery_rate=174639&cwnd=12000&unsent_bytes=0&cid=2a0c832bbadac2a3&ts=38&x=1", cfExtPri, cfHdrFlush;dur=0
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
image/jpeg
last-modified
Wed, 26 Mar 2025 03:08:10 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
9264004bae0d43f4-EWR
accept-ranges
bytes
content-length
95810
x-turbo-charged-by
LiteSpeed
server
cloudflare
from_left__Amy_Tsui_Senior_Vice_President_Sales_Omnichat__Frances.jpg
mma.prnasia.com/media2/2649213/ 		62 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mma.prnasia.com/media2/2649213/from_left__Amy_Tsui_Senior_Vice_President_Sales_Omnichat__Frances.jpg?p=medium600
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6812:60e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
3413211169d59c913dd19db17bc1ae4c478443631a3a365feaad6cd2a7b5247e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
13516
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 26 Mar 2025 01:00:38 GMT
server-timing
intid;desc=5bb035f5009f2ff9
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
image/jpeg
last-modified
Wed, 26 Mar 2025 01:00:37 GMT
vary
*, Accept-Encoding
access-control-allow-headers
Content-Type
cache-control
public, max-age=1
cf-ray
9264004bbd5b2f06-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
63614
x-powered-by
ASP.NET
server
cloudflare
%E5%8F%B0%E7%81%A3-Pay-%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6%E8%88%87%E6%8C%87%E5%AE%9A%E9%80%9A%E8%B7%AF%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2020/10/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://creditcards.com.tw/wp-content/uploads/2020/10/%E5%8F%B0%E7%81%A3-Pay-%E9%AB%98%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1%E6%8E%A8%E8%96%A6%E8%88%87%E6%8C%87%E5%AE%9A%E9%80%9A%E8%B7%AF%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4-1080x630.jpg?crop=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
92f9f001e9f335dc3ba11338e516af016b641679e9195f7aeb9a753b05ee750a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
"251aef38d12d2b34"
x-content-type-options
nosniff
access-control-allow-methods
GET, HEAD
expires
Wed, 03 Mar 2027 02:56:22 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
image/webp
last-modified
Sun, 02 Mar 2025 14:56:22 GMT
vary
Accept
strict-transport-security
max-age=31536000
cache-control
public, max-age=63115200
timing-allow-origin
*
x-nc
HIT bur 7
access-control-allow-origin
*
content-length
66404
x-ac
2.jfk _atomic_dca HIT
server
nginx
2025032402565924.jpg
img.racingcharger.tw/wp-content/uploads/ 		152 KB
152 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.racingcharger.tw/wp-content/uploads/2025032402565924.jpg
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.1.220.9 , Taiwan, ASN131149 (YUANJHEN-AS-TW Yuan-Jhen Info., Co., Ltd, TW),
Reverse DNS
ph2.g-dns.com
Software
Apache /
Resource Hash
95634eb651772e9ecc489c8a2e12cccb71cd06089ae3f03f8dab3654ce669c8c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

accept-ranges
bytes
content-length
155748
date
Wed, 26 Mar 2025 04:45:54 GMT
last-modified
Mon, 24 Mar 2025 02:57:04 GMT
content-type
image/jpeg
server
Apache
1f449.png
s.w.org/images/core/emoji/15.0.3/72x72/ 		423 B
731 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/15.0.3/72x72/1f449.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=315360000
x-nc
HIT jfk 2
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
423
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
image/png
last-modified
Tue, 30 Jan 2024 01:21:05 GMT
server
nginx
x-frame-options
SAMEORIGIN
file.png
static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/ 		1010 KB
1011 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.wixstatic.com/media/9a254c_bd6ab9dc57c349009b5f1eedc6fb236d~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211c:5600:1e:5c56:d400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.27.1.1 /
Resource Hash
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-cf-id
1dPzgSCtl4wW5sR_JzJS9UES8e3q0uOVYQbHKVVpm50_H16ZmguD4Q==
cache-control
public, max-age=15552000, immutable
timing-allow-origin
*
age
3811733
via
1.1 google, 1.1 8df8d5dfeb782c83ceeb5679f78a9e4e.cloudfront.net (CloudFront)
x-wixmp-trace
projects/wix-media-infrastructure/traces/2spVhEK7hN7G4oknE9KNdNWC2Cu
access-control-allow-origin
*
x-seen-by
image-manipulator-79c6fd85fd-jw8kv
content-length
1033732
alt-svc
h3=":443"; ma=86400
date
Mon, 10 Feb 2025 01:57:00 GMT
content-type
image/png
x-cache
Hit from cloudfront
server
openresty/1.27.1.1
x-amz-cf-pop
JFK52-P4
%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
blog.alphaloan.co/wp-content/uploads/2021/04/ 		0
0
adsrv
onead.onevision.com.tw/v2/ 		177 B
466 B 		Script
General
Check archive.org
Download Go to
Full URL
https://onead.onevision.com.tw/v2/adsrv?version=20240208&uid=1000480&category=-1&cookie=true&ip=&guid=3309d0d1-09fd-11f0-9b1b-0242ac120002&channel=0&volume=0.5&r=&adid=&response_freq_multiple=native-drive.0&web_location=https%3A%2F%2Freurl.cc%2FXqAx30&title=Dynamics%20365%20Customer%20Voice&fp=04c6d3e15a52f9e0d5fe2d47f4a29cde&_t=1742964353877&cb=ONEAD_text_response_40sqt&pb=0&spid=&bgid=0
Requested by
Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/ad-serv.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
3126914235c96ad46f611498ff1be5890ff21979fe5a23d7ee349139552a693a

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
174228453
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
application/javascript
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-onead-guid
3309d0d1-09fd-11f0-9b1b-0242ac120002
access-control-allow-credentials
true
x-onead-message
browser_incompatible
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
177
x-onead-backend
onead-http-query-j6rn-gohttp
server
gws
x-powered-by
OneAD
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame BF5E 		185 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3243bbf7e0e6d60ec2df3f15b164251090626eac099bb25ddc6dce7520d1198e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
17356344702283717700
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:45:53 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
60756
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 95C4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:54 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame BF5E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:54 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 95C4 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3eb68d784662777b2df8d3273b7aec86744cb06d82a3f50251ed1b2b74a602a4

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame BF5E 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a5e5caf1959ecb84b0b65417beadb506ee682db45c1ea3d80d2098be5e6174e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame A293 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:54 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 95C4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:54 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame BF5E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:54 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
capmapping.htm
cdn.holmesmind.com/js/ Frame 7BAD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:a000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
28
content-length
12184
content-type
text/html
date
Wed, 26 Mar 2025 04:45:54 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 c723324ff3815a0e30df3eecba242152.cloudfront.net (CloudFront)
x-amz-cf-id
ltO7BSq5eno3KZgnoD8ejusjEhzTL1VTR9SdxdYKj-E0Y3aDjUuCow==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
truncated
/ Frame A293 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5e2eefea6928cd99a8d3866622791cdc04876e64aa7c376131b3b90bf6ddbf9d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
presetfn.js
cdn.holmesmind.com/js/ Frame 0F1F 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
6
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
uIzrT3dx3dWMw0jpjc4KbPjgliSmWN3tu9DkEfTOOVYaNxqa9Eov2w==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
gen_204
pagead2.googlesyndication.com/pagead/ Frame A293 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:54 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
show_ads_impl.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503240101/ Frame BF5E 		500 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503240101/show_ads_impl.js?bust=31091230
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
402a543f69f8ab5bbf3e2755788ad61981946c3f968a1b6b83a13c02fa689b34
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
1808098933319643878
age
9079
x-content-type-options
nosniff
expires
Wed, 09 Apr 2025 02:14:35 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 02:14:35 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
163386
x-xss-protection
0
server
cafe
vzn
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=OneDATA
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA
  • https://ups.analytics.yahoo.com/ups/58791/cms?partner_id=OneDATA&verify=true
  • https://onead.onevision.com.tw/v2/pixel/vzn?id=y-EBWCdyFE2p9uYEqsgrWAf0mCZJFz0Wi9z2w9aA--~A
170 B
202 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-EBWCdyFE2p9uYEqsgrWAf0mCZJFz0Wi9z2w9aA--~A
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
x-vendor
vzn
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
190842855
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
y-EBWCdyFE2p9uYEqsgrWAf0mCZJFz0Wi9z2w9aA--~A
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-xvr3-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

strict-transport-security
max-age=31536000
location
https://onead.onevision.com.tw/v2/pixel/vzn?id=y-EBWCdyFE2p9uYEqsgrWAf0mCZJFz0Wi9z2w9aA--~A
age
0
referrer-policy
no-referrer-when-downgrade
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/html
server
ATS
ltm
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
  • https://bcp.crwdcntrl.net/map/ct=y/c=15135/tp=ONEA/?https://onead.onevision.com.tw/v2/pixel/ltm?id=${profile_id}
  • https://onead.onevision.com.tw/v2/pixel/ltm?id=e0a726a458b8693316be6a8e64b7641c
170 B
202 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/ltm?id=e0a726a458b8693316be6a8e64b7641c
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
x-vendor
ltm
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
190776629
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
e0a726a458b8693316be6a8e64b7641c
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-xvr3-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

expires
0
cache-control
no-cache
location
https://onead.onevision.com.tw/v2/pixel/ltm?id=e0a726a458b8693316be6a8e64b7641c
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
0
date
Wed, 26 Mar 2025 04:45:54 GMT
pragma
no-cache
ttd
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1
  • https://onead.onevision.com.tw/v2/pixel/ttd?id=3188e852-08d4-40f1-ab2c-917d4fa90976
170 B
202 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onead.onevision.com.tw/v2/pixel/ttd?id=3188e852-08d4-40f1-ab2c-917d4fa90976
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Server
107.178.241.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-onead-version
61c8a0f6
x-vendor
ttd
age
0
access-control-allow-methods
GET,POST,OPTIONS,PUT
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-varnish
291308486
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
image/png
last-modified
Tue, 27 Oct 2020 13:57:49 GMT
x-vendor-client-id
3188e852-08d4-40f1-ab2c-917d4fa90976
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
x-status
okay
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
content-length
170
x-onead-backend
onead-http-event-8xrt-gohttp
server
gws
x-powered-by
OneAD

Redirect headers

location
https://onead.onevision.com.tw/v2/pixel/ttd?id=3188e852-08d4-40f1-ab2c-917d4fa90976
content-length
197
date
Wed, 26 Mar 2025 04:45:54 GMT
server
Kestrel
/
ps.eyeota.net/pixel/bounce/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=3m51m51&uid=3309d0d1-09fd-11f0-9b1b-0242ac120002&t=ajs
  • https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=3309d0d1-09fd-11f0-9b1b-0242ac120002&t=ajs
1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel/bounce/?pid=3m51m51&uid=3309d0d1-09fd-11f0-9b1b-0242ac120002&t=ajs
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
HTTP/1.1
Server
34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-192-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Content-Length
1228
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Wed, 26 Mar 2025 04:45:54 GMT
Content-Type
application/javascript

Redirect headers

Location
/pixel/bounce/?pid=3m51m51&uid=3309d0d1-09fd-11f0-9b1b-0242ac120002&t=ajs
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Wed, 26 Mar 2025 04:45:54 GMT
cm
trc.taboola.com/sg/onedata/1/ 		0
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/onedata/1/cm
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-fastly-to-nlb-rtt
1021
x-timer
S1742964354.261516,VS0,VE3
x-vcl-time-ms
3
via
1.1 varnish
accept-ranges
bytes
x-cache
MISS
content-length
0
date
Wed, 26 Mar 2025 04:45:54 GMT
x-service-version
v1
server
nginx
x-cache-hits
0
x-served-by
cache-lga21978-LGA
Preset.js
ad.holmesmind.com/adserver/ Frame 0F1F 		2 KB
795 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 0F1F 		30 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
1
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
Q_p2KoD7XOuAQyrBVWIz6jbXwZiy9qZQBlaPNcDehVbRWeA3ASwq7w==
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
view
securepubads.g.doubleclick.net/pcs/ Frame BF5E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst8_f7cKULE5AAuocJQLWaUqWaUn9g32B0dMpofYbUAXcpS7oCTgcygWYw_YsNgLnSqPapj7tCaWlJoScqWjvtOsfjy4HWRS5_gFaKFZ2jW2c1B4Po19u1GN4U5Dk37AJGDQhJIKYsQAex2kUd8xUJCxzNspvJ9Kdq7lTSkT4KogumBVG5eunVcv3pVRwjkyykB7oP6FBq-OW-m0FSItvKEurI8UaxD7vfrJEpnv51qgOBv5af5wUmyZoHcMvlmwyqnbDKSn63Ox2OqwlDhh-8A7MeR1v3QJJkp4lBD7q-DB6FxfqSx2IlTGfUfzMMy5SMnO7kKR9bgzRLiT14FVsnod4oTPJi6_9oplzRm9Pt_jOVY1RbtCpIyN25dxzmOml65W_tZoCMlQGeq1eYlW1BJds3ZErfWo1jXeHJQLasdxEcsXV8VLcYsKnKF&sai=AMfl-YT1YM_pEw6Pn5buXRJ7_tpWx9IE7VgseWZVmmU9RjxAK1ayR-jAKW721tIql3u_EY34VO7DjyUE_Y-SEhcktvlnD1Kin71reywKxJ4N-5MKJwZMvcTvzJseI3BO&sig=Cg0ArKJSzF946EtUAZxyEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:54 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:54 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20250324/r20190131/ Frame 2F80 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20250324/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503240101/show_ads_impl.js?bust=31091230
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

age
13138
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4228
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 01:06:56 GMT
etag
2080659458937595761
expires
Wed, 09 Apr 2025 01:06:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
adx.holmesmind.com/adx-file/20220715/ Frame 463A
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=2220942683&adf=776186313&pi=t.ma~as.2784%2F13803&w=300&lmt=174296435...
  • https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503240101/show_ads_impl.js?bust=31091230
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:a000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/XqAx30
Sec-Browsing-Topics
();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

age
7
content-type
application/xml
date
Wed, 26 Mar 2025 04:45:47 GMT
server
AmazonS3
via
1.1 c723324ff3815a0e30df3eecba242152.cloudfront.net (CloudFront)
x-amz-cf-id
Nvb6A8UFy60bUdqCbZc2lJT00WoMKszbvdf27MB0hUA7UI0fo4jf2w==
x-amz-cf-pop
JFK52-P2
x-cache
Error from cloudfront

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:54 GMT
location
https://adx.holmesmind.com/adx-file/20220715/DkKnrBdt5clw3Tnvnp9EqZncJzw4s090s3IZtsfB.html
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame BF5E 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250324&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503240101/show_ads_impl.js?bust=31091230
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cd76bd6be7366ec88b60a31b6509d94c6a7a9552ab812e0646f60c05813f9af1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13106
date
Wed, 26 Mar 2025 04:45:54 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame BF5E 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202503240101/show_ads_impl.js?bust=31091230
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
300vidtudu.com
fundingchoicesmessages.google.com/f/AGSKWxUBq0vqrcON52WCmovmcPY9LamG5ihcOVIsT1kqVvL-wJ04x4KViiatresIna9Lc5GWVmFt7ahigBsziOt77MHsY35SGhvyb3Roka48kcky5vPDdysejl2b13A9_zuWA43-0Qn00QNTFGsNfEfZJCpFS3l7s... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUBq0vqrcON52WCmovmcPY9LamG5ihcOVIsT1kqVvL-wJ04x4KViiatresIna9Lc5GWVmFt7ahigBsziOt77MHsY35SGhvyb3Roka48kcky5vPDdysejl2b13A9_zuWA43-0Qn00QNTFGsNfEfZJCpFS3l7s-cBNoT6ZLVxMwrtZWQvmMZ92vTcTFa9/_/adsecondary./webadserver.-300x100ad2./banners/300vidtudu.com
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d20dd38ed9ce2f98230cae5de9edc36f4e9f13a657ad80427a683323e8f4595
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-GtyAE6glKYT5_UbxFAfU7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjctDikmJw1JBiOHnrNtNFIG69eY51OhAbrT3P6gLEhgqXWJ2B-P66S6zPgfhD_WXWH0BcJHGFtQWIhXg4mnr79rMJnLi7spNJSSMpvzA-OT-vpCgzqbQkvygtOS21OLWoLLUo3sjAyNTA2MhYz8AsvsAQACNdMHY"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-GtyAE6glKYT5_UbxFAfU7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
lidar.js
pagead2.googlesyndication.com/pagead/js/ 		251 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5404d9af6d898dd5e915beef38d2b6183982e39a557694e0821cf17139760509
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
319788235636082801
age
670
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 05:34:44 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:34:44 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
80706
x-xss-protection
0
server
cafe
AGSKWxVNJwwoJIrzQh405fvI0NZR62pQyXX_CFKy7OSJxQyKRc8UYCzfcM_g2BtOcwMvnkWYZ5SIZXybd7-LAwN56-gvWy8tXcvoUInBGqOhCv5qngySGlr7HG8b16zwRq29u4WWurj6gg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVNJwwoJIrzQh405fvI0NZR62pQyXX_CFKy7OSJxQyKRc8UYCzfcM_g2BtOcwMvnkWYZ5SIZXybd7-LAwN56-gvWy8tXcvoUInBGqOhCv5qngySGlr7HG8b16zwRq29u4WWurj6gg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-X8u1RVcs2QZECuWblx7k3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw05Bi-FB_mfUHEAvxcDT19u1nE_ix68gEJiWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkamBsZKJnYBpfYAAAVd8kTA"
content-security-policy
script-src 'report-sample' 'nonce-X8u1RVcs2QZECuWblx7k3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 1DA9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
1010
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:29:04 GMT
expires
Wed, 26 Mar 2025 05:19:04 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 2232 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:54 GMT
expires
Wed, 26 Mar 2025 04:45:54 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
AGSKWxVNJwwoJIrzQh405fvI0NZR62pQyXX_CFKy7OSJxQyKRc8UYCzfcM_g2BtOcwMvnkWYZ5SIZXybd7-LAwN56-gvWy8tXcvoUInBGqOhCv5qngySGlr7HG8b16zwRq29u4WWurj6gg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVNJwwoJIrzQh405fvI0NZR62pQyXX_CFKy7OSJxQyKRc8UYCzfcM_g2BtOcwMvnkWYZ5SIZXybd7-LAwN56-gvWy8tXcvoUInBGqOhCv5qngySGlr7HG8b16zwRq29u4WWurj6gg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-53s_bUsQMvNFb-FqBEHlvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmJw0ZBi-FB_mfUHEAvxcDT19u1nE3iwcPUcJiWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkamBsZKJnYBpfYAAAQBwkBA"
content-security-policy
script-src 'report-sample' 'nonce-53s_bUsQMvNFb-FqBEHlvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxVNJwwoJIrzQh405fvI0NZR62pQyXX_CFKy7OSJxQyKRc8UYCzfcM_g2BtOcwMvnkWYZ5SIZXybd7-LAwN56-gvWy8tXcvoUInBGqOhCv5qngySGlr7HG8b16zwRq29u4WWurj6gg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVNJwwoJIrzQh405fvI0NZR62pQyXX_CFKy7OSJxQyKRc8UYCzfcM_g2BtOcwMvnkWYZ5SIZXybd7-LAwN56-gvWy8tXcvoUInBGqOhCv5qngySGlr7HG8b16zwRq29u4WWurj6gg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-m4_wvqLweLSk9xNTq3fZUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw05Bi-FB_mfUHEAvxcDT19u1nEzhxtWsDk5JLUn5hfHJ-XklqXoluYkqxLohdlJlUWpJfhMJOLQOpyMlPT8_MS483MjAyNTA2MtEzMI0vMAAASBMkHQ"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-m4_wvqLweLSk9xNTq3fZUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxVNJwwoJIrzQh405fvI0NZR62pQyXX_CFKy7OSJxQyKRc8UYCzfcM_g2BtOcwMvnkWYZ5SIZXybd7-LAwN56-gvWy8tXcvoUInBGqOhCv5qngySGlr7HG8b16zwRq29u4WWurj6gg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVNJwwoJIrzQh405fvI0NZR62pQyXX_CFKy7OSJxQyKRc8UYCzfcM_g2BtOcwMvnkWYZ5SIZXybd7-LAwN56-gvWy8tXcvoUInBGqOhCv5qngySGlr7HG8b16zwRq29u4WWurj6gg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ZcMqcY9wS6A5s8OXZKHb7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw1JBi-FB_mfUHEAvxcDT19u1nE1jw5sUGJiWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkamBsZKJnYBpfYAAAW-8kZQ"
content-security-policy
script-src 'report-sample' 'nonce-ZcMqcY9wS6A5s8OXZKHb7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
AGSKWxXTVlhlSgCSklvBh2jWY9E5btnWws0GM16Sq9e9e3OtA2hBNZk0BhLrWS44VJk78p7FPfGlfnkYYomo2oqKruZRfLT0Kr0jeKnPfq4QgYxnjvFbhk207HrEfEmxBhnr7w8fEl7DKQ==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXTVlhlSgCSklvBh2jWY9E5btnWws0GM16Sq9e9e3OtA2hBNZk0BhLrWS44VJk78p7FPfGlfnkYYomo2oqKruZRfLT0Kr0jeKnPfq4QgYxnjvFbhk207HrEfEmxBhnr7w8fEl7DKQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQyOTY0MzU0LDYxNDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLG51bGwsW1s4LCJkYUh6ekRVd0hHUSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7a536975ab3836722d889039bc5266311e5fa612112edaccc6575d75887b5025
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7Gl_DPseNSv43gXmah6_HQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw1JBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDiaevv2swlsmPBxE5OSRlJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalG8kYGRqYGxkbGegVl8gSEA9Aorcg"
content-security-policy
script-src 'report-sample' 'nonce-7Gl_DPseNSv43gXmah6_HQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
AGSKWxW_UH-nKTYYRV3bkgDQVOAPJVWO6T-m6XcoDuUdlviGN5mNLcpwST39wz3n2fjr_-A5L6BeAqmGxyo9VS5Zvq_78Qyrq0AS7GNJ90aDnQCAKoTqwifeg8HxYuCJUbX7SOtBU6lbqw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxW_UH-nKTYYRV3bkgDQVOAPJVWO6T-m6XcoDuUdlviGN5mNLcpwST39wz3n2fjr_-A5L6BeAqmGxyo9VS5Zvq_78Qyrq0AS7GNJ90aDnQCAKoTqwifeg8HxYuCJUbX7SOtBU6lbqw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.daHzzDUwHGQ.es5.O/d=1/rs=AJlcJMw0U3pAz_cITaWp4fDBnRc9ZevyHQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ZwteeSjK-FG4EeiWE5Oyuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmJw0JBi-FB_mfUHEAvxcDT19u1nE9jQuO4Uk5JLUn5hfHJ-XklqXoluYkqxLohdlJlUWpJfhMJOLQOpyMlPT8_MS483MjAyNTA2MtEzMI0vMAAANRcj4Q"
content-security-policy
script-src 'report-sample' 'nonce-ZwteeSjK-FG4EeiWE5Oyuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://reurl.cc
content-length
0
x-xss-protection
0
server
ESF
td_js_sdk_171.js
api.popin.cc/ Frame 95C4 		68 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.popin.cc/td_js_sdk_171.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Transfer-Encoding
chunked
X-Cache-Status
HIT from 10.252.55.25
Cache-Control
max-age=3600
Timing-Allow-Origin
*
Content-Encoding
gzip
ETag
W/"d7d7ebc58d77dc27a2c068acdf41021d"
Connection
keep-alive
Cross-Origin-Resource-Policy
cross-origin
Expires
Wed, 26 Mar 2025 05:45:54 GMT
Date
Wed, 26 Mar 2025 04:45:54 GMT
Last-Modified
Tue, 28 May 2024 09:22:02 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Server
nginx
x-amz-server-side-encryption
AES256
recommend
tw.popin.cc/popin_discovery/ Frame 95C4 		689 B
892 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tw.popin.cc/popin_discovery/recommend?mode=new&url=https%3A%2F%2Freurl.cc%2FXqAx30&&device=pc&media=reurl.cc&extra=windows&agency=popinag&topn=50&ad=10&r_category=all&country=tw&redirect=true&uid=52f68eea6cf2eac1bde1743000354875&info=eyJ1c2VyX3RkX29zIjoiV2luZG93cyIsInVzZXJfdGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsInVzZXJfdGRfYnJvd3NlciI6IkNocm9tZSIsInVzZXJfdGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidXNlcl90ZF9zY3JlZW4iOiIxNjAweDEyMDAiLCJ1c2VyX3RkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInVzZXJfdGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiIsInVzZXJfdGRfcmVmZXJyZXIiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInVzZXJfdGRfcGF0aCI6Ii9YcUF4MzAiLCJ1c2VyX3RkX2NoYXJzZXQiOiJ1dGYtOCIsInVzZXJfdGRfbGFuZ3VhZ2UiOiJlbi11cyIsInVzZXJfdGRfY29sb3IiOiIyNC1iaXQiLCJ1c2VyX3RkX3RpdGxlIjoiIiwidXNlcl90ZF91cmwiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInVzZXJfdGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ1c2VyX3RkX2hvc3QiOiJyZXVybC5jYyIsInVzZXJfZGV2aWNlIjoicGMiLCJ1c2VyX3RpbWUiOjE3NDI5NjQzNTQ4ODQsImZydWl0X2JveF9wb3NpdGlvbiI6IiIsImZydWl0X3N0eWxlIjoiIn0=&alg=ltr&uis=%7B%22ss_fl_pp%22%3Anull%2C%22ss_yh_tag%22%3Anull%2C%22ss_pub_pp%22%3Anull%2C%22ss_im_pp%22%3Anull%2C%22ss_im_id%22%3Anull%2C%22ss_gn_pp%22%3Anull%7D&callback=_p6_9e858d1f796a
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.189 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
53f98aba7750670f0dc7b13bbbb1a12ae29c1fd5b4c7b558ed43e5da984792f1

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-length
689
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
application/javascript;charset=UTF-8
server
nginx/1.13.5
cross-origin-resource-policy
cross-origin
track.js
ad.tagtoo.co/media/ad/ Frame 95C4 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.tagtoo.co/media/ad/track.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.12.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
34.12.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
80279f6baf172b794e35da391ac30711c57a3276abda4280d170920df9cca9b1

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type,Access-Control-Allow-Origin
content-encoding
gzip
x-goog-hash
crc32c=wTuGGA==, md5=5ROst+pHZlGo3jXf0Ga7EA==
etag
"e513acb7ea476651a8de35dfd066bb10"
age
2109
x-goog-stored-content-encoding
gzip
expires
Thu, 10 Apr 2025 04:10:45 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
1810
date
Wed, 26 Mar 2025 04:10:45 GMT
last-modified
Thu, 20 Mar 2025 09:18:49 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AKDAyIsTM_TNsOSrWhkh_bSKf7Q6G3SR6GJpFToPOK8yMAiZJaxPCON4xl51BGoiCf6rBdTmMmovQak
cache-control
public, max-age=1296000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1742462329152868
content-length
1810
server
UploadServer
tuec.js
uec.tagtoo.co/ Frame 95C4 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uec.tagtoo.co/tuec.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.150.21 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
21.150.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-goog-metageneration
1
content-encoding
gzip
x-goog-hash
crc32c=IxwxIw==, md5=L6Ez21DNgdh7j/uHKaarNQ==
etag
"2fa133db50cd81d87b8ffb8729a6ab35"
age
167
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
3770
date
Wed, 26 Mar 2025 04:43:07 GMT
last-modified
Tue, 12 Dec 2023 09:08:46 GMT
content-type
application/javascript
vary
Accept-Encoding
x-guploader-uploadid
AKDAyIuKEutceKvcO1ifwc5pMfCqMpxauAhDIGwPWa4UQd2LybI-xirxZ9ukppgoM-IvI-Bp
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
accept-ranges
bytes
x-goog-generation
1702372126688115
content-length
3770
server
UploadServer
utag.js
t.ssp.hinet.net/ Frame 95C4 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 26 Mar 2025 04:55:55 GMT
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
popin_discovery5-min.js
api.popin.cc/ Frame 95C4 		156 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.popin.cc/popin_discovery5-min.js
Requested by
Host: api.popin.cc
URL: https://api.popin.cc/searchbox/cf_reurl_tw_gam.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
46e977bd2e693545c10424af0ca8ae2061ce096d8e5658d997fa9ca60471e26d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Content-Encoding
gzip
ETag
W/"51910bb1cd9873a17caea8588a900e56"
x-amz-version-id
MCe3oXQalSYt2eLBNz01lVj92TQAzYxl
Expires
Wed, 26 Mar 2025 05:45:55 GMT
Date
Wed, 26 Mar 2025 04:45:55 GMT
Last-Modified
Mon, 24 Mar 2025 06:26:46 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Transfer-Encoding
chunked
X-Cache-Status
HIT from 10.252.55.25
x-amz-replication-status
PENDING
Cache-Control
max-age=3600
Timing-Allow-Origin
*
Connection
keep-alive
Cross-Origin-Resource-Policy
cross-origin
Server
nginx
x-amz-server-side-encryption
AES256
discoverylogs
log.popin.cc/log/popin_media/ Frame 95C4 		66 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNCwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJsb2MiOiJodHRwczovL3JldXJsLmNjL1hxQXgzMCIsInRkX29zIjoiV2luZG93cyIsInRkX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBIZWFkbGVzc0Nocm9tZS84OC4wLjQzMjQuMTkwIFNhZmFyaS81MzcuMzYiLCJ0ZF9vc192ZXJzaW9uIjoiMTAuMC4wIiwidGRfYnJvd3NlciI6IkNocm9tZSIsInRkX2Jyb3dzZXJfdmVyc2lvbiI6Ijg4LjAuNDMyNCJ9&t=1742964354889
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
"5c12092b-42"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
66
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/jpeg
last-modified
Thu, 13 Dec 2018 07:24:27 GMT
server
nginx/1.13.5
discoverylogs
log.popin.cc/log/popin_media/ Frame 95C4 		66 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjowLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ1aWQiOiI1MmY2OGVlYTZjZjJlYWMxYmRlMTc0MzAwMDM1NDg3NSIsInRkX3RpdGxlIjoiIiwiZXh0cmEiOiIiLCJpbnRlcmFjdGlvbl9udW1iZXIiOjAsInBvcGluX3ZlcnNpb24iOjYsInRkX29zIjoiV2luZG93cyIsInRkX29zX3ZlcnNpb24iOiIxMC4wLjAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzg4LjAuNDMyNC4xOTAgU2FmYXJpLzUzNy4zNiJ9&t=1742964354895
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
"5c12092b-42"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
66
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/jpeg
last-modified
Thu, 13 Dec 2018 07:24:27 GMT
server
nginx/1.13.5
ads.js
ad.holmesmind.com/adserver/ Frame 0F1F 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=894&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
14d2fa7897b338f81c62614b8e09f853dd63465b3b3171907d8dd77a9ba5f610

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame 0F1F 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
e0F0DekACotK8qXPkHo2IeuSAjVtOwXLCgoqJI0jV9k_xqvhZ3sCxw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame 0F1F 		130 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-2072d"
cross-origin-resource-policy
cross-origin
expires
Thu, 27 Mar 2025 04:45:54 GMT
access-control-allow-origin
*
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
criteoV2.js
cdn.holmesmind.com/js/ Frame 0F1F 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
hXaVyjNdrFJm4GqlIR5AkrsqrAA_Ed4Q0mzSlXHBcKGCllT8NUEMnw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame 0F1F 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
21RPJz8JWySchjl3hZ8i3cADYuJ7Y5os7enczqw1-I8uZDhwwDIRLA==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appierV2.js
cdn.holmesmind.com/js/ Frame 0F1F 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag
"21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3446
x-amz-cf-id
SUa2IphNZJ8Qq7PsOOkOEbsvaDQt6OO0x4Pc3bVoDiC8V9pXmnXC8g==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 14 Dec 2023 06:52:43 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame 0F1F 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
5467
x-amz-cf-id
7XW52p_rHKSanTnlbh7A0FRpvSNyBErSssA-_7I0Uka_w4e6cS4D6A==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame 0F1F 		0
171 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
3600
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:55 GMT
vary
Origin
access-control-allow-credentials
true
access-control-allow-methods
POST
bid
ad2.apx.appier.net/v1/prebid/ Frame 0F1F
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=YfEB1k4dD0KyOse6g4bjZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=YfEB1k4dD0KyOse6g4bjZw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=YfEB1k4dD0KyOse6g4bjZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 26 Mar 2025 04:45:55 GMT
Server
nginx
prebid.aspx
prebid.scupio.com/recweb/ Frame 0F1F 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.41063699365523254
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
210-59-219-34.hinet-ip.hinet.net
Software
Kestrel /
Resource Hash
07fea18d054cafaccff84617e773becd6b1a931be70a84dfe3d684a354401d16

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Origin
https://reurl.cc
Date
Wed, 26 Mar 2025 04:45:55 GMT
Server
Kestrel
Access-Control-Allow-Credentials
true
bid
ad2.apx.appier.net/v1/prebid/ Frame 0F1F
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=t1IzbKFYD9WrKmvwg4bjZw
2 B
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=t1IzbKFYD9WrKmvwg4bjZw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=t1IzbKFYD9WrKmvwg4bjZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 26 Mar 2025 04:45:55 GMT
Server
nginx
cdb
bidder.criteo.com/ Frame 0F1F 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=86000102695
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:54 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
0.js
ecs.tagtoo.co/js/ Frame 95C4 		201 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecs.tagtoo.co/js/0.js
Requested by
Host: ad.tagtoo.co
URL: https://ad.tagtoo.co/media/ad/track.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.218.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.218.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type, Access-Control-Allow-Origin
content-encoding
gzip
x-goog-hash
crc32c=2mAcSQ==, md5=ijKbxOP20q6Aq4WlmoGeCA==
etag
"8a329bc4e3f6d2ae80ab85a59a819e08"
age
583
x-goog-stored-content-encoding
gzip
expires
Wed, 26 Mar 2025 06:06:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
56322
date
Wed, 26 Mar 2025 04:36:11 GMT
last-modified
Fri, 14 Feb 2025 14:16:26 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AKDAyIv4sHALqZT9-Gt-Isp3RiEa1zxQZg8zOVR5ZtP1qIQ_UWieVZGsTC3wuo3p5GKSFUhb
cache-control
public, max-age=5400
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1739542586669957
content-length
56322
server
UploadServer
/
www.facebook.com/tr/ Frame 95C4 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?eid=1742964355015&id=404012299753340&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FXqAx30&rl=https%3A%2F%2Freurl.cc%2FXqAx30&if=true&ts=1742964355014&sw=1600&sh=1200&v=2.9.44&r=stable&fbp=fb.1.1742964352838.440344226671414603&it=1742964355006&rqm=GET
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=26, mss=1232, tbw=8653, tp=20, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
events
bidder.criteo.com/csm/ Frame 0F1F 		0
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:54 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
pixel.gif
static.criteo.net/images/ Frame 0F1F 		43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
pixel.gif
static.criteo.net/images/ Frame 0F1F 		43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
utag.js
t.ssp.hinet.net/ Frame 0F1F 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 26 Mar 2025 04:55:55 GMT
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
drawV2.js
cdn.holmesmind.com/js/ Frame 0F1F 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=894&o=1&fc=undefined&d=1&b=2&ts=1&ii=2&FPCK=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
KUJwMgO-BAogKv0pa2MSPPjWhna0niwdELh_o_egFXqp-fI6qTwWVw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
activeview
pagead2.googlesyndication.com/pcs/ Frame BF5E 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv3lSQ8YoPy2WgDzOMamopXsjxAJaqxYdDQtRMhmfJbvfdHFaIHd6LhC7jAZ5zilDARA-8LXwmTPGLv7_wG1vN8Gy2WwelBivWNB1Ecg_yGwR8mb6Jdjqh9ycCWRZdm5bjwPAhI4CuwDFpVld5tMR5LFCI675GtxIrx-Yq26jfLOhU&sig=Cg0ArKJSzCvUkavO9h4hEAE&id=lidar2&mcvt=1000&p=172,270,422,570&tm=1327.3999977111816&tu=327.29999923706055&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=827794272&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3889715400&rst=1742964353763&rpt=617&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 26 Mar 2025 04:45:55 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
sodar
ep1.adtrafficquality.google/pagead/ Frame BF5E 		0
0
/
t.ssp.hinet.net/ Frame 95C4 		36 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
62ee27c16b5eb486b975d2ee8bb1e4eb4199b2e23e398847010465859f3ed7de
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
/
t.ssp.hinet.net/ Frame 0F1F 		36 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
62ee27c16b5eb486b975d2ee8bb1e4eb4199b2e23e398847010465859f3ed7de
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
discoverylogs
log.popin.cc/log/popin_media/ Frame 95C4 		66 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjoyLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6InJldXJsLmNjIiwidXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ1aWQiOiI1MmY2OGVlYTZjZjJlYWMxYmRlMTc0MzAwMDM1NDg3NSIsInRkX3ZlcnNpb24iOiIxLjcuMSIsInRkX2NsaWVudF9pZCI6IjEwYTBkNThhLTNkOWQtNGZlNS1iODUyLWUyNWE5YWY5NTVmYSIsInRkX2NoYXJzZXQiOiJ1dGYtOCIsInRkX2xhbmd1YWdlIjoiZW4tdXMiLCJ0ZF9jb2xvciI6IjI0LWJpdCIsInRkX3NjcmVlbiI6IjE2MDB4MTIwMCIsInRkX3ZpZXdwb3J0IjoiMzAweDI1MCIsInRkX3RpdGxlIjoiIiwidGRfdXJsIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ0ZF91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgSGVhZGxlc3NDaHJvbWUvODguMC40MzI0LjE5MCBTYWZhcmkvNTM3LjM2IiwidGRfcGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0ZF9ob3N0IjoicmV1cmwuY2MiLCJ0ZF9wYXRoIjoiL1hxQXgzMCIsInRkX3JlZmVycmVyIjoiaHR0cHM6Ly9yZXVybC5jYy9YcUF4MzAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiODguMC40MzI0IiwidGRfb3MiOiJXaW5kb3dzIiwidGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsImNsaWVudF9pZCI6IjEwYTBkNThhLTNkOWQtNGZlNS1iODUyLWUyNWE5YWY5NTVmYSIsImV4dHJhIjoiIiwiaW50ZXJhY3Rpb25fbnVtYmVyIjowLCJwb3Bpbl92ZXJzaW9uIjo2fQ==&t=1742964355551
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx/1.13.5 /
Resource Hash
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
"5c12092b-42"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
66
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/jpeg
last-modified
Thu, 13 Dec 2018 07:24:27 GMT
server
nginx/1.13.5
log.gif
r.popin.cc/ Frame 95C4 		35 B
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.popin.cc/log.gif?type=related-tw&uid=52f68eea6cf2eac1bde1743000354875&url=https%3A%2F%2Freurl.cc%2FXqAx30&t=1742964355554
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.63.198.188 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

etag
"6142ee5a-23"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
35
date
Wed, 26 Mar 2025 04:45:56 GMT
content-type
image/gif
last-modified
Thu, 16 Sep 2021 07:12:26 GMT
server
nginx
emome2
t.ssp.hinet.net/ Frame 95C4 		30 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/emome2?u=f998a36e-3b10-4c5a-954d-db1c5f368129
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
application/json
vary
Accept-Encoding, Origin
server
nginx
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame DBD1 		105 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
98a13a8195bb791392a727d3dde6b0936e7a2f41f42f9ee5c9bf2b08f0d64865
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
892 / 20173 / m202503200101 / config-hash: 2851412147286529057
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33491
x-xss-protection
0
server
cafe
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/ Frame DBD1 		525 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
13877525710090312892
age
3739
x-content-type-options
nosniff
expires
Thu, 26 Mar 2026 03:43:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 03:43:33 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168748
x-xss-protection
0
server
cafe
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/ Frame DBD1 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/gpt
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6101005619b1d8a0e6d234dc41330613febb164b982205854bf7416cff6d43fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
6539103362049255065
age
53037
x-content-type-options
nosniff
expires
Tue, 01 Apr 2025 14:01:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 25 Mar 2025 14:01:55 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23391
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503250101"
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 49B5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
1496
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28858
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:20:57 GMT
expires
Wed, 26 Mar 2025 05:10:57 GMT
last-modified
Mon, 24 Mar 2025 19:44:53 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame DBD1 		18 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503200101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ad2326b2b2d6e061b8ea119edf28b19c65ad2c65d9152fd264ec275de5b314b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
14203
date
Wed, 26 Mar 2025 04:45:56 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ Frame DBD1 		36 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4024604042641449&correlator=1377998822323788&eid=31090594%2C83321072%2C31086809&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=3758817455&sfv=1-0-41&sc=1&cookie=ID%3D9108f7a39ce1675e%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_Ma1vtvH_qGID4i43UgxWrqZMYZaiA&gpic=UID%3D000010865d546cc2%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_MbJzFAlJ_dU68Fv2n-hxS2M1_H73Q&abxe=1&dt=1742964356025&lmt=1742964356&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=g234t1anm97t&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=3&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742964355738&idt=88&adks=3360245792&frm=23&eo_id_str=ID%3Df38574e2354de41a%3AT%3D1742964353%3ART%3D1742964353%3AS%3DAA-AfjaN4W0L-6umPS0BXG150rCT&td=1&egid=13855&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
22eec5c833074c7607ab8c43037581b847cedd1be64945129de63e3c1468f1f1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
dcb
google-lineitem-id
6499556608
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:56 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138462658495
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
7942
x-xss-protection
0
server
cafe
container.html
384abc650096ad08a42011c65298f066.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 4CF8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://384abc650096ad08a42011c65298f066.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:56 GMT
expires
Wed, 26 Mar 2025 04:45:56 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cm
t.ssp.hinet.net/ Frame 95C4 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=f3244e&cid=52f68eea6cf2eac1bde1743000354875&mp=f998a36e-3b10-4c5a-954d-db1c5f368129
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:56 GMT
content-type
image/png
vary
Origin
server
nginx
pixel
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/ Frame 95C4 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/pixel?bd=f998a36e-3b10-4c5a-954d-db1c5f368129&t=f3244e&referrer=https%3A%2F%2Freurl.cc%2FXqAx30
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Wed, 26 Mar 2025 04:45:56 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
cm
t.ssp.hinet.net/ Frame 0F1F 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&mp=f998a36e-3b10-4c5a-954d-db1c5f368129
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:56 GMT
content-type
image/png
vary
Origin
server
nginx
pixel
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/ Frame 0F1F 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/pixel?bd=f998a36e-3b10-4c5a-954d-db1c5f368129&t=50ef57&referrer=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Wed, 26 Mar 2025 04:45:56 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame DBD1 		18 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame ACF1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
1010
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:29:04 GMT
expires
Wed, 26 Mar 2025 05:19:04 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 9A2F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:54 GMT
expires
Wed, 26 Mar 2025 04:45:54 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 1351 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuo3b06F8bBObo9-5hGWjPAhc7uCdLcGf-k8iu7sSq3wDR_a92uFEVNp5x8JIqOzygClny4Jzfhy7mHaediCseoZHFC-f5nVdzqlyjVB_MmD5XCq98NkcAkBr-gY0JvdBx3HkSeKap1xXbgINzOU7d_kCEvRC7Zf6WkExEQptM8Z8oBPhcp_fFBOzIg_cAYu-E6M5l43ZSFIMawid5M4QhUI_lkWBd50XoZMQMUJL_iMiLTKDx4HK1EcESO59kwkPYPULUgyBBzYAk1zo_PRo1-LMCA2Z6LDQTXP09o1eUfs3exL1oY3dWzJFGjIHD8yulMl186NkdPf_YEs_wZrknY4H81bZCzjZO_PXfXQiUvsOp4ySGNODAkL6ZiuYneXIKD3jO6pJXtUtBPqorTlYCXkUPvA8oeeVFc4sONCTRXxw8I2hkLy1mOiG2RPG6VKintF--X3Xyj4Q&sai=AMfl-YTkUz-4Y_LV4bO2_m4Q5Zw01SeAOJ9IyCywJgsuVaEbB5G0vMOmMNkNPluWwmkm4k8aDLBS_7mV1fOWZEA33QtN78-Sqy5xC-ACrXk62H5i6q3c0dMSK3tDaQTe&sig=Cg0ArKJSzNLLy5qDS3zFEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame 1351 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
32
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
5WG-IcNTbHw3XPi4liisIGHs3NKXFBELiC3sMxyDlB_VlS9B3eaqbA==
date
Wed, 26 Mar 2025 04:45:22 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 1351 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
747
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 05:33:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:33:26 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
capmapping.htm
cdn.holmesmind.com/js/ Frame 8635 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:a000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
30
content-length
12184
content-type
text/html
date
Wed, 26 Mar 2025 04:45:54 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 c723324ff3815a0e30df3eecba242152.cloudfront.net (CloudFront)
x-amz-cf-id
h5412ax4AWQL5CDDktjDeiUZ8ojGx3ObBocuPA2Eph-IMP5OcbvaIQ==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame C2FF 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
6
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
uIzrT3dx3dWMw0jpjc4KbPjgliSmWN3tu9DkEfTOOVYaNxqa9Eov2w==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1351 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 1351 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bfe64a3cc6ae4020cab7a46d4731bf06c867e0b623cffd3efd2f83d92dd1b817

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1351 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
Preset.js
ad.holmesmind.com/adserver/ Frame C2FF 		2 KB
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 26 Mar 2025 04:45:56 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame C2FF 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
1
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
Q_p2KoD7XOuAQyrBVWIz6jbXwZiy9qZQBlaPNcDehVbRWeA3ASwq7w==
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ads.js
ad.holmesmind.com/adserver/ Frame C2FF 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=150&o=1&fc=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&d=1&b=2&ts=1&ii=2&FPCK=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
3813fd6bb42f82082cc93bb2b08f680528281f0700c4e2d34c9eba1ad660b42a

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 26 Mar 2025 04:45:56 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame C2FF 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
e0F0DekACotK8qXPkHo2IeuSAjVtOwXLCgoqJI0jV9k_xqvhZ3sCxw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame C2FF 		130 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-2072d"
cross-origin-resource-policy
cross-origin
expires
Thu, 27 Mar 2025 04:45:54 GMT
access-control-allow-origin
*
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
criteoV2.js
cdn.holmesmind.com/js/ Frame C2FF 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
hXaVyjNdrFJm4GqlIR5AkrsqrAA_Ed4Q0mzSlXHBcKGCllT8NUEMnw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame C2FF 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
21RPJz8JWySchjl3hZ8i3cADYuJ7Y5os7enczqw1-I8uZDhwwDIRLA==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appierV2.js
cdn.holmesmind.com/js/ Frame C2FF 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag
"21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3446
x-amz-cf-id
SUa2IphNZJ8Qq7PsOOkOEbsvaDQt6OO0x4Pc3bVoDiC8V9pXmnXC8g==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 14 Dec 2023 06:52:43 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame C2FF 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
5467
x-amz-cf-id
7XW52p_rHKSanTnlbh7A0FRpvSNyBErSssA-_7I0Uka_w4e6cS4D6A==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame C2FF 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
3600
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:56 GMT
vary
Origin
access-control-allow-credentials
true
access-control-allow-methods
POST
prebid.aspx
prebid.scupio.com/recweb/ Frame C2FF 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.11913505708271965
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
210-59-219-34.hinet-ip.hinet.net
Software
Kestrel /
Resource Hash
17df6563dd7eca74af924668cc8021f1f97c2f86042e9b646f77eb7a68a07037

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Origin
https://reurl.cc
Date
Wed, 26 Mar 2025 04:45:56 GMT
Server
Kestrel
Access-Control-Allow-Credentials
true
bid
ad2.apx.appier.net/v1/prebid/ Frame C2FF
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=oRX_7D33ADG_JsXchIbjZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=oRX_7D33ADG_JsXchIbjZw
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 26 Mar 2025 04:45:57 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=oRX_7D33ADG_JsXchIbjZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 26 Mar 2025 04:45:56 GMT
Server
nginx
bid
ad2.apx.appier.net/v1/prebid/ Frame C2FF
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=S7IUMEc9ABqsoKM_hIbjZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=S7IUMEc9ABqsoKM_hIbjZw
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 26 Mar 2025 04:45:57 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=S7IUMEc9ABqsoKM_hIbjZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 26 Mar 2025 04:45:56 GMT
Server
nginx
cdb
bidder.criteo.com/ Frame C2FF 		0
186 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=58853904024
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:55 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
utag.js
t.ssp.hinet.net/ Frame C2FF 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 26 Mar 2025 04:55:55 GMT
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
/
t.ssp.hinet.net/ Frame C2FF 		36 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
62ee27c16b5eb486b975d2ee8bb1e4eb4199b2e23e398847010465859f3ed7de
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:56 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
drawV2.js
cdn.holmesmind.com/js/ Frame C2FF 		13 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=150&o=1&fc=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&d=1&b=2&ts=1&ii=2&FPCK=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
KUJwMgO-BAogKv0pa2MSPPjWhna0niwdELh_o_egFXqp-fI6qTwWVw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
events
bidder.criteo.com/csm/ Frame C2FF 		0
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:55 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
pixel.gif
static.criteo.net/images/ Frame C2FF 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
pixel.gif
static.criteo.net/images/ Frame C2FF 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
view
securepubads.g.doubleclick.net/pcs/ Frame 95C4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu07FyW8rDeSW9a4WOfL6PAgRd_-CTrPu0sy6z2N2SQP7PONy4SIpot-lQ8ioaHfJyZJ2F05XZAWAaGz4ZDv3TkmfFvVyn_6Bw3ispDSY9dv7ez8b15Z1H2ZqsvTo0D-lWXhtDBdRITLAU1nyHugJCtZBFvyXTzYU73hQoGsi1D0UKpZdU90agOVRKzT-BpbYwPLh5i4qO-K5d-ymoCraWf4-QWAXN0_z-jSzWB-RTLMRgX51YsNYdfExj7lClHgTBjh54UsXUe0oL8nYQhuPCQ1w41BWgaTOyY-6mdKVlYBeSKqXYeMAHb7lgR-7K2WtYDz-xeg41dAxHHLyCTWJvWHrJbX9phQkXbSeLyybsNunNh8n3Btpr31IFGBnapnoxCbY7o-WXrWMvbrRu1DNl2crcdyu3Dw8aeoY5Rwf_2S4EybNV6xr-9nf1P&sai=AMfl-YQCuMmlJxonLt85_S4-VqCHvEXHnK_Pr9RbRmJXsakLWeFhxnst80_Gd-4RVYVFFnPZWmoW9uawSZAXAPmxu5SOtFHCZbhj7eEmSchIu8pYShhyl25VEq0q72Gc&sig=Cg0ArKJSzJQNPIxGnXasEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:56 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 1351 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv6tn5VZQPw_pfAqozCtWFc-7jIdWxF8AEOL7Fe0h4edJ3B6GvhTRf89wdCbGCEufCJ3KPsL9ygbZCPjDCHVQg4oC_IiGvYIt4ITsNdlLD-MN9VZFtHd3Dh2grmPnZcOG50A7wDuT4YbonaWoGtSBJ_TfllOODkkIOBCcfBTisyc_YhUKM-g044AJO7tOnuwKEYRMO_W1grNFQgx4XVAftUWfJROUepNJ8MjLHQwqE_p8e4YS0na-4dN4CLOCNjUyUc1VcoQd3lWmAO6pVxxoiWFkFG5z7uhp3C02Hzg1q66zGmp4ZQ1FgioYIQwLvtVkxyjfIW_IZgLkEuKUUgBgl1oas99gNqQVMIuAmtKu7yoQQCgHAir4P6XXVFE9hgjiMIGCC77CzxfpmmXnKVU1ZZ9eHdnJcN6RIN514K5EBDcfm8-PvE0sznkAdgIU7i_7O_f_rtgKC8Mxc0&sai=AMfl-YQPHRN7yzwtBNlSqW_SEIgMU2aVStXdIBOqk2Qv9EUwPDCMamkUNywzvIZN7iPqWpun1KxPjlvqF6pY5CiwRx4hv-3nKmNDi0jCTnaMQpYIA_JXSXu1LJapaliQ&sig=Cg0ArKJSzHvnciyOR1IPEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:56 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame A293 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudNcknAL68Shts5LyDEF4FV09Yyv10TeUhLOOrq5lh6PvnPSKOXQEtM8F5JCuebAdyOe2DbF1QA5ag-LSKOVuDgbVZVR5cZ43cpv6Q1-7rAFhMKjkcSsqK8YMHEodX07JJrcbqA_kzUsjetJSSTqVJOwWfRRE5NfX7qVe6f-KMLMCZEa__ZTgdn-zf0skf-qTcyqYLClZKywXh93jX--mxC47svXG8CO6vqp8C39kG3GaljR253HCk0h-jaWbOeqYgxQTaTrToeaqYodSlQvM2DAf7d1Bxf9YIOxySBLkmZKVljnPgSPSUtLeA1VeHz99tg0yeOMuqtK888kEkgFLmXFXADWpnoujsAA0cQDZKVErrkiv0L5BbZjn9RbPyjNPuLwg5JzrOE6lpNbHbAv9PZ3BE-Z2D8CP8Ad15TXvI1dJEvCBJ8sW8P3fpfdhW6HZFZg&sai=AMfl-YQ-BOnpoxv6RjfRzMAYx672urAqt6X5QOP1BddRiPAdLmbpZ-06GxQUM7o-sEQ_xv9jPxnY220fYED2p9tYN2HXE7aaxrCwffN5RdMqtPVcIcf44gRDAUDaMRX8&sig=Cg0ArKJSzMSonsu043lIEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:56 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
sodar
ep1.adtrafficquality.google/getconfig/ 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503200101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cc423800fc99b73cfff97ecd01a962b6ee2d6839b4c581b731413b5dac886075
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13011
date
Wed, 26 Mar 2025 04:45:56 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
customervoice.ico
cdn.forms.office.net/forms/images/customervoice/ 		4 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/images/customervoice/customervoice.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:41::17db:2464 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
0fd813bae48835570858a2508d9c29900b8a4cddebff4a250e79ad12f8acbdcb

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-md5
7is1f6X7ppryOBaOOhon4Q==
access-control-expose-headers
x-ms-request-id,x-ms-version
cache-control
max-age=31536000
x-ms-version
2018-03-28
etag
"0x8DD199EDABF3C9B"
timing-allow-origin
*
x-ms-request-id
6587dc09-901e-0029-3e92-4b6945000000
expires
Thu, 26 Mar 2026 04:45:56 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
4286
date
Wed, 26 Mar 2025 04:45:56 GMT
content-type
image/x-icon
last-modified
Wed, 11 Dec 2024 04:47:02 GMT
server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
sodar2.js
ep2.adtrafficquality.google/sodar/ 		18 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame AFAA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
1010
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:29:04 GMT
expires
Wed, 26 Mar 2025 05:19:04 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame CBA4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:54 GMT
expires
Wed, 26 Mar 2025 04:45:54 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/pagead/ Frame DBD1 		0
0
cm
t.ssp.hinet.net/ Frame C2FF 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&mp=f998a36e-3b10-4c5a-954d-db1c5f368129
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:57 GMT
content-type
image/png
vary
Origin
server
nginx
pixel
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/ Frame C2FF 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/pixel?bd=f998a36e-3b10-4c5a-954d-db1c5f368129&t=50ef57&referrer=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Wed, 26 Mar 2025 04:45:57 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame D75A 		105 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
98a13a8195bb791392a727d3dde6b0936e7a2f41f42f9ee5c9bf2b08f0d64865
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
892 / 20173 / m202503200101 / config-hash: 2851412147286529057
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33491
x-xss-protection
0
server
cafe
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/ Frame D75A 		525 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
13877525710090312892
age
3739
x-content-type-options
nosniff
expires
Thu, 26 Mar 2026 03:43:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 03:43:33 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168748
x-xss-protection
0
server
cafe
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 82CC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
1496
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28858
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:20:57 GMT
expires
Wed, 26 Mar 2025 05:10:57 GMT
last-modified
Mon, 24 Mar 2025 19:44:53 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame D75A 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503200101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
151cda739f53c7a8fa322793629b43ca8e74497e9614774913715f0176a0b400
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13043
date
Wed, 26 Mar 2025 04:45:57 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ Frame D75A 		36 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2231713751368322&correlator=3631062617058115&eid=31091040%2C31085776%2C83321072%2C31086809&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=2044026223&sfv=1-0-41&sc=1&cookie=ID%3D9108f7a39ce1675e%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_Ma1vtvH_qGID4i43UgxWrqZMYZaiA&gpic=UID%3D000010865d546cc2%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_MbJzFAlJ_dU68Fv2n-hxS2M1_H73Q&abxe=1&dt=1742964357429&lmt=1742964357&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=opvnzziki42n&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=6&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742964357354&idt=30&adks=3360245792&frm=23&eo_id_str=ID%3Df38574e2354de41a%3AT%3D1742964353%3ART%3D1742964353%3AS%3DAA-AfjaN4W0L-6umPS0BXG150rCT&td=1&egid=13855&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2fe6033698794c25dc25b08e9d15089d5514b0994f5068ada9887b48db62e341
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
dcb
google-lineitem-id
6499556608
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:57 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138462658495
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
7915
x-xss-protection
0
server
cafe
container.html
5f708138ab692b83bdfd3dee094b1421.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame A939 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://5f708138ab692b83bdfd3dee094b1421.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=6
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:57 GMT
expires
Wed, 26 Mar 2025 04:45:57 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/ Frame D75A 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/gpt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6101005619b1d8a0e6d234dc41330613febb164b982205854bf7416cff6d43fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
6539103362049255065
age
53037
x-content-type-options
nosniff
expires
Tue, 01 Apr 2025 14:01:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 25 Mar 2025 14:01:55 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23391
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503250101"
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame D75A 		18 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 1E53 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
1010
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:29:04 GMT
expires
Wed, 26 Mar 2025 05:19:04 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame A385 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:54 GMT
expires
Wed, 26 Mar 2025 04:45:54 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame AA60 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvsWxdPImBZBddN1pGIjYaTjx8oBOhKHYCew--F8DEIPTrYqSjzN-eyvC5Ja5V1rhQcqLAe9hN3YBLgMFwHKbHJWNUxLiCXUrRE7hXrO9FIfr6oE-TwWs5JNJdffFnOdJFdgU40bf4mpS-5xehZ-bcac7zsx4sCcK87EhjjKWWnbXjVmqVc1AQYvGNkMmybSjPSIysVdOFSs1JBuCjI6vF1fbG8jBTNsMLLXY6WbTzCeiJZj5SRrjz2p63iytEzrBQ5d1PUhgCFcJx8XVLjMseQjlWpQqAQWG8XEbypEBEhcFrfm5cBagLLyeXE3yYtW2gO1oFF1Sv-zMdte7NUVQn8f3oYNAok9f_twpMz1XW7tnZIkUlR1AdWCNqBMEyi4jhYlGS8zkKbgMI9N7gVrcMFKAbK-8KU8CPBC_ebqp8HBcD3KDoHJzSihtBGF486Eo8n2zjEPgTwWg&sai=AMfl-YSB0m1R11g9sSttwAcmtHdXu5jmo2AzLPXIOsF0Pnw1ANpkFYZwyJ_JZhvhvFCBxrFH34RoInPdpkPfLpneJgg1NaCyXKMzQn_4KOrlL5WSZShbnFpL_zLzGQvm&sig=Cg0ArKJSzNFfnEljdceyEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:57 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame AA60 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
32
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
5WG-IcNTbHw3XPi4liisIGHs3NKXFBELiC3sMxyDlB_VlS9B3eaqbA==
date
Wed, 26 Mar 2025 04:45:22 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame AA60 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
747
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 05:33:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:33:26 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame AA60 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:57 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame AA60 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3788e61f7bc440fe97a60ca643279022f381edfdf8e4272c59ae049a40eeac04

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
capmapping.htm
cdn.holmesmind.com/js/ Frame A5A1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:a000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
30
content-length
12184
content-type
text/html
date
Wed, 26 Mar 2025 04:45:54 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 c723324ff3815a0e30df3eecba242152.cloudfront.net (CloudFront)
x-amz-cf-id
h5412ax4AWQL5CDDktjDeiUZ8ojGx3ObBocuPA2Eph-IMP5OcbvaIQ==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame 19FD 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
6
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
uIzrT3dx3dWMw0jpjc4KbPjgliSmWN3tu9DkEfTOOVYaNxqa9Eov2w==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
gen_204
pagead2.googlesyndication.com/pagead/ Frame AA60 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:57 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
sodar
ep1.adtrafficquality.google/pagead/ 		0
0
Preset.js
ad.holmesmind.com/adserver/ Frame 19FD 		2 KB
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 26 Mar 2025 04:45:57 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 19FD 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
1
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
Q_p2KoD7XOuAQyrBVWIz6jbXwZiy9qZQBlaPNcDehVbRWeA3ASwq7w==
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
activeview
pagead2.googlesyndication.com/pcs/ Frame 95C4 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuMo6yToSHwGKorsqqHDw0FqKArGNXFSFlzh47OPJwSowmtS9URlE1SdEvNV30zJmBH6KMvnGSiJTVhjmtPP0nsATbFkpzno4Kv6KnzejCzQbkGgBNL-Mui54XdCYA1UqO8Be-T7s3dmgh-TaRV64cmfzUchXFifgnoVWstqYVfOeM&sig=Cg0ArKJSzNnJhydLwcUDEAE&id=lidar2&mcvt=1000&p=172,1030,422,1330&tm=3818.900001525879&tu=2819.099998474121&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1451399479&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3889715400&rst=1742964353739&rpt=3099&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 26 Mar 2025 04:45:57 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ads.js
ad.holmesmind.com/adserver/ Frame 19FD 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=974&o=1&fc=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&d=1&b=2&ts=1&ii=2&FPCK=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
ec9460159d2566e80764e43cb19edb0d9371d4663d2f124fd892a7ab2ea3cb9c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 26 Mar 2025 04:45:58 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame 19FD 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
e0F0DekACotK8qXPkHo2IeuSAjVtOwXLCgoqJI0jV9k_xqvhZ3sCxw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame 19FD 		130 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-2072d"
cross-origin-resource-policy
cross-origin
expires
Thu, 27 Mar 2025 04:45:54 GMT
access-control-allow-origin
*
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
criteoV2.js
cdn.holmesmind.com/js/ Frame 19FD 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
hXaVyjNdrFJm4GqlIR5AkrsqrAA_Ed4Q0mzSlXHBcKGCllT8NUEMnw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame 19FD 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
21RPJz8JWySchjl3hZ8i3cADYuJ7Y5os7enczqw1-I8uZDhwwDIRLA==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appierV2.js
cdn.holmesmind.com/js/ Frame 19FD 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag
"21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3446
x-amz-cf-id
SUa2IphNZJ8Qq7PsOOkOEbsvaDQt6OO0x4Pc3bVoDiC8V9pXmnXC8g==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 14 Dec 2023 06:52:43 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame 19FD 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
5467
x-amz-cf-id
7XW52p_rHKSanTnlbh7A0FRpvSNyBErSssA-_7I0Uka_w4e6cS4D6A==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame 19FD 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
3600
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:58 GMT
vary
Origin
access-control-allow-credentials
true
access-control-allow-methods
POST
prebid.aspx
prebid.scupio.com/recweb/ Frame 19FD 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.8597620529314765
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
210-59-219-34.hinet-ip.hinet.net
Software
Kestrel /
Resource Hash
93767b3b96776e880821c937f6ead482fa23fc03903ead57e5070e74b93a304a

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Origin
https://reurl.cc
Date
Wed, 26 Mar 2025 04:45:57 GMT
Server
Kestrel
Access-Control-Allow-Credentials
true
bid
ad2.apx.appier.net/v1/prebid/ Frame 19FD
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=SraJvajVAvCsX9TkhobjZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=SraJvajVAvCsX9TkhobjZw
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 26 Mar 2025 04:45:58 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=SraJvajVAvCsX9TkhobjZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 26 Mar 2025 04:45:58 GMT
Server
nginx
bid
ad2.apx.appier.net/v1/prebid/ Frame 19FD
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=uXW-8QkbAwmtXeb8hobjZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=uXW-8QkbAwmtXeb8hobjZw
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 26 Mar 2025 04:45:58 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=uXW-8QkbAwmtXeb8hobjZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 26 Mar 2025 04:45:58 GMT
Server
nginx
cdb
bidder.criteo.com/ Frame 19FD 		0
186 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=17772447641
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:57 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
activeview
pagead2.googlesyndication.com/pcs/ Frame 1351 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstMV3Bs_SmCpow0sx_VLAZbSU5EagU0Lmb_LLw8ZrveUGwKdcegAYFhZ67y1K1bO0H9SLaAqC60onhPEZ1V9lz7GARF9TA9Wcikn5L_qNj94fjSwHn29zhGXXpe3n0Qbn3flNH5Uddg5J0OG6Tk_NB5kCNU2RHSwiZcdw3xX2HeR1I&sig=Cg0ArKJSzLmn3MEwnfIiEAE&id=lidar2&mcvt=1001&p=172,650,422,950&tm=1611.6999969482422&tu=610.3999977111816&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3360245792&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3889715600&rst=1742964356175&rpt=714&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 26 Mar 2025 04:45:57 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame A293 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst24OAdo6b2K8Nc2Poi9TUj9l2NUFNtvSxH9Bc1QnRWJAcGTZgl01JpsySgwq8kIzv5Ekuu2j7h1GiSuD8RWwbAeydN0gNXqrYhdqzGg2BH5dH4dECQ6CnYL6fGF3XAZu_k-CFsWoY95TBLXUCDffhaaAJyKGcIKXssDEfCY6Yyf8c&sig=Cg0ArKJSzGCxJVtDhuS8EAE&id=lidar2&mcvt=1004&p=172,650,426,950&tm=3807.800003051758&tu=2804.2000007629395&mtos=0,1004,1004,1004,1004&tos=0,1004,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=0.98&vu=1&app=0&itpl=19&adk=3242553145&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3889715400&rst=1742964353778&rpt=3115&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 26 Mar 2025 04:45:57 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
pixel.gif
static.criteo.net/images/ Frame 19FD 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=1
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
pixel.gif
static.criteo.net/images/ Frame 19FD 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
events
bidder.criteo.com/csm/ Frame 19FD 		0
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:57 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
utag.js
t.ssp.hinet.net/ Frame 19FD 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 26 Mar 2025 04:55:55 GMT
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
drawV2.js
cdn.holmesmind.com/js/ Frame 19FD 		13 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=974&o=1&fc=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&d=1&b=2&ts=1&ii=2&FPCK=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
KUJwMgO-BAogKv0pa2MSPPjWhna0niwdELh_o_egFXqp-fI6qTwWVw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
view
securepubads.g.doubleclick.net/pcs/ Frame AA60 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvO8W3DEda_MnpnsY4SMr5BxHb5mJSnRpJGoeg4FTvJ0_s8LIIMzXyGqwoW5ma1qCOoUpHy4fBwwpQjf4MXjhgPz_Y1qk_657xrMT2HrnqVEvc4UnPRBcNj9yV5V5bNc-rmeuv2VOkgGBTlqF5DoHPRkSv4Skb_zVfwpaajPIb7YndOxuLtft6oNK2eSj-BxFDT-XN6kiITGZlu0LNpz65CpC6aj7ChaY7lh6LdkED819o3bNfIwruQcHxavJu_wPC_Qpi9u7lHXpeJe_9we4LLzbu9Zn4ZWvj_bO4DzhJ6EDZUnuJJlMZrT6NUqxmEp2qE0BWUiE2W5cVelHbkJclnwLA8bsFrJWhoEV1hvUwM_Khqzxs9qdPKd_lh0EY3Qv480OxGcUwUzT6N_Pqr4VobEqwv4XAcR--DjxxcWXL738IwbOST6dAynsdkbDIDVFGlhuXR-_TPKXpf&sai=AMfl-YTbyIuR4bM38Q0JMxTylvR15DOLMkQMUAB0hZDwy2BujCQ0a3yUOdmBWD_lSvCSwlSTnXfnujIZQf4fKGS919fShIakHdMrxFOwmXz_gqkPqxXRzm1gddy2x5w0&sig=Cg0ArKJSzBF4puU-79lXEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:58 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:58 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
sodar
ep1.adtrafficquality.google/pagead/ Frame D75A 		0
0
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-N394QBRGC0&gtm=45je53o2v897965293za200&_p=1742964352243&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887799~102926062~102926327&cid=646764243.1742964353&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1742964353&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=scroll&epn.percent_scrolled=90&_et=88&tfd=7016
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
report-to
{"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:137:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:58 GMT
content-type
text/plain
server
Golfe2
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-ZDFZCDVDK1&gtm=45je53o2v9181474282za200&_p=1742964352243&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102509683~102788824~102803279~102813109~102887800~102926327&cid=646764243.1742964353&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1742964353&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FXqAx30&dt=Dynamics%20365%20Customer%20Voice&en=scroll&epn.percent_scrolled=90&_et=23&tfd=7039
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZDFZCDVDK1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:87:0
report-to
{"group":"ascnsrsggc:87:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:87:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://reurl.cc
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:87:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:58 GMT
content-type
text/plain
server
Golfe2
cm
t.ssp.hinet.net/ Frame 19FD 		0
0
pixel
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/ Frame 19FD 		0
0
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 3C5D 		105 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
98a13a8195bb791392a727d3dde6b0936e7a2f41f42f9ee5c9bf2b08f0d64865
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
892 / 20173 / m202503200101 / config-hash: 2851412147286529057
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33491
x-xss-protection
0
server
cafe
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/ Frame 3C5D 		525 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
13877525710090312892
age
3739
x-content-type-options
nosniff
expires
Thu, 26 Mar 2026 03:43:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 03:43:33 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168748
x-xss-protection
0
server
cafe
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame BE4F 		0
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame 3C5D 		0
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 3C5D 		0
0
container.html
03645f1727afbb47e4365cdc87f1dd1b.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 1B3F 		0
0
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/ Frame 3C5D 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/gpt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6101005619b1d8a0e6d234dc41330613febb164b982205854bf7416cff6d43fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
6539103362049255065
age
53037
x-content-type-options
nosniff
expires
Tue, 01 Apr 2025 14:01:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 25 Mar 2025 14:01:55 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23391
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503250101"
activeview
pagead2.googlesyndication.com/pcs/ Frame AA60 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssWwdKD9GrZFmjQbDdO4BZZTgmYfjb7KFBB1NquRfq0F5NaIPyfB4ZwVlOuTK_26MhMLerKvCHDquW1P9XclW-6OYstTs1lK4g3QHeSJgiZJUWkhaYoskfPuoGa7ltx_egMkrXPPwu3gHC3wIBU71olu2ULc5GL7gDI5QNafXTvkU4&sig=Cg0ArKJSzH7jOFhpeLvDEAE&id=lidar2&mcvt=1000&p=172,650,422,950&tm=1476.5&tu=476.79999923706055&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3360245792&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3889715700&rst=1742964357593&rpt=509&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 26 Mar 2025 04:45:59 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ Frame 3C5D 		36 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3035648365259391&correlator=1993617110424025&eid=31086815%2C31090594%2C31091041%2C31091188%2C83321073%2C31086809&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=610111617&sfv=1-0-41&eri=65&sc=1&cookie=ID%3D9108f7a39ce1675e%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_Ma1vtvH_qGID4i43UgxWrqZMYZaiA&gpic=UID%3D000010865d546cc2%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_MbJzFAlJ_dU68Fv2n-hxS2M1_H73Q&abxe=1&dt=1742964359782&lmt=1742964359&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=7ejpfo5eupa6&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=9&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742964358703&idt=22&adks=3360245792&frm=23&eo_id_str=ID%3Df38574e2354de41a%3AT%3D1742964353%3ART%3D1742964353%3AS%3DAA-AfjaN4W0L-6umPS0BXG150rCT&td=1&egid=13855&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
339a7278b591bcd28b10c703656eeb98bfe8e013265780c8cf35de410f4deb5b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
dcb
google-lineitem-id
6499556608
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:59 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138462658495
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
7928
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame E387 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvD5GSw3uNVcFIGNCTlchU1JKCAGCmFnrYqwbZUCxwmRqexugVua2sRQ7rcOCzgjLrAOvs75525kbNeLK1x72K6LSnuEW14fnxwSrRz6WyfmFQ4QBqe0YfpWFnTcL5XJHG7Xpcj37u-OB86HtjEQctUE1uitN_FUs-t1pF-gtiN_x6UFWmDik3ZEKQNRgRhhiPz1pyeBvQQgnzpGtVPKm7vrnDbOV01BIwsBZstRVAM7fNkcAkOrhDjJjZEVDmquJhZeTKyjHnqqMj8FaEVvytcf3Rcwb_TrrVP2few7Yk_zdlWiogNwQ1xkLMRa285lAb0WscZ2aONcBPcGiaZkfUpxH0ixiL9BfXxvsQYEHpRf68B-PhNxZIUFB12aQndFLpjjeWjOC9yPTp3FpOa705SeE_dhLOJsQnD5gjpGE1HE_8tVhJELsQGPOPvVQiE1g1tExmpfxemEw&sai=AMfl-YSxwiTRzwvsugqs_0D2ct2OiCDFb06ZpocU7EibKAl7G3FStQx2n9l-ZKghgRt5AEKh8Vz6baNfJEq-FfjElp8BKD8JEMPnGkXZKelJPvjkVuLIGKOMwoC-IA1a&sig=Cg0ArKJSzCyHtMNfElcvEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:45:59 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame E387 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
32
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
5WG-IcNTbHw3XPi4liisIGHs3NKXFBELiC3sMxyDlB_VlS9B3eaqbA==
date
Wed, 26 Mar 2025 04:45:22 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame E387 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
747
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 05:33:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:33:26 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame E387 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:45:59 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame E387 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67e32373ea375fa0fc63fec08d150a917959c91af080456c2dcfe68644705110

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
capmapping.htm
cdn.holmesmind.com/js/ Frame 701A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:a000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
30
content-length
12184
content-type
text/html
date
Wed, 26 Mar 2025 04:45:54 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 c723324ff3815a0e30df3eecba242152.cloudfront.net (CloudFront)
x-amz-cf-id
h5412ax4AWQL5CDDktjDeiUZ8ojGx3ObBocuPA2Eph-IMP5OcbvaIQ==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame A00B 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
6
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
uIzrT3dx3dWMw0jpjc4KbPjgliSmWN3tu9DkEfTOOVYaNxqa9Eov2w==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
gen_204
pagead2.googlesyndication.com/pagead/ Frame E387 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:46:00 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
Preset.js
ad.holmesmind.com/adserver/ Frame A00B 		2 KB
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 26 Mar 2025 04:46:00 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame A00B 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
1
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
Q_p2KoD7XOuAQyrBVWIz6jbXwZiy9qZQBlaPNcDehVbRWeA3ASwq7w==
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ads.js
ad.holmesmind.com/adserver/ Frame A00B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=107&o=1&fc=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&d=1&b=2&ts=1&ii=2&FPCK=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f&initver=230627P
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
7c0e68337b06d01900dd6d844ca8ab7500a20687f31b18a87b88dbaf61566896

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 26 Mar 2025 04:46:00 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame A00B 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
e0F0DekACotK8qXPkHo2IeuSAjVtOwXLCgoqJI0jV9k_xqvhZ3sCxw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame A00B 		130 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-2072d"
cross-origin-resource-policy
cross-origin
expires
Thu, 27 Mar 2025 04:45:54 GMT
access-control-allow-origin
*
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
criteoV2.js
cdn.holmesmind.com/js/ Frame A00B 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
hXaVyjNdrFJm4GqlIR5AkrsqrAA_Ed4Q0mzSlXHBcKGCllT8NUEMnw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame A00B 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
21RPJz8JWySchjl3hZ8i3cADYuJ7Y5os7enczqw1-I8uZDhwwDIRLA==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appierV2.js
cdn.holmesmind.com/js/ Frame A00B 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag
"21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3446
x-amz-cf-id
SUa2IphNZJ8Qq7PsOOkOEbsvaDQt6OO0x4Pc3bVoDiC8V9pXmnXC8g==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 14 Dec 2023 06:52:43 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame A00B 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
5467
x-amz-cf-id
7XW52p_rHKSanTnlbh7A0FRpvSNyBErSssA-_7I0Uka_w4e6cS4D6A==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame A00B 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS
ip-103-132-192-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

access-control-max-age
3600
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:46:00 GMT
vary
Origin
access-control-allow-credentials
true
access-control-allow-methods
POST
cdb
bidder.criteo.com/ Frame A00B 		0
186 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=43307037521
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:59 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
prebid.aspx
prebid.scupio.com/recweb/ Frame A00B 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.44516543786926244
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
210.59.219.34 Taichung City, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
210-59-219-34.hinet-ip.hinet.net
Software
Kestrel /
Resource Hash
9258f127e7037b233f7a77ba0b66814faa3c6e30a014dc4a754308235be3dd93

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Origin
https://reurl.cc
Date
Wed, 26 Mar 2025 04:45:59 GMT
Server
Kestrel
Access-Control-Allow-Credentials
true
bid
ad2.apx.appier.net/v1/prebid/ Frame A00B
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=rC_S0sShAhGCuCbaiIbjZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=rC_S0sShAhGCuCbaiIbjZw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 26 Mar 2025 04:46:00 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=rC_S0sShAhGCuCbaiIbjZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 26 Mar 2025 04:46:00 GMT
Server
nginx
bid
ad2.apx.appier.net/v1/prebid/ Frame A00B
Redirect Chain
  • https://ad2.apx.appier.net/v1/prebid/bid
  • https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
  • https://ad2.apx.appier.net/v1/prebid/bid?acid=MZbIvV4lCayhu-bTiIbjZw
2 B
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad2.apx.appier.net/v1/prebid/bid?acid=MZbIvV4lCayhu-bTiIbjZw
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Server
35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
98.36.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-store
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
via
1.1 google
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 26 Mar 2025 04:46:00 GMT
content-type
application/json; charset=utf-8

Redirect headers

Cache-Control
no-store
Location
https://ad2.apx.appier.net/v1/prebid/bid?acid=MZbIvV4lCayhu-bTiIbjZw
Accept-Ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
null
Content-Length
0
P3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Wed, 26 Mar 2025 04:46:00 GMT
Server
nginx
events
bidder.criteo.com/csm/ Frame A00B 		0
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:45:59 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
pixel.gif
static.criteo.net/images/ Frame A00B 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=1
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
pixel.gif
static.criteo.net/images/ Frame A00B 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
utag.js
t.ssp.hinet.net/ Frame A00B 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/utag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
W/"65e6c0fa-15e4"
expires
Wed, 26 Mar 2025 04:55:55 GMT
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
application/javascript
last-modified
Tue, 05 Mar 2024 06:51:38 GMT
server
nginx
vary
Accept-Encoding
drawV2.js
cdn.holmesmind.com/js/ Frame A00B 		13 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/drawV2.js
Requested by
Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=107&o=1&fc=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&d=1&b=2&ts=1&ii=2&FPCK=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f&initver=230627P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
MSt.illVoQb3pO8IADvHgNboFaeniBxV
etag
"dcf480340ca4b65dc9aa76bd9e677036"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
13033
x-amz-cf-id
KUJwMgO-BAogKv0pa2MSPPjWhna0niwdELh_o_egFXqp-fI6qTwWVw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Tue, 19 Dec 2023 06:01:02 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
view
securepubads.g.doubleclick.net/pcs/ Frame E387 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuq_ZGkR0P1eugBGWOqd2ATaEaRVCcQhtnOVFPrj3DOZCEc1n0Mi9wnbFbt4MZXe3-d4zATrO3-K6ClJC6Ecu0fCxtpFCo5m6fI8q9wh67d11J2q5Tf1WRI4dVZ5qlKeP_3sRK-KgaYDDrMLhJv9-1ssUbZmNzp1CMvfkKU0i3UTxb6ZILCvC8IxFH1G83a1VPkgMVEKfi79qSZl8x9DNrw-AGAfm7q8qcImVgbetaVqjoxVn25M9hYbwe2pSi44FCMJQ69LQ7MA_4iOm9ROBO-naXzzjAmGU9lF1vnyo_gPqFYpmORlbP_8aBoa7QZym-ImucMeFQXbnKW8Cd2xInOnDg3XBgeN31wEWxxOjJZ9VO2WPCoSYTJvwlUkCJ8rdL-oeKxCp_9wqt3vvE6SkCHhfy4qQ_cemk3hL9hl8JklJJBbYX2-PdAl6LYFxq_TbD5bPFszlaXVeHK&sai=AMfl-YSJfEey80vfLivYrRuoDiNnpbA0mzRLGv_3vEqi32A0Zf6OWaJRzpaMfhBGOt9jopjSuANePbqVoNVNnu22sWvC0EMpmZSu_8vkzNHRm9sfuJB5ZIiKlK1O3XS0&sig=Cg0ArKJSzCbKsW0GsZyrEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:46:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:46:00 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
cm
t.ssp.hinet.net/ Frame A00B 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&mp=f998a36e-3b10-4c5a-954d-db1c5f368129
Requested by
Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

strict-transport-security
max-age=0
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:46:01 GMT
content-type
image/png
vary
Origin
server
nginx
pixel
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/ Frame A00B 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/pixel?bd=f998a36e-3b10-4c5a-954d-db1c5f368129&t=50ef57&referrer=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
203-75-214-136.hinet-ip.hinet.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

Strict-Transport-Security
max-age=0
Content-Length
0
Date
Wed, 26 Mar 2025 04:46:01 GMT
Content-Type
image/png
Server
nginx
Connection
keep-alive
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 60C1 		105 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
98a13a8195bb791392a727d3dde6b0936e7a2f41f42f9ee5c9bf2b08f0d64865
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
892 / 20173 / m202503200101 / config-hash: 2851412147286529057
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:45:52 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33491
x-xss-protection
0
server
cafe
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/ Frame 60C1 		525 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
13877525710090312892
age
3739
x-content-type-options
nosniff
expires
Thu, 26 Mar 2026 03:43:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 03:43:33 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
168748
x-xss-protection
0
server
cafe
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame AEAA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
1496
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28858
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:20:57 GMT
expires
Wed, 26 Mar 2025 05:10:57 GMT
last-modified
Mon, 24 Mar 2025 19:44:53 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/ Frame 60C1 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503200101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8a8c1e371b1df7e514e21c9e1392caa934646f73c2956543127a90b5e97faeb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
12931
date
Wed, 26 Mar 2025 04:46:01 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
securepubads.g.doubleclick.net/gampad/ Frame 60C1 		36 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2281600201457243&correlator=2274115675475040&eid=31086814%2C31091188%2C95355264%2C31088252%2C83321072%2C31086809&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=2122355459&sfv=1-0-41&sc=1&cookie=ID%3D9108f7a39ce1675e%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_Ma1vtvH_qGID4i43UgxWrqZMYZaiA&gpic=UID%3D000010865d546cc2%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_MbJzFAlJ_dU68Fv2n-hxS2M1_H73Q&abxe=1&dt=1742964361127&lmt=1742964361&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=ytqcul5nufed&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=12&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742964361046&idt=19&adks=3360245792&frm=23&eo_id_str=ID%3Df38574e2354de41a%3AT%3D1742964353%3ART%3D1742964353%3AS%3DAA-AfjaN4W0L-6umPS0BXG150rCT&td=1&egid=13855&tdf=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c2adf5aeffa3893601da002038c0b61a5ed2511a8dff85c882e5f8d58cf52d8b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
dcb
google-lineitem-id
6499556608
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 26 Mar 2025 04:46:01 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138462658495
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://reurl.cc
content-length
7935
x-xss-protection
0
server
cafe
container.html
666a803caa4998daebc267a5c9c00760.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 0E2C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://666a803caa4998daebc267a5c9c00760.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=12
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:46:01 GMT
expires
Wed, 26 Mar 2025 04:46:01 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
ep2.adtrafficquality.google/sodar/ Frame 60C1 		18 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 04:45:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame AFE4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
1010
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:29:04 GMT
expires
Wed, 26 Mar 2025 05:19:04 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame A8C9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-A7_-QrZpWMZ8ze8usiib5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 26 Mar 2025 04:45:54 GMT
expires
Wed, 26 Mar 2025 04:45:54 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/ Frame 60C1 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503250101/gpt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6101005619b1d8a0e6d234dc41330613febb164b982205854bf7416cff6d43fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

content-encoding
br
etag
6539103362049255065
age
53037
x-content-type-options
nosniff
expires
Tue, 01 Apr 2025 14:01:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 25 Mar 2025 14:01:55 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23391
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503250101"
activeview
pagead2.googlesyndication.com/pcs/ Frame E387 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstPxaOfC77kwEgMavBsXOXWo_Z2_pocoywSnfwTOEzgpqW9unDgaCHn28IbwjYIakuwVMo5v2I2YxlQz51fQw1-RT-85VRRkiBjOxZ8Gp_W4qxLJgU0TfpuZIR_HOzIkj8yNHLQaXNHLNNnECqH4YC5FXB5T_ppB8ysiEZJpjZQ-bA&sig=Cg0ArKJSzJe5oeGCRddBEAE&id=lidar2&mcvt=1000&p=172,650,422,950&tm=1703.5&tu=703.5&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250324&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3360245792&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3889715900&rst=1742964359919&rpt=740&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 26 Mar 2025 04:46:01 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 4DEF 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstaj6CPIvYPHWUMkW4COhbDXWLOhF7gfqvRUp53Mst1hfv1VJcNUKT_1csDZA6kpZ5n0yvumMRPSTpzS2XjVSbkomKObKWK6gprCznwX_-YpI-uAT0Y9Mf2EIihQIfTcEg7Qn2WwKsbgwO0X5DDcUrO1K6USm-mjQw5PltXIkN0ACcDRGi1OBGL0J0r_4nJO4UB0NxTaisl2hIZl2IuPp7EMBYsw3l-yID3CPWhdQyhlc08JrqfDy1c4p8jX3LZ7nvt0D4d-hCDkYyOQ2IRHTB-v4-mgpbVJfpimGe9ErMfX7_RkjNJTScQWLyDkOscO5fiWCBZ_uzc4wur7212IdwpZoaxAvgQzV_kTdyXdXlBgZ8CIj526tJ_yLQZhupBDYoMq3uhIlSsqCXdGaBHwwZQdKkhjQEZT-2nygVkbtH3shOah2NGTfSFhg4Fkl9LkqlG1vWaWNfS4Q&sai=AMfl-YSIzY7UjENe1F0pjMt1SF1mHueAy37dj8e0CV0D9Ic-IlTByD0zcD85rSZyvP1WTQeCGwEr7hqsEsLSPJMMGWNPN_z3ECgoe3qsAqrcLnnHpaYXJToj_kFBqKl7&sig=Cg0ArKJSzKD12XWNsV9yEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: reurl.cc
URL: https://reurl.cc/XqAx30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 26 Mar 2025 04:46:01 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
init.js
cdn.holmesmind.com/js/ Frame 4DEF 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/init.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
7tl34LxMadcrIfMWf8ToGVMtRuWCL8aK
etag
"2b18447e41c64d14195cefd72eb57400"
age
32
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
9645
x-amz-cf-id
5WG-IcNTbHw3XPi4liisIGHs3NKXFBELiC3sMxyDlB_VlS9B3eaqbA==
date
Wed, 26 Mar 2025 04:45:22 GMT
content-type
application/javascript
last-modified
Fri, 14 Mar 2025 09:01:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 4DEF 		219 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503200101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

content-encoding
br
etag
9225633084484645003
age
747
x-content-type-options
nosniff
expires
Wed, 26 Mar 2025 05:33:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 26 Mar 2025 04:33:26 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68912
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4DEF 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:46:01 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 4DEF 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b914b8e3505c5181de490adece9d125e24c1f738b6e784c654f76b100972bb35

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer

Response headers

Content-Type
image/png
capmapping.htm
cdn.holmesmind.com/js/ Frame 00CF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/capmapping.htm?fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:a000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://reurl.cc/XqAx30
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36

Response headers

accept-ranges
bytes
age
30
content-length
12184
content-type
text/html
date
Wed, 26 Mar 2025 04:45:54 GMT
etag
"313c12f57383ae26248323c3b33af799"
last-modified
Mon, 17 Mar 2025 05:33:47 GMT
server
AmazonS3
via
1.1 c723324ff3815a0e30df3eecba242152.cloudfront.net (CloudFront)
x-amz-cf-id
h5412ax4AWQL5CDDktjDeiUZ8ojGx3ObBocuPA2Eph-IMP5OcbvaIQ==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
rSOjRFL3ruqyCRzzCV6Gk2MSJ9yPXZwf
x-cache
Hit from cloudfront
presetfn.js
cdn.holmesmind.com/js/ Frame 995E 		11 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/presetfn.js?20231115
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
rmz9OdLbHPf__eUT0CPixnVBdq1QxTyB
etag
"1ff97ce94c5a1127f915e6bf2a02c6a9"
age
6
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
10957
x-amz-cf-id
uIzrT3dx3dWMw0jpjc4KbPjgliSmWN3tu9DkEfTOOVYaNxqa9Eov2w==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 16 Jan 2025 06:05:08 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4DEF 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 26 Mar 2025 04:46:01 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
Preset.js
ad.holmesmind.com/adserver/ Frame 995E 		2 KB
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.holmesmind.com/adserver/Preset.js?z=14210
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.178.103.138 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-178-103-138.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

access-control-allow-origin
https://reurl.cc
content-encoding
gzip
date
Wed, 26 Mar 2025 04:46:02 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
access-control-allow-credentials
true
js-md5.js
cdn.holmesmind.com/js/ Frame 995E 		30 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/js-md5.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
GJjk5mkGsSOM8o1hDQLuy7m.Hsc3NZ3.
etag
"ab3f6a2aedec7585237d5fb727bebcbb"
age
1
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
30621
x-amz-cf-id
Q_p2KoD7XOuAQyrBVWIz6jbXwZiy9qZQBlaPNcDehVbRWeA3ASwq7w==
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:04:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
ads.js
ad.holmesmind.com/adserver/ Frame 995E 		0
0
rtbhouseV2.js
cdn.holmesmind.com/js/ Frame 995E 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
BhYfibf8ln9C4F8AF59WvZqelYblDtF0
etag
"519bf06eca29382b4ee4cc4f1dace214"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2905
x-amz-cf-id
e0F0DekACotK8qXPkHo2IeuSAjVtOwXLCgoqJI0jV9k_xqvhZ3sCxw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 04 Sep 2023 03:28:50 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
publishertag.js
static.criteo.net/js/ld/ Frame 995E 		130 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"67c8043f-2072d"
cross-origin-resource-policy
cross-origin
expires
Thu, 27 Mar 2025 04:45:54 GMT
access-control-allow-origin
*
date
Wed, 26 Mar 2025 04:45:54 GMT
content-type
text/javascript
last-modified
Wed, 05 Mar 2025 07:58:55 GMT
server
nginx
criteoV2.js
cdn.holmesmind.com/js/ Frame 995E 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/criteoV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
etag
"13519f9e63c9828d93a698c47992e115"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3197
x-amz-cf-id
hXaVyjNdrFJm4GqlIR5AkrsqrAA_Ed4Q0mzSlXHBcKGCllT8NUEMnw==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Thu, 27 Jul 2023 02:29:01 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bridgewellV3.js
cdn.holmesmind.com/js/ Frame 995E 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
DID93KRiG7PHJMF22E9BP3B26tce7ZQK
etag
"41ecd67a1e57b2a3aa7cf0c876da0a59"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3470
x-amz-cf-id
21RPJz8JWySchjl3hZ8i3cADYuJ7Y5os7enczqw1-I8uZDhwwDIRLA==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Mon, 02 Oct 2023 08:50:04 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appierV2.js
cdn.holmesmind.com/js/ Frame 995E 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appierV2.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
L_ytFJI.iZbA3Ys9mJ75ciLmXqmRfuVO
etag
"21253aa5d7ee0c3b700ce5f1a4a1b4d1"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
3446
x-amz-cf-id
SUa2IphNZJ8Qq7PsOOkOEbsvaDQt6OO0x4Pc3bVoDiC8V9pXmnXC8g==
date
Wed, 26 Mar 2025 04:45:49 GMT
content-type
application/javascript
last-modified
Thu, 14 Dec 2023 06:52:43 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
appier_mainV3.js
cdn.holmesmind.com/js/ Frame 995E 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by
Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20231115
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:f800:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

x-amz-version-id
ku3H1MOUSfLuWtW9r59UrEXWrMCJMqc1
etag
"ec9ddd169f5fd01f28f9b31866cd4701"
age
13
via
1.1 43504ac56caa49011c8a16d1cb156142.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
5467
x-amz-cf-id
7XW52p_rHKSanTnlbh7A0FRpvSNyBErSssA-_7I0Uka_w4e6cS4D6A==
date
Wed, 26 Mar 2025 04:45:45 GMT
content-type
application/javascript
last-modified
Tue, 14 Nov 2023 14:15:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
bids
prebid-asia.creativecdn.com/bidder/prebid/ Frame 995E 		0
0
cdb
bidder.criteo.com/ Frame 995E 		0
186 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=159&profileId=184&cb=13445081939
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:46:01 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true
prebid.aspx
prebid.scupio.com/recweb/ Frame 995E 		0
0
bid
ad2.apx.appier.net/v1/prebid/ Frame 995E 		0
0
bid
ad2.apx.appier.net/v1/prebid/ Frame 995E 		0
0
pixel.gif
static.criteo.net/images/ Frame 995E 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=1
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
pixel.gif
static.criteo.net/images/ Frame 995E 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Referer
https://reurl.cc/XqAx30

Response headers

cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Sat, 21 Mar 2026 04:45:55 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Wed, 26 Mar 2025 04:45:55 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
events
bidder.criteo.com/csm/ Frame 995E 		0
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::5 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/88.0.4324.190 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://reurl.cc/XqAx30

Response headers

cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
https://reurl.cc
date
Wed, 26 Mar 2025 04:46:01 GMT
vary
Origin
server
Kestrel
access-control-allow-credentials
true

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
blog.alphaloan.co
URL
https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20250324&jk=3004472422137813&bg=!SUqlSgXNAAaCZO-FomQ7ADQBe5WfONCkX3h-vix3ey2BvA_JSNCVD0sm468nZjIVaX-GBKuyuyiVYaAHnjgopAVHboQ6AgAAAMtSAAAAFWgBB34ANeF9nR61Nm7ExaVWcc-gXd3Xyzz_oHB5hE7u2zEo4M8GfnduCJh6q-7LC4K4sRfA7Rzr0KcNCgCMtztFVPgRc66wURM3Fvq7V2C9OYm-TSaphLaUofZ_-fsrUzQJk8V-nlKOdU0MUTqwTesq2Wl49KtclPCIHKQruuOif4N5r-sUekQ--VSqGzS1XOEdGAlipFGEHNb99l9e87E06MiiUd5ldUZkP01UeTipeVicx5XyhxtRxiCv-xenzrX9nAOD7C1wmQWZApw_qJz7UUPGu1CGA9UsLLcWJ9FfaCHvBd8jfKPdpELFGf2R27314dePUV4mCHe5p2h2UgyGlED7LhnB2zBwQoJ1ShiuSIvPjUEqJLw00k5envhbWMLMmpxy9t2e8a1qYpsRdi9I7BqpIf4UjdAeu5YAGY2OQpSWaDKCf7jiodYkLdS2n2LiN-9apbFnY10kN6KKki0A2rtXwJM_wdlPgzkuh-dMi0Lz8IF2vMxqjXJTfQ3v761nGgLsICj9AkLWDr1kdEfTrZ7n9PLplP-62Y7pJAid5fT_mXeIilZAbEGe5O7LcZjkT3aPWB0W3__1fNHlr_2EdrgjRqcd5Jx6sZNFvUK9Om8VWo4tlZxyuqoZTromPYF5_NvcRLWrQnJxL__dCUhSEd0tR1A_a8nk1YH55NnG8SChDnS5XbgI35zKIDXMzoFzD_yeDnkuodQrVZL8qYjzq7Xe8K32OpWoMuJnxQsMfXBEx0BwYyHjF6NWVHoQPfa1CXJsMQykMISaxPIfh2fccpwYWshXYvfM0HME6Ql_Sc1E1F6hEZEWkb7G58EWE1kCw4-1viOEsEolShWIR_a1UmqHatgo8KWHsVgzVY6c07mLV-V331GuYNtJ7foZeIYGvOJa26uBwM2Gtn82gsjLkvwBC36EulfMmnqZVUWf6ld3v3Xdl4Fcdm7SmQio-a20na7oAatdiCB5A-PYU5fuL1QvJQA5fyAOfZfXIv-grupCBH8-b680sWywMU_jqAEFRttfGOV7HAF-F_MMc5NuqDG7Bi-9VaUMF46L4OVLUTFQvvQTKwD9J0O4iUTc1gS-NG7vDFQy5d8fVnHlZYKnScksiLCyPJrJDMu_iVQV9C1hjxeIW9RlKvYKsrLwga8ubieYvD5YwQ
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202503200101&jk=4024604042641449&bg=!-Pul-7TNAAaCZO-FomQ7ADQBe5WfOOdWhku0s3SDvOaweAO3ciAQC3zmpd66t17qUCE7qvig7gegtrCMXSWX0Ww5tpEhAgAAAMRSAAAAIWgBB34AN_I9sXLZw8jWdXsSQ7VMXbVyNfFnfx2g07qOF0GFfqOtOoRPXcmg8hpiBaOFm9zDshStQ4RhxbSZBWClYTXQJgfZyCWzZ88R4zRwzaQ9X6YpScxTaTkI5Ztdkenc1DWZBgP_WS_phVgHnU5hZFsAIK7Z79qqvNsWIliRxGhYXcAjxvCKBRl2zwUgqMf6goNGEczpE8u3gmf2ggEDBO17aVizzmLaoVq9ETaNh9LtL6lIlAobECU2kf8MC42j3mPVpHk2EUJHBt9ibyY3oTkg_ppD4bkjVOkfk8GJqZ6IVBE6KccBcNR4XkhexWFvrDpCpLZAfVlebb1CxdhumCYSAekydwvqkzbVwB0mkByDWvaYfyOf7npP5hvlnkV_gFVqn0whiQYS1FpXfT7p1VzC406eXkZB3rRcx2Y-LftoA8cYoCM2drEQlv4otMttUvsDmueKdeiPpr_PRRdJzmuw8lf43eyhEXYAQFtxPvX6Z1baJhCVcXBjkGOoSht2CfuuG9ktPjsH5VHZWtgr2pfuhkiff0rPRsb5iNrm2JWId2hFfmHbjetT8oxohCmKLeWRh6w09ADX5lzpBv8AwEmCbCe2v527iOEo2AWBUwrl_CBwXLGrDya23jK5iV0Q_wOn49dRJ07ZDFONyRrKGfDzrnyOWniqwSIQizt-zqGzKuZu34c2imoM1-xV7pnJUbKRV114otuiHZLMkx5yt6ZKMR7ZiHIRIHOEbNgMmfQwIWqJ8TxwxaaKIVwgrC2FjOdcPSkZXhw7k7wBVxPRMVviLYtSDFvuvwWbn96EQDzNzWpem7SLs_hSsV3HheRoIhfB0Jnu2hIOvGmoOymj9Qp7ai_ut2Td7Fc5N5MpQCMDCQkhB1GGaymkP4vJHP8iEh_GceHKZL4ksxHKadFoZ8TsbCHYdeFFjE2nBvsRWFskl3JiDHrt7A13frOryHAvZD0JR4Ii0QysBMktf_Zdps5v-N6-enep1HIpM23ZoSWI_pBJXYTdFjT8vTwhIeNcn0qWhohIMpWhrbb0A3U8-9D3wUmdYkLdyiiCPgLqWh2BegAgxhSNwNStdl3N0aqrYgkSn1UQyd6HPZGc0mmVGyd326mGOHiUOd-C61FqYOsIHBNtLYRDvc6UIDARPR2bATFwT7ITfFEpgIr_Wi_YbOiAw1Yxnbyi12SMY-7YgfoXZj07VbI9KXfOeiE1f6DmSvrl7utN27cfRe59pD1Porr0H8VR7CIH70JuiAyKKLXAGpp1P8Ha6mzK-9ShjpIQQPIePTZWe9YzbPHfO7SvRifwV5XeEsa6YS1iJpXMYoPAiud1Iev6N7Bi1skWTp1YbFloXAZLdJSXYAmTRnhzYaTwb3SUARsE2Qa2xOVsvTulAMBdr6sNqF6Spnd0vkGhX7TLGijqfAHK6ovgu7gZ3SrNXhYL2ZkBfW9vjI0jaGHbRpzNA57Mq4V2kje0Meg17pUA61DFURDnvoiYHFHsP7c_tFoXy71kgxSL6y0XQSOfSiEZ-Kqm4aBNvQ-MMkpA7_up1a4Bf0wSAmwVsommKOE3rK6odl4wT0PnYW8kwNfdKlQKIrz2-2u6umO3swJnO-wbmQTw_s5f7vx1XPcz7ibUCvwrzlu-LkG5jK8EGjMrsBB8XETyhdKl1J2nXHXOf3akKlrLegLLgHcfksD_s4DJajAeW5aM15L2g_uK8lWPMmBXHgGUC9ao513osFnwxtmZ2-eJlizvNZWhCTt8oeykvLTOQ0jok3f_5sIqRtNzc8FgNz1rUPKLUjY5OlBUZ-_m20iRbKfrZlfMLFxjozuHUOmSJNLLO-IgG8Yj4JJZ-80yB5y2jpiF1YENBfLK450Y-DSyEAIIzfCeHv3vkpu2wgoasQRHZV6ZKjA51EoMDIw_YjmnHq-sW4nM4w
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202503200101&jk=2616549332254756&bg=!hoWlhcrNAAY70ZttG9E7ADQBe5WfOEi1nSg6RMsxs5MFBrCibbYAHDuoEaMKLEb6gD0fnnV-83j3D-EFx3zmc8e_hzsyAgAAAF1SAAAAB2gBB34ANV1y_mBZ2Mymo9vsnb65SSUhQOv3sdr0Nw3-uSj80l8kjL-LwPi4aAMU3ZbHl0yPaEer5_XSmQKZOQCgDPr48RxdAK6raiKgnKGhlhYhluFqWgn3pR15zoA2SRTbktNedYtYwcLsUpJ4wlmK1lrYlwVQkCHTT2BKI4zqzsDlwmR9WVgEQTr-W_xvRLE7w6NO7pknCBUNnhGFtDQw94EuCAUc5I16uHUn0zBzrKuvChaDj1u18ZuGgUy7GNqhIloKmNEVdzkkupUlf42v7kS2YZn0TpH4EgCZ4CDdfgkl6LgghwkXdbwSqzJCs_5A9a6-tU0h7IFgscfSUj2MokCFd-WP8BnvLohIZIjLoXhDphYv8ACzWkhJvikTRmFJYvgmTxZEDIiyDjBPPsXg5RlxgxfyZ2x-A_aYvgAsbd-_FQHRoNV8pyoSAM1OjJLzXPQo0fiSR6qUPKmUPZe_aFBB-7XOpLPri6dr61NfpWh-thC6nivKUPcdrf6-jt9TWFg3ZWgK2GMui2wWtKvmUlq0MOl0GhsaWn6xuGwbHx2AnqjqM_Z6yT5XHpCNqg3qA0yG4SYvNMrh-HqrDP395dEM1V_Gq_2YG9horpVERORlIwg70zS6gdXjSv_5-2l8CwDFhF4cySaR2cEob91XNkj0PJpxIXwiyVgKF1TqrTXYuS1ONnankOUoPRtB0XY5jx0IAiRxQtH9HvfLwPtIPjoYxGQd3_WL1uInyY8MLIJzOCLbAJqYaA-PiwQvescHfgSLNLAx9iByuwWBnG_QEl3se5zBpKG-cJK2rkbFlEM0dt23HWc-5-zKl7Bnqk2cPyH7NkUobdQuHI0n4kRsNRG5ylrSRBX--J_hONrLMr1JtW-3z0XyQpdQIS8YjgbEwjZf3iTqPq7D4_sD3IJ3lR-oJKbjjesk_6m5QWEY0OKF_lRL_GEw_bmf5taojos7sXPs1YM
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202503200101&jk=2231713751368322&bg=!wMOlw4zNAAY70ZttG9E7ADQBe5WfODcTIM8ay0zbqmJDEOLLPVB5mbLRq_Bz_nT41gTnmA9OXCpRgjBzkTtOdy50a6N2AgAAAFxSAAAABmgBB34ANZeiWe35WnvOmwfH11W_hjD4eihO_0mH6zEl5JvwV2YhLNxoWYKJnnuH2mB4-YmQBBAIu9G3mQLtkczagxiEYmylqOUGUKhXeBOzTdncDoz3j6-3Ao1-n73JWjN-FlC3wem6QVDJgGE3e_5NWh5aFeJHf57Rt-TuyX3o_j4TX3PaUHHj6ZOMshgTrNcRm4l2dQu9ImeU2V3TTjR42vdwK41i_Z5BeSVXgBVDIYiZfrqqmnBASatT39HeRKJ4LY6fBcu9byZ3lZ3MfEwSTjmRBwEedVGdsr2TGU9ug42IhabjzAD6KcLyEe_i0GufoGsen6oNK1PceUyU4m7RIAi8DFtjV8GNZKcl_4ETgVlnofk5qH710bqxseRyWeIsHudRFyeMFoeQfaNqSMgtvs9nQYxbyY7TSFzp4eq3v_Eb3gm0mxFqvPhkb4FO_2fevMFRso3kSzHaCl_oSUykhiRgnuQmaT83nnbgicc6cph6CsTfqLCziWVi6kA_QpNMpX316cZIl4_wGVDSHqsb-K5nnyxj8HjQPzWY4rHrk-0BqsanL-h7yn8p20lAgllMHwsKBj6VqgJ75zV-7bYI6Rm-OSwWPR5sA8gEDSeYonaBgTa80b2k-9A5vBwmjU14PLARyW0VTzvgjPSOA3hz5cy7uys7cjKsjdX-9glsEGXhSbEKeBQ7kAn_JZFV_n8iZihKh8SUXVy1_fvMfSfWrv_y95bd5BJ3lzVxYRwAo1GZD0rZTpMS_sKXzw3NZy8DPiNWpplo7DGPk6Vowkqa7UXOXe3MaZB_A9tIaRGumxT-9QX1Dk64Zhcw1ZNVhG5T5r-xIdeqWrhqnRcIzQSTtGr64gzU46GIgYCbTnGNgmVXGwZnLEl4EoXpqVhU4TZycpbaJ2b8ft75U7zEovGAE_6BmUht8gSyQOJ4wnPsSCTpqibNyzc_WyAvazs0ivyaDSnWu2GOtcrnGrEHdXnxcQM1ZYAI2Wz-N3rwGEQzrRwSu3JKofoxg5-wuLQuTZOig442gOHYP6n0VQyp8k1TE3-izSBFwpA8Yec-vph7oQNcCRvgVyPJEic
Domain
t.ssp.hinet.net
URL
https://t.ssp.hinet.net/cm?c=50ef57&cid=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&mp=f998a36e-3b10-4c5a-954d-db1c5f368129
Domain
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net
URL
https://f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net/pixel?bd=f998a36e-3b10-4c5a-954d-db1c5f368129&t=50ef57&referrer=
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202503200101&st=env
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3035648365259391&correlator=3793228321433191&eid=31086815%2C31090594%2C31091041%2C31091188%2C83321073%2C31086809&output=ldjh&gdfp_req=1&vrg=202503200101&ptt=17&impl=fif&gdpr=0&iu_parts=128002626%2CGPT_%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8reurl%2C14210%2C14210-2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&didk=607409652&dids=gpt-passback&adfs=610111617&sfv=1-0-41&sc=1&cookie=ID%3D9108f7a39ce1675e%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_Ma1vtvH_qGID4i43UgxWrqZMYZaiA&gpic=UID%3D000010865d546cc2%3AT%3D1742964353%3ART%3D1742964353%3AS%3DALNI_MbJzFAlJ_dU68Fv2n-hxS2M1_H73Q&abxe=1&dt=1742964358746&lmt=1742964358&adxs=650&adys=172&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=7ejpfo5eupa6&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=9&url=https%3A%2F%2Freurl.cc%2FXqAx30&ref=https%3A%2F%2Freurl.cc%2FXqAx30&top=https%3A%2F%2Freurl.cc%2FXqAx30&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1742964358703&idt=22&adks=3360245792&frm=23&eo_id_str=ID%3Df38574e2354de41a%3AT%3D1742964353%3ART%3D1742964353%3AS%3DAA-AfjaN4W0L-6umPS0BXG150rCT&td=1&egid=13855&tdf=2
Domain
03645f1727afbb47e4365cdc87f1dd1b.safeframe.googlesyndication.com
URL
https://03645f1727afbb47e4365cdc87f1dd1b.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html?n=9
Domain
ad.holmesmind.com
URL
https://ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FXqAx30&n=426&o=1&fc=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&d=1&b=2&ts=1&ii=2&FPCK=9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav&fp_uuid=9612-9bc81689f0b5e6d4e16298aafe43a17f&initver=230627P
Domain
prebid-asia.creativecdn.com
URL
https://prebid-asia.creativecdn.com/bidder/prebid/bids
Domain
prebid.scupio.com
URL
https://prebid.scupio.com/recweb/prebid.aspx?cb=0.9266597139852155
Domain
ad2.apx.appier.net
URL
https://ad2.apx.appier.net/v1/prebid/bid
Domain
ad2.apx.appier.net
URL
https://ad2.apx.appier.net/v1/prebid/bid

Verdicts & Comments Add Verdict or Comment

107 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| sas object| adloox_pubint object| googletag object| anymindTS function| startAnyMindTS function| startAnymindTS function| gtag object| dataLayer object| gnshbrequest function| custom_call_ND object| ONEAD_TEXT object| ONEAD_text_pubs function| fbq function| _fbq string| labelToken string| category string| GoogleAnalyticsObject function| ga object| ggeac object| google_tag_data object| google_js_reporting_queue object| gaplugins object| gaGlobal object| gaData object| google_tag_manager object| google_reactive_ads_global_state boolean| gn_wrapper_executed object| gn_wrapper_queue object| gnpb string| gn_pvid string| gn_native_template object| __gn_config boolean| gnslibincluded boolean| __gnpb_analytics number| __gn_prebid_sampling_rate number| gn_aladdin_vendor_id number| gn_beacon_rate function| onYouTubeIframeAPIReady object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| YTk3NmUzMjkyZTQyZjBlNWxvYWRlcl9qcw== string| YTk3NmUzMjkyZTQyZjBlNWNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| google_tag_topics_state number| google_unique_id object| regeneratorRuntime object| ox_esp function| ONEAD_text_response object| ONEAD_TEXT_INFO function| ONEAD_text_response_40sqt function| text_etag_callback_40sqt function| custom_call_MIR object| _ONEAD object| ONEAD_pubs function| Vue object| renews function| getRenewsFeeds object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_159 object| Criteo object| Criteo_identitytag_159 object| app object| _33across object| YJ_YADS function| getGnshbrequestSlots object| gecptparams boolean| googFloatingToolbarManagerAsyncPositionUpdate object| google_ad_modifications number| google_global_correlator object| google_prev_clients boolean| 9d2700c3-bc29-40c6-bbf1-5c220bd8e245 object| YAHOO function| YadsTimelineManager function| yadsTimelinePoolAds object| YJ_UADF function| gAdController function| yadsDispatchDeliverProduct function| yadsRenderAd_v2 object| yadsInnerFuncs function| yadsRequestAsync number| __google_lidar_ function| __google_lidar_radf_ object| GoogleGcLKhOms object| google_image_requests

47 Cookies

Domain/Path Name / Value
.reurl.cc/ Name: _gid
Value: GA1.2.1693567136.1742964353
.reurl.cc/ Name: _gat
Value: 1
.reurl.cc/ Name: _fbp
Value: fb.1.1742964352838.440344226671414603
.reurl.cc/ Name: _ga
Value: GA1.1.646764243.1742964353
.reurl.cc/ Name: _ga_N394QBRGC0
Value: GS1.1.1742964353.1.0.1742964353.60.0.0
.reurl.cc/ Name: _ga_ZDFZCDVDK1
Value: GS1.1.1742964353.1.0.1742964353.0.0.0
.criteo.com/ Name: uid
Value: d4eca52d-3bef-4c59-a8d4-2a0e4cc5d7ec
.doubleclick.net/ Name: IDE
Value: AHWqTUm_YsKM0VN-4ough9dhATRB9R8h4icRrq_4IMzPHzDqRPSmwM-qDXm9hy4rsj4
.reurl.cc/ Name: __gads
Value: ID=9108f7a39ce1675e:T=1742964353:RT=1742964353:S=ALNI_Ma1vtvH_qGID4i43UgxWrqZMYZaiA
.reurl.cc/ Name: __gpi
Value: UID=000010865d546cc2:T=1742964353:RT=1742964353:S=ALNI_MbJzFAlJ_dU68Fv2n-hxS2M1_H73Q
.reurl.cc/ Name: __eoi
Value: ID=f38574e2354de41a:T=1742964353:RT=1742964353:S=AA-AfjaN4W0L-6umPS0BXG150rCT
onead.onevision.com.tw/ Name: onevision_guid
Value: 3309d0d1-09fd-11f0-9b1b-0242ac120002
onead.onevision.com.tw/ Name: oid
Value: 3309d0c4-09fd-11f0-9b1b-0242ac120002
reurl.cc/ Name: oid
Value: %257B%2522oid%2522%253A%25223309d0d1-09fd-11f0-9b1b-0242ac120002%2522%252C%2522ts%2522%253A-62135596800%252C%2522v%2522%253A%252220201117%2522%257D
.prnasia.com/ Name: __cf_bm
Value: ca0kx2UBqqDj2vq8xXEETmA.1tMLohzh5lHXxZEBPns-1742964353-1.0.1.1-HgnM6a_1KSbA3JLL7LdGH_YCHUS5QBGfpGtWhHRUBSykDPi9LOb9QPSxe9.OnB5_uCeeWwzMfLHS8skDbzFUZzq.ziQwb4QauWd5hh9tPCI
.adsrvr.org/ Name: TDID
Value: 3188e852-08d4-40f1-ab2c-917d4fa90976
.reurl.cc/ Name: ISMD5VERSION
Value: 1
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwiowuar-or2PRAFOAE.
.eyeota.net/ Name: mako_uid
Value: 195d0c56cee-2bb00000010a4e05
.eyeota.net/ Name: SERVERID
Value: 19973~DM
.yahoo.com/ Name: A3
Value: d=AQABBIKG42cCEPxeL2n7uGkxaSZfPambTmcFEgEBAQHY5GftZ9xH0iMA_eMAAA&S=AQAAAgt9pwSfPgLg_ts0cNQ2xLg
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: e0a726a458b8693316be6a8e64b7641c
.analytics.yahoo.com/ Name: IDSYNC
Value: 19d3~2o9g
.holmesmind.com/ Name: P
Value: 587676-xJ9SYqmnd2DxirvF3FeX6awAd0SRSEqP
.holmesmind.com/ Name: Vision
Value: 20250326-23:59,20250326-15,20250326-15,20250326-23:59
.holmesmind.com/ Name: C
Value: null
.holmesmind.com/ Name: RK
Value: null
.reurl.cc/ Name: FCNEC
Value: %5B%5B%22AKsRol_7qKJT3mQHxKhxhHDiRdJZU6zbvDHI36LOIJB_4QWPkMAoc5S5JNQmUqNzae8_Rs8dDQJxfrPO2BuFKwDvkT05GhBPqUvUy9zDFGljP5z4iY8HcDDY-5D_JlPe4LCcnAOIiOtNoK4T8vxe13Fsg3a3nAX86w%3D%3D%22%5D%5D
.holmesmind.com/ Name: fcm
Value: 1
.reurl.cc/ Name: _ss_pp_id
Value: 52f68eea6cf2eac1bde1743000354875
.reurl.cc/ Name: CFFPCKUUID
Value: 5429-46hua0PFS2krtGwUuoazgQibVAQIbRMK
.reurl.cc/ Name: CFFPCKUUIDMAIN
Value: 9612-VKt6sBhjZSfl1svYEBCmOJAfX5k19nav
.reurl.cc/ Name: FPUUID
Value: 9612-9bc81689f0b5e6d4e16298aafe43a17f
.reurl.cc/ Name: _tg_csi
Value: 1
.hinet.net/ Name: uuid
Value: f998a36e-3b10-4c5a-954d-db1c5f368129
track.91app.io/ Name: deviceid
Value: 0f1a8134-1ef1-4c17-aee3-7b69db0c08a3
.lndata.com/ Name: admckid
Value: 2503261245541900999
.reurl.cc/ Name: _td
Value: 10a0d58a-3d9d-4fe5-b852-e25a9af955fa
.popin.cc/ Name: uid
Value: 52f68eea6cf2eac1bde1743000354875
.reurl.cc/ Name: __htid
Value: f998a36e-3b10-4c5a-954d-db1c5f368129
.reurl.cc/ Name: _ht_em
Value: 1
.reurl.cc/ Name: _ht_f3244e
Value: 1
.reurl.cc/ Name: _ht_50ef57
Value: 1
.holmesmind.com/ Name: R
Value: null
.holmesmind.com/ Name: G
Value: we3u7ZGJymKY5J47cKd8kQ==
.reurl.cc/ Name: _ht_hi
Value: 1

2 Console Messages

Source Level URL
Text
rendering warning URL: https://reurl.cc/XqAx30(Line 75)
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0000D08841F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://blog.alphaloan.co/wp-content/uploads/2021/04/%E6%A8%82%E5%A4%A9%E8%B2%B8-%E4%BF%A1%E7%94%A8%E7%AE%A1%E7%90%86%E6%8C%87%E5%8D%97-1.jpg
Message:
Failed to load resource: net::ERR_CONNECTION_REFUSED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

03645f1727afbb47e4365cdc87f1dd1b.safeframe.googlesyndication.com
384abc650096ad08a42011c65298f066.safeframe.googlesyndication.com
5f708138ab692b83bdfd3dee094b1421.safeframe.googlesyndication.com
666a803caa4998daebc267a5c9c00760.safeframe.googlesyndication.com
a7393592d38620db98c8f66efce41717.safeframe.googlesyndication.com
ad-specs.guoshipartners.com
ad.holmesmind.com
ad.tagtoo.co
ad2.apx.appier.net
adx.holmesmind.com
analytics.google.com
anymind360.com
api.popin.cc
bcp.crwdcntrl.net
bidder.criteo.com
blog.alphaloan.co
cdn-ima.33across.com
cdn.forms.office.net
cdn.holmesmind.com
cdn.jsdelivr.net
cms.analytics.yahoo.com
connect.facebook.net
cpt.geniee.jp
creditcards.com.tw
ecs.tagtoo.co
ep1.adtrafficquality.google
ep2.adtrafficquality.google
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net
fundingchoicesmessages.google.com
gocm.c.appier.net
googleads.g.doubleclick.net
gum.criteo.com
img.gbyhn.com.tw
img.racingcharger.tw
invstatic101.creativecdn.com
log.popin.cc
match.adsrvr.org
mma.prnasia.com
oa.openxcdn.net
onead.onevision.com.tw
pagead2.googlesyndication.com
prebid-asia.creativecdn.com
prebid.scupio.com
ps.eyeota.net
r.popin.cc
re-news.tw
reurl.cc
s.w.org
securepubads.g.doubleclick.net
static.criteo.net
static.wixstatic.com
stats.g.doubleclick.net
storage.reurl.cc
t.ssp.hinet.net
td.doubleclick.net
trc.taboola.com
tw.popin.cc
uec.tagtoo.co
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
yads.c.yimg.jp
03645f1727afbb47e4365cdc87f1dd1b.safeframe.googlesyndication.com
ad.holmesmind.com
ad2.apx.appier.net
blog.alphaloan.co
ep1.adtrafficquality.google
f998a36e-3b10-4c5a-954d-db1c5f368129.t.ssp.hinet.net
prebid-asia.creativecdn.com
prebid.scupio.com
securepubads.g.doubleclick.net
t.ssp.hinet.net
103.1.220.9
103.132.192.30
104.18.28.101
107.178.241.176
119.63.193.220
119.63.198.143
119.63.198.188
119.63.198.189
151.101.1.55
168.95.246.1
172.105.221.29
182.22.31.124
192.0.77.48
192.0.78.24
2001:4998:14:800::1000
203.137.133.152
203.75.214.136
210.59.219.34
2600:141b:1c00:41::17db:2464
2600:9000:211c:5600:1e:5c56:d400:93a1
2600:9000:247b:a000:0:e06c:e940:93a1
2600:9000:247b:f800:0:e06c:e940:93a1
2606:4700:3034::ac43:961f
2606:4700::6812:60e1
2607:f8b0:4004:c17::9b
2607:f8b0:4006:808::2002
2607:f8b0:4006:809::2001
2607:f8b0:4006:80a::200e
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80c::2002
2607:f8b0:4006:80c::200e
2607:f8b0:4006:80e::2001
2607:f8b0:4006:80e::200e
2607:f8b0:4006:80f::2002
2607:f8b0:4006:816::2001
2607:f8b0:4006:817::2001
2607:f8b0:4006:817::2002
2607:f8b0:4006:81d::2008
2607:f8b0:4006:820::2001
2607:f8b0:4006:821::2004
2620:100:a00b::12
2620:100:a00b::30
2620:100:a00b::5
2a03:2880:f00e:13:face:b00c:0:3
2a03:2880:f10e:83:face:b00c:0:25de
2a04:4e42::300
2a04:4e42::485
3.33.220.150
34.102.146.192
34.102.218.41
34.107.150.21
34.111.12.34
34.149.98.30
34.160.26.175
34.197.192.192
34.204.120.14
34.96.70.87
35.185.130.121
35.190.36.98
54.178.103.138
0614ad45d47a5da6d9880c2e175c88526cd223c16d2121e48bab3a9e1121f55d
07fea18d054cafaccff84617e773becd6b1a931be70a84dfe3d684a354401d16
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c310205ab2dbf30ae9b8a24ee1359f493e1bf5c982c124e42af22b759ac07ce
0d6ea7f15b98f69ab162af494df563f3c419869b58500f83955f47fff3c5626d
0efa8291235243ad1438d266932112aecf4e7dca1963545a22d118cbe5d5d6e2
0fd813bae48835570858a2508d9c29900b8a4cddebff4a250e79ad12f8acbdcb
13b3fea42a999bd1edc7815ad83b8529ad25262807607a54101486b76d2a39a0
14d2fa7897b338f81c62614b8e09f853dd63465b3b3171907d8dd77a9ba5f610
151cda739f53c7a8fa322793629b43ca8e74497e9614774913715f0176a0b400
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
17df6563dd7eca74af924668cc8021f1f97c2f86042e9b646f77eb7a68a07037
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
22743d9dc93a38d7096ec7c9a02146da7a721ada15192d87e81d78ff53cb2f2a
22eec5c833074c7607ab8c43037581b847cedd1be64945129de63e3c1468f1f1
2650f0bf9347561322354447171981c0a052401f826695fec1281e29fa16c840
2d20dd38ed9ce2f98230cae5de9edc36f4e9f13a657ad80427a683323e8f4595
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f
2fe6033698794c25dc25b08e9d15089d5514b0994f5068ada9887b48db62e341
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
3108e15dfc911f1a730106ee1e44c941639e0b7add838d095680425e86d086c3
3126914235c96ad46f611498ff1be5890ff21979fe5a23d7ee349139552a693a
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30
3243bbf7e0e6d60ec2df3f15b164251090626eac099bb25ddc6dce7520d1198e
339a7278b591bcd28b10c703656eeb98bfe8e013265780c8cf35de410f4deb5b
3402df1af7b8665c51ac7e2d4fed5dc6cac147d61966672d9cf32a34acafedfe
3413211169d59c913dd19db17bc1ae4c478443631a3a365feaad6cd2a7b5247e
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
3788e61f7bc440fe97a60ca643279022f381edfdf8e4272c59ae049a40eeac04
3813fd6bb42f82082cc93bb2b08f680528281f0700c4e2d34c9eba1ad660b42a
39e8292ad09906fd5e18d008049394e98e2dddd45194c3ebee7f8e780c21aa3d
3df3e9a13132631718a2843cf49fff08f798133b4e6957562e31d48e42a0078b
3eb68d784662777b2df8d3273b7aec86744cb06d82a3f50251ed1b2b74a602a4
402a543f69f8ab5bbf3e2755788ad61981946c3f968a1b6b83a13c02fa689b34
46e977bd2e693545c10424af0ca8ae2061ce096d8e5658d997fa9ca60471e26d
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
53f98aba7750670f0dc7b13bbbb1a12ae29c1fd5b4c7b558ed43e5da984792f1
5404d9af6d898dd5e915beef38d2b6183982e39a557694e0821cf17139760509
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
54cee9fee34389ba3cd31ce3a08d5d7d507b233d1e983b2bd234921127abeb9d
5a5e5caf1959ecb84b0b65417beadb506ee682db45c1ea3d80d2098be5e6174e
5a871b13ede1754dec51e91e8f3ee35b98ff71fe42cf57d51cb574b004e3d4cd
5e2eefea6928cd99a8d3866622791cdc04876e64aa7c376131b3b90bf6ddbf9d
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6101005619b1d8a0e6d234dc41330613febb164b982205854bf7416cff6d43fd
62ee27c16b5eb486b975d2ee8bb1e4eb4199b2e23e398847010465859f3ed7de
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e
6690e3c30b0eededab18045eb475d854615ca6c2205a1ee112762ea1d1625484
67e32373ea375fa0fc63fec08d150a917959c91af080456c2dcfe68644705110
698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b
6db792f8234d214fd5b7223a555c03683438255d5f75bc3c38ec0891b5363ae4
72223c20f8ad08445b32a2b4843a0f04fe33cee40811ade04b21598cf67fbea3
73ae392d3e6fd2a480cd5e6eb0077f17af084abfda5e3bb5487f76c0277be87c
749079c4e18ad34ac381e98d3fa23e070937ae17b73e27bb066eae5350ed667d
76e0fe9b59aa81409567a77b7f5cfaebcbe6d1a5586d4979c5a83a327f68d517
7a536975ab3836722d889039bc5266311e5fa612112edaccc6575d75887b5025
7c0e68337b06d01900dd6d844ca8ab7500a20687f31b18a87b88dbaf61566896
80279f6baf172b794e35da391ac30711c57a3276abda4280d170920df9cca9b1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
851c3da53f870dab9f8fd365f8eb9af27af956d79a96f89f412f8baa5b7b1624
8a8c1e371b1df7e514e21c9e1392caa934646f73c2956543127a90b5e97faeb4
8aad7f034c2e39ee145189b327d6b1df64240486e08c7eba41d399e7e72797a6
8f73a10773dae7dadd7ca1e735ae7da6028aca748f9d01cff8aeebb462767c6e
9258f127e7037b233f7a77ba0b66814faa3c6e30a014dc4a754308235be3dd93
92f9f001e9f335dc3ba11338e516af016b641679e9195f7aeb9a753b05ee750a
93767b3b96776e880821c937f6ead482fa23fc03903ead57e5070e74b93a304a
95634eb651772e9ecc489c8a2e12cccb71cd06089ae3f03f8dab3654ce669c8c
98a13a8195bb791392a727d3dde6b0936e7a2f41f42f9ee5c9bf2b08f0d64865
9aa1a9dfb271e4ad94219ed388d8442b3b394caedb5771642df196ccc09385c3
9cf1114324a6653750f0f8af7783a744e45adadca47c48844e4ee0f11df269bf
a6a132211fe21475c262557eeb7c3efad716f5ece2f3552e2894e097a9fd7bf0
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ad2326b2b2d6e061b8ea119edf28b19c65ad2c65d9152fd264ec275de5b314b5
b049b025813709783b10448b65d383a83d3504b2975c1f829f0280f43c32249d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6346ec755a2aac6af52cb1deb7ad54a1acffa3442a1a0d4de5245b12b881958
b6c5af2d5c532a14b5aa51656c9d5e8be329b1424ec1df2947ad2de309622448
b914b8e3505c5181de490adece9d125e24c1f738b6e784c654f76b100972bb35
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5
ba17ede1117181a80c53cd062b8888bccf458b5d39978b5078172431c3325a22
bc73ed340ef20534b613afea9bd95f199a55b77beab7c472e92ad92b4e39a1aa
bfe64a3cc6ae4020cab7a46d4731bf06c867e0b623cffd3efd2f83d92dd1b817
c2adf5aeffa3893601da002038c0b61a5ed2511a8dff85c882e5f8d58cf52d8b
cc423800fc99b73cfff97ecd01a962b6ee2d6839b4c581b731413b5dac886075
cd0db2d68f6fb00e1197e823f47e1f53aa2aa2ae85228a5e5d04a4a863629cc1
cd76bd6be7366ec88b60a31b6509d94c6a7a9552ab812e0646f60c05813f9af1
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda
d590dc7c95b44e7c882fc78dad5ca260574f5480572c835e265bc2434411dcb2
dda1acd2c0245b63823a0738dd053df858589ef769e9461949b5b9c8577ad697
ddd9d29beabaeecc9c76408242dfc2b76305ec52511992d3cfbc81a500ee0670
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1fc915a5fe4e34a2a4ee45bf1b9e292e15cb607acbef3e678e38b40bd5371d2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7e4fb9b3b1239835abc60fd16d2e64da36bfa919b8e81f11eea442c2bbf05f2
e9b96bc538ceb220fc5caff0d0a67916b74cf07b2bada0b3296a17b1b99c9990
ec9460159d2566e80764e43cb19edb0d9371d4663d2f124fd892a7ab2ea3cb9c
ed1353670cbe52a301571e6717fab543726f43f7bed2edd0ffca2e74f6a1d8bf
ee55c68fc2c26f92ef98cf06c0762b56b1f872922c0ebefbd3a442596d46cbcf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f253290fcc29f7f2a23f88a3c984a239539b7482cc449ea1f8e7fdff324ec99a
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b
f8b2dcfabca6c1b85affe6719687a34e0d00e41355456a80367f2f93104e1308
fcf4b958769eb294a5743dffac9b9def998a568b1126f9ca3d270c9cc67268d3
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99