reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://reurl.cc/
Effective URL:
https://reurl.cc/main/tw
Submission: On June 24 via manual (June 24th 2022, 6:25:10 am UTC) from IN — Scanned from DE

Summary HTTP 429 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 56 IPs in 8 countries across 53 domains to perform 429 HTTP transactions. The main IP is 35.185.130.121, located in Taipei, Taiwan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reurl.cc. The Cisco Umbrella rank of the primary domain is 218275.
TLS certificate: Issued by R3 on May 25th 2022. Valid for: 3 months.

This is the only time reurl.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 9	35.185.130.121 35.185.130.121	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.149.98.30 34.149.98.30	15169 (GOOGLE) (GOOGLE)
51	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1 1	84.17.46.53 84.17.46.53	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
45	2600:9000:215... 2600:9000:2156:d000:0:e06c:e940:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	35.244.196.223 35.244.196.223	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
2	23.75.245.170 23.75.245.170	16625 (AKAMAI-AS) (AKAMAI-AS)
3 9	35.201.76.93 35.201.76.93	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
17	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
46	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
6	2600:9000:215... 2600:9000:2156:8a00:3:1794:2540:93a1	16509 (AMAZON-02) (AMAZON-02)
1	35.227.202.26 35.227.202.26	15169 (GOOGLE) (GOOGLE)
2 4	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
4	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.78.187 192.0.78.187	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.78.244 192.0.78.244	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	34.102.176.152 34.102.176.152	15169 (GOOGLE) (GOOGLE)
6	52.197.44.129 52.197.44.129	16509 (AMAZON-02) (AMAZON-02)
8	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	210.59.219.181 210.59.219.181	3462 (HINET Dat...) (HINET Data Communication Business Group)
7 14	34.96.119.68 34.96.119.68	15169 (GOOGLE) (GOOGLE)
7 7	172.104.105.5 172.104.105.5	63949 (LINODE-AP...) (LINODE-AP Linode)
6	34.117.219.39 34.117.219.39	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	103.132.192.30 103.132.192.30	138552 (RTBHOUSE-...) (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD.)
3	116.50.36.71 116.50.36.71	18046 (DONGFONG-...) (DONGFONG-TW DongFong Technology Co. Ltd.)
12 31	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
3	35.227.249.156 35.227.249.156	15169 (GOOGLE) (GOOGLE)
4	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
12	52.198.234.122 52.198.234.122	16509 (AMAZON-02) (AMAZON-02)
3 12	162.210.196.208 162.210.196.208	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
9	2606:4700:20:... 2606:4700:20::ac43:47fe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	142.250.186.162 142.250.186.162	() ()
3	2a00:1450:400... 2a00:1450:4001:811::2001	() ()
30	2a00:1450:400... 2a00:1450:4001:812::2001	() ()
3	2a00:1450:400... 2a00:1450:4001:827::2002	() ()
3 5	104.18.19.126 104.18.19.126	() ()
37	2a00:1450:400... 2a00:1450:4001:82a::2006	() ()
6	142.250.185.66 142.250.185.66	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:12::1370	() ()
2	3.33.220.150 3.33.220.150	() ()
1 1	85.114.159.93 85.114.159.93	() ()
4 4	52.58.8.248 52.58.8.248	() ()
4 4	104.36.113.23 104.36.113.23	() ()
1 1	2600:9000:215... 2600:9000:2156:4200:1b:5138:8a40:93a1	() ()
2	35.244.159.8 35.244.159.8	() ()
2	104.90.161.232 104.90.161.232	() ()
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	() ()
1 1	159.122.14.34 159.122.14.34	() ()
1 1	2a05:d018:d29... 2a05:d018:d29:3602:cba9:630b:f07c:688c	() ()
2 2	52.17.116.244 52.17.116.244	() ()
1 2	51.89.9.251 51.89.9.251	() ()
3 4	185.94.180.126 185.94.180.126	() ()
2 2	18.156.0.31 18.156.0.31	() ()
2 2	18.193.237.214 18.193.237.214	() ()
1 1	185.29.132.241 185.29.132.241	() ()
2 2	54.229.65.185 54.229.65.185	() ()
1 1	69.173.144.138 69.173.144.138	() ()
429	56

9 35.185.130.121 (Taipei, Taiwan) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.98.30 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 30.98.149.34.bc.googleusercontent.com

storage.reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 84.17.46.53 (Amsterdam, Netherlands) 1 redirects

ASN60068 (CDN77 ^_^, GB)
PTR: unn-84-17-46-53.cdn77.com

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2600:9000:2156:d000:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.196.223 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 223.196.244.35.bc.googleusercontent.com

storage.re-news.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.75.245.170 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-245-170.deploy.static.akamaitechnologies.com

static-tagr.gd1.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.201.76.93 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 93.76.201.35.bc.googleusercontent.com

c.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 203.75.214.136 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2156:8a00:3:1794:2540:93a1 (United States)

ASN16509 (AMAZON-02, US)

adcdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.202.26 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 26.202.227.35.bc.googleusercontent.com

tw-gmtdmp.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.220.244 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

img.racingcharger.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.gbyhn.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.187 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

blog.alphaloan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.244 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

creditcards.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.176.152 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 152.176.102.34.bc.googleusercontent.com

static.wixstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.197.44.129 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-197-44-129.ap-northeast-1.compute.amazonaws.com

ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 210.59.219.181 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)

prebid.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 34.96.119.68 (Kansas City, United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: 68.119.96.34.bc.googleusercontent.com

ad2.apx.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.104.105.5 (Tokyo, Japan) 7 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1715-5.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.117.219.39 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 39.219.117.34.bc.googleusercontent.com

fp.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net

prebid-asia.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 116.50.36.71 (Taiwan)

ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW)

cm.lndata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 172.217.16.130 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.249.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.249.227.35.bc.googleusercontent.com

m.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.198.234.122 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com

ccm.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 162.210.196.208 (McLean, United States) 3 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

ads.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:20::ac43:47fe (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.aralego.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.162 (None, )

ASN- ()

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2001 (None, )

ASN- ()

7ab8616f7bce8d803f3fbcd11a78b642.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
16453c646dc8bcc444ddd022bc7b3391.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
19e72da6586dc9f78496c79497de15c0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:812::2001 (None, )

ASN- ()

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2002 (None, )

ASN- ()

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.19.126 (None, ) 3 redirects

ASN- ()

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:82a::2006 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.66 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1370 (None, )

ASN- ()

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.58.8.248 (None, ) 4 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.36.113.23 (None, ) 4 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:4200:1b:5138:8a40:93a1 (None, ) 1 redirects

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (None, )

ASN- ()

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.90.161.232 (None, )

ASN- ()

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (None, ) 2 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.122.14.34 (None, ) 1 redirects

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:cba9:630b:f07c:688c (None, ) 1 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.116.244 (None, ) 2 redirects

ASN- ()

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.251 (None, ) 1 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.126 (None, ) 3 redirects

ASN- ()

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (None, ) 2 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.237.214 (None, ) 2 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.229.65.185 (None, ) 2 redirects

ASN- ()

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (None, ) 1 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
87	holmesmind.com 3 redirects cdn.holmesmind.com — Cisco Umbrella Rank: 132990 c.holmesmind.com — Cisco Umbrella Rank: 99184 fcm.holmesmind.com Failed adcdn.holmesmind.com — Cisco Umbrella Rank: 132236 ad.holmesmind.com — Cisco Umbrella Rank: 90055 fp.holmesmind.com — Cisco Umbrella Rank: 128422 m.holmesmind.com — Cisco Umbrella Rank: 214879 ccm.holmesmind.com — Cisco Umbrella Rank: 260856	266 KB
84	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 7ab8616f7bce8d803f3fbcd11a78b642.safeframe.googlesyndication.com 16453c646dc8bcc444ddd022bc7b3391.safeframe.googlesyndication.com 19e72da6586dc9f78496c79497de15c0.safeframe.googlesyndication.com tpc.googlesyndication.com	1 MB
58	doubleclick.net 12 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 stats.g.doubleclick.net — Cisco Umbrella Rank: 119 cm.g.doubleclick.net — Cisco Umbrella Rank: 205 securepubads.g.doubleclick.net googleads4.g.doubleclick.net	598 KB
46	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 84669 62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net 1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net	33 KB
37	2mdn.net s0.2mdn.net	520 KB
21	appier.net 14 redirects ad2.apx.appier.net — Cisco Umbrella Rank: 37324 gocm.c.appier.net — Cisco Umbrella Rank: 2352	3 KB
16	google.com adservice.google.com — Cisco Umbrella Rank: 92 www.google.com — Cisco Umbrella Rank: 8	5 KB
12	aralego.com 3 redirects ads.aralego.com — Cisco Umbrella Rank: 33203 sync.aralego.com — Cisco Umbrella Rank: 2245	6 KB
10	reurl.cc 2 redirects reurl.cc — Cisco Umbrella Rank: 218275 storage.reurl.cc	20 KB
9	aralego.net cdn.aralego.net — Cisco Umbrella Rank: 6191	133 KB
8	criteo.net static.criteo.net — Cisco Umbrella Rank: 606	157 KB
8	google.de adservice.google.de — Cisco Umbrella Rank: 7751 www.google.de — Cisco Umbrella Rank: 5448	2 KB
6	creativecdn.com prebid-asia.creativecdn.com — Cisco Umbrella Rank: 17702	1020 B
6	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 429	127 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	4 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com	2 KB
4	turn.com 2 redirects ad.turn.com r.turn.com	2 KB
4	pubmatic.com 4 redirects image6.pubmatic.com	2 KB
4	bidswitch.net 4 redirects x.bidswitch.net	3 KB
4	criteo.com bidder.criteo.com — Cisco Umbrella Rank: 744	837 B
4	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 867	801 B
4	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 244	3 KB
3	yahoo.com 3 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	2 KB
3	googletagservices.com www.googletagservices.com	127 KB
3	lndata.com cm.lndata.com — Cisco Umbrella Rank: 151683	1 KB
3	mookie1.com static-tagr.gd1.mookie1.com — Cisco Umbrella Rank: 40206 tw-gmtdmp.mookie1.com — Cisco Umbrella Rank: 347679	3 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49	20 KB
2	avct.cloud 2 redirects ads.avct.cloud	890 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	onetag-sys.com 1 redirects onetag-sys.com	486 B
2	360yield.com 2 redirects match.360yield.com	788 B
2	teads.tv sync.teads.tv	344 B
2	openx.net us-u.openx.net	420 B
2	adsrvr.org match.adsrvr.org	529 B
2	scupio.com prebid.scupio.com — Cisco Umbrella Rank: 59979	209 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	9 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	34 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	461 B
1	mathtag.com 1 redirects sync.mathtag.com	862 B
1	simpli.fi 1 redirects um.simpli.fi	709 B
1	smaato.net 1 redirects s.ad.smaato.net	443 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	586 B
1	dotomi.com dclk-match.dotomi.com	104 B
1	wixstatic.com static.wixstatic.com — Cisco Umbrella Rank: 5126	1 MB
1	wp.com i0.wp.com — Cisco Umbrella Rank: 3319	24 KB
1	creditcards.com.tw creditcards.com.tw	23 KB
1	alphaloan.co blog.alphaloan.co	180 KB
1	gbyhn.com.tw img.gbyhn.com.tw	80 KB
1	racingcharger.tw img.racingcharger.tw	139 KB
1	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 532	5 KB
1	re-news.tw storage.re-news.tw	5 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 231	5 KB
1	rawgit.com 1 redirects cdn.rawgit.com — Cisco Umbrella Rank: 9565	724 B
429	53

	Domain	Requested by
51	pagead2.googlesyndication.com	reurl.cc pagead2.googlesyndication.com ads.aralego.com securepubads.g.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
45	cdn.holmesmind.com	reurl.cc cdn.holmesmind.com ad.holmesmind.com
37	s0.2mdn.net	reurl.cc s0.2mdn.net googleads.g.doubleclick.net
37	t.ssp.hinet.net	cdn.holmesmind.com t.ssp.hinet.net
31	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net reurl.cc
30	tpc.googlesyndication.com	securepubads.g.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com reurl.cc pagead2.googlesyndication.com
14	ad2.apx.appier.net	7 redirects reurl.cc
12	ccm.holmesmind.com	reurl.cc cdn.holmesmind.com
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
9	securepubads.g.doubleclick.net	cdn.aralego.net securepubads.g.doubleclick.net
9	cdn.aralego.net	reurl.cc ads.aralego.com
9	www.google.com	reurl.cc googleads.g.doubleclick.net tpc.googlesyndication.com
9	c.holmesmind.com	3 redirects reurl.cc cdn.holmesmind.com
9	reurl.cc	2 redirects reurl.cc
8	static.criteo.net	cdn.holmesmind.com reurl.cc static.criteo.net
7	gocm.c.appier.net	7 redirects
7	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
7	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
6	googleads4.g.doubleclick.net	reurl.cc
6	sync.aralego.com	ads.aralego.com reurl.cc
6	ads.aralego.com	3 redirects ads.aralego.com
6	prebid-asia.creativecdn.com	cdn.holmesmind.com
6	fp.holmesmind.com	cdn.holmesmind.com
6	ad.holmesmind.com	cdn.holmesmind.com
6	adcdn.holmesmind.com	cdn.holmesmind.com
6	cdn.jsdelivr.net	reurl.cc
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net	cdn.holmesmind.com t.ssp.hinet.net reurl.cc
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	image6.pubmatic.com	4 redirects
4	x.bidswitch.net	4 redirects
4	bidder.criteo.com	static.criteo.net
4	62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net	reurl.cc t.ssp.hinet.net
4	partner.googleadservices.com	pagead2.googlesyndication.com
4	ib.adnxs.com	2 redirects static-tagr.gd1.mookie1.com googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net
3	m.holmesmind.com	cdn.holmesmind.com
3	cm.lndata.com	cdn.holmesmind.com
3	www.google-analytics.com	reurl.cc www.google-analytics.com
2	ads.avct.cloud	2 redirects
2	pm.w55c.net	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	onetag-sys.com	1 redirects googleads.g.doubleclick.net
2	match.360yield.com	2 redirects
2	r.turn.com	googleads.g.doubleclick.net
2	ad.turn.com	2 redirects
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	match.adsrvr.org	googleads.g.doubleclick.net
2	prebid.scupio.com	cdn.holmesmind.com
2	www.facebook.com	reurl.cc
2	static-tagr.gd1.mookie1.com	cdn.holmesmind.com
2	connect.facebook.net	reurl.cc connect.facebook.net
1	pixel.rubiconproject.com	1 redirects
1	sync.mathtag.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	um.simpli.fi	1 redirects
1	s.ad.smaato.net	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	19e72da6586dc9f78496c79497de15c0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	16453c646dc8bcc444ddd022bc7b3391.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	7ab8616f7bce8d803f3fbcd11a78b642.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	static.wixstatic.com	reurl.cc
1	i0.wp.com	reurl.cc
1	creditcards.com.tw	reurl.cc
1	blog.alphaloan.co	reurl.cc
1	img.gbyhn.com.tw	reurl.cc
1	img.racingcharger.tw	reurl.cc
1	www.google.de	reurl.cc
1	stats.g.doubleclick.net	www.google-analytics.com
1	tw-gmtdmp.mookie1.com	reurl.cc
1	static.xx.fbcdn.net	www.facebook.com
1	storage.re-news.tw	reurl.cc
1	cdnjs.cloudflare.com	reurl.cc
1	cdn.rawgit.com	1 redirects
1	storage.reurl.cc	reurl.cc
0	fcm.holmesmind.com Failed	cdn.holmesmind.com
429	78

This site contains links to these domains. Also see Links.

Domain
imgus.cc
youtils.cc
re-news.tw
stockinfo.tw

Subject Issuer	Validity	Valid
reurl.cc R3	`2022-05-25` - `2022-08-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
storage.reurl.cc GTS CA 1D4	`2022-05-06` - `2022-08-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2022-05-19` - `2023-06-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-04-02` - `2022-07-01`	3 months	crt.sh
storage.re-news.tw GTS CA 1D4	`2022-05-04` - `2022-08-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
static-tagr.gd1.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-03` - `2022-12-01`	a year	crt.sh
*.ssp.hinet.net	`2021-10-12` - `2022-10-12`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.gbyhn.com.tw E1	`2022-06-06` - `2022-09-04`	3 months	crt.sh
tls.automattic.com R3	`2022-05-10` - `2022-08-08`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-11` - `2023-07-12`	a year	crt.sh
*.wixstatic.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-30` - `2022-10-27`	6 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.scupio.com Sectigo RSA Organization Validation Secure Server CA	`2021-10-13` - `2022-11-13`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.t.ssp.hinet.net	`2022-04-14` - `2023-04-14`	a year	crt.sh
*.lndata.com GeoTrust RSA CA 2018	`2021-11-29` - `2022-12-07`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh
*.aralego.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-21` - `2022-11-20`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
teads.tv R3	`2022-06-01` - `2022-08-30`	3 months	crt.sh

This page contains 68 frames:

Primary Page: https://reurl.cc/main/tw
Frame ID: B17B7AE9C233B4E48EF67266656765C9
Requests: 46 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 44D8F5DEC2FF98A771E5D5054F769CB5
Requests: 5 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 396A7E73DD32F596978A97416287A29A
Requests: 19 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Frame ID: 8F7B2AA528F80C67C65CE6676B2C8FDF
Requests: 2 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: C5C968FF0E282D7EF516F01C676BD3F7
Requests: 5 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 03DF9732094446469EDECAAE1217076D
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: B568BD535419F03425F329844F4EB6A5
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20190131/zrt_lookup.html
Frame ID: B99705A043AAEAE55CA878244546AED3
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 9D29C8F9A2AF065C18D896DF5C5557C7
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 3DD673EE98ECEB7FAC4D0695BA0474F4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1004948140419605&output=html&adk=1812271804&adf=3025194257&lmt=1656051904&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051904273&bpp=3&bdt=458&idt=106&shv=r20220622&mjsv=m202206160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=826074966906&frm=20&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051904&ga_hid=678803555&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44761044%2C31067769%2C31068195%2C42531606&oid=2&pvsid=1467707561657240&tmod=1063046402&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=156
Frame ID: 7CE23644EA8C2E3BB58FF9928E6047AD
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: 02091E466EDE1002AA9BE4FFF7EEDCBB
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: BB1364DD7B74479483BE199C4B5C89A1
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: E3F7C52431C291DE139D672FC128C6F4
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/init.js
Frame ID: FBFF8E66B40CAA989F99E02885C5C42F
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/init.js
Frame ID: C36B94E5D6646AD7A81F0123358E70AD
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 883AF6EAA7A67EA4EE42A809F2EC5361
Requests: 9 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: E943E5DD4CBFBC18B1731086C73CAECD
Requests: 18 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 90E460EEB97E18D43308F205C6A7EF75
Requests: 9 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 48A7709F8FC191DEFB3B939872BD395E
Requests: 17 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: D7F62D234809B11D17CF891B2D3B959E
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 03D063E1F6C4CF845B2C3D0F0F2546C0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/init.js
Frame ID: DE807BD3ECC414D2EED33BF743B56B69
Requests: 6 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: DED4F0EE1A91A12FB61497DEE22364D0
Requests: 9 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 45CFAFBBA2E9ED3DD77B80674B622E99
Requests: 17 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 54029A51C6D07F2220EF18B5B20CD2B7
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: 7D592C0148A533DC98CA0ED1C90D3159
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: CF265ED7DC348602B6871E3139320578
Requests: 1 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Frame ID: 69DDD48A99FD488CD9C82283B4A3AA30
Requests: 1 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Frame ID: 1A8051FFA3F9D505D3B27AC48419D077
Requests: 5 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Frame ID: A753060CEF4BB45092122C223ACD6E03
Requests: 5 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Frame ID: 48EF6D545CE6F19F1307D5ADE0BBA604
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: BA099DF9BF1CBBB23B86B652AAFEF04E
Requests: 8 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: 88FAACD5844FD17FF092A392B8230354
Requests: 9 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: 3B2C8A88CDB59D03B92A49274031A616
Requests: 9 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: 168762DFCDC4654D12B8FA2E15246F01
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12683&adk=2922729533&adf=2645242779&pi=t.ma~as.2784%2F12683&w=970&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908363&bpp=11&bdt=407&idt=77&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051908&ga_hid=1669365375&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=936&biw=1600&bih=1200&isw=970&ish=250&ifk=3978344474&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31065742%2C31068031%2C31068187&oid=2&pvsid=825385243156423&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b5e95znbqzvq&fsb=1&dtd=97
Frame ID: 1D4FC50F7FC478C99866CD81D6E65376
Requests: 15 HTTP requests in this frame

Frame: https://7ab8616f7bce8d803f3fbcd11a78b642.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Frame ID: 89173D542201447456F98FF56A92A109
Requests: 1 HTTP requests in this frame

Frame: https://16453c646dc8bcc444ddd022bc7b3391.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Frame ID: 75C975DE9A2E7B30C9791AFCBA1209C4
Requests: 1 HTTP requests in this frame

Frame: https://19e72da6586dc9f78496c79497de15c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
Frame ID: 36747ADE52112155576F74F9AC329744
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 3A3516CBB45797A048289066DB88B191
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYi_avvwEwAQ&v=APEucNVBmxYmOPfGowxt0uuYBewkd4rExD5itoOt5pEbEW-EMs88ljA6GTC4tnfxWwvZiG5kW8ZlmRiUx_xeANw4hBDe0TMnT9mJ5-7l7NjLH0fZnG-FevpPmH_oZ0CUaqYHpX5yJLdSl-_m7cmVdbTLkEUmIriC0ukRQSyfLUYN2zWDQzVCxmI
Frame ID: CC67AEE9D8F5634A65BCAE4C1EDCADBB
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1E3D12A2F4BA8C8609D62DE98DDD12A3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E4C365795B790A6B93BFE9527A0990F7
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7B7F9FA0B25E3D5D5BF42DDC01FA37B2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C80B918D8013A224C2D02E8AE5E3EC9C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146
Frame ID: 5DE70CFC727FAAB0A704DFC113352C77
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: ACDC76A196C1BD511CE257C32B9E578E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A3AE5C8766BECA5930D5C2FB38F1A8CF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5D175A2755BB8D91E9BA49A389F09A62
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
Frame ID: 4C14691AB8D360A1D752632273A9515A
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5B11D3F19E97AAEB624480D007574DF7
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 01209191B722C58B12EF735AF8158FEC
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNUrGkCrWTClIpz7pOrLBW_p6yF9pfs2TfVmYKbU0G-t-Oc_8vuFlcG38On-XlotDxD14u-LJTQSFDJPvoYA-tEQE4Hp2uK8-ZKj_FYE7xd-q05WUuP85YsdcXKAK4dhbdXB879Qoeh9NAstH3uFmxXWgycgC9QyQZ0lO6Q075vDpLz5qss
Frame ID: 68D0D796D4229D1324C9241D379F123B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193
Frame ID: B937FE699A96BDCC97F4AD829BBEE17F
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5B955BFCACEA93F5C18D578265F7F594
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AADDC4CD3106D0C9F62582F8D5A06EAB
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8169253649497119168/DE_Consideration_Contradictions_White_DIS_HTML5_300x250.html
Frame ID: 330DE1167175BB0AB39415251D98E32E
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 355D7564937F95FE9ADC6FCFBC3EAB67
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNWK8XD0Oi3lzRzaZOa59wNeroMt3Pqg7K3Jo0PR5OjVTDDzZnOgrm7UJaCat4DzNNMkQlLht2PVoy-xWDK1aLgNro80S3Lld61N_2AK3OrMA8dzt7It6qDf06BDk5zj20HbqH4KEimdaHwL8kN1kJOdJnT1A46wHs-wsbXvnaCO1xE6-Eo
Frame ID: 9CC322A62D73E8C0EF79749A835DF76F
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D99D6C9FD630777EF3CA8AA074D72655
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E451F095338146C69C39A0F7017F7CF8
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10281115190008352125/DE_Consideration_Contradictions_Black_DIS_HTML5_300x250.html
Frame ID: 1B27B38B4B8DF08128BE95EE666325EA
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4236F08DF9789FF9F605DA0617FECB45
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 85DCDCAEB59A3AE1B3363F12B58CDD9C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5889725041394F929928035E16F1F9D6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7519B8047B351A2ED009B2952D6E5931
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1B46BF0206143CEFAEE7B276B2BC7C4D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

縮短網址產生器 - reurl

Page URL History Show full URLs

http://reurl.cc/ HTTP 301
https://reurl.cc/ HTTP 302
https://reurl.cc/main/tw Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Axios (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

sweetalert2(?:\.all)?(?:\.min)?\.js
/npm/sweetalert2@([\d.]+)
sweetalert2@([\d.]+)/dist/sweetalert2(?:\.all)(?:\.min)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

429
Requests

89 %
HTTPS

38 %
IPv6

53
Domains

78
Subdomains

56
IPs

8
Countries

4843 kB
Transfer

9226 kB
Size

30
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://imgus.cc/
Title: 縮圖片

Search URL Search Domain Scan URL

URL: https://youtils.cc/yt-dlp/main/zh-hants
Title: 下載youtube

Search URL Search Domain Scan URL

URL: https://youtils.cc/utm
Title: 什麼是utm?

Search URL Search Domain Scan URL

URL: https://re-news.tw/racingcharger/28448

Search URL Search Domain Scan URL

URL: https://re-news.tw/gbyhn/39395

Search URL Search Domain Scan URL

URL: https://re-news.tw/alphaloan/24662

Search URL Search Domain Scan URL

URL: https://re-news.tw/creditcard/260313

Search URL Search Domain Scan URL

URL: https://re-news.tw/golike/2713

Search URL Search Domain Scan URL

URL: https://re-news.tw/zocha/62ac3baf046fbcdeb316da93

Search URL Search Domain Scan URL

URL: https://youtils.cc/emoji
Title: 表情符號(emoji)

Search URL Search Domain Scan URL

URL: https://youtils.cc/geoip
Title: IP查詢

Search URL Search Domain Scan URL

URL: https://youtils.cc/big5gb
Title: 繁簡轉換

Search URL Search Domain Scan URL

URL: https://youtils.cc/qrcode
Title: QRCode

Search URL Search Domain Scan URL

URL: https://youtils.cc/length
Title: 身高/長度換算

Search URL Search Domain Scan URL

URL: https://stockinfo.tw/
Title: 台股資訊網

Search URL Search Domain Scan URL

URL: https://youtils.cc/wordcounter/zh-Hants
Title: 字數統計

Search URL Search Domain Scan URL

URL: https://youtils.cc/password/zh-Hants
Title: 密碼序號產生器

Search URL Search Domain Scan URL

URL: https://youtils.cc/dateCalculator
Title: 日期計算機

Search URL Search Domain Scan URL

URL: https://youtils.cc/lunarCalendar
Title: 農曆轉國曆

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://reurl.cc/ HTTP 301
https://reurl.cc/ HTTP 302
https://reurl.cc/main/tw Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://cdn.rawgit.com/zenorocha/clipboard.js/v1.7.1/dist/clipboard.min.js HTTP 301
https://cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/clipboard.min.js

Request Chain 26

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 34

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 39

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 76

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

Request Chain 94

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

Request Chain 95

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

Request Chain 119

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEM-ZEjF81c1c8scRCKTJyIE&google_cver=1

Request Chain 125

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEGnJd297jI1_W_6jxkws1Ao&google_cver=1

Request Chain 136

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

Request Chain 137

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

Request Chain 146

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEM-ZEjF81c1c8scRCKTJyIE&google_cver=1

Request Chain 156

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

Request Chain 185

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

Request Chain 204

https://ads.aralego.com/sdk HTTP 301
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

Request Chain 207

https://ads.aralego.com/sdk HTTP 301
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

Request Chain 210

https://ads.aralego.com/sdk HTTP 301
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

Request Chain 267

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1&C=1

Request Chain 268

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YrVYxDFwN3fU77OEvGDsbAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1

Request Chain 269

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJhCKu8RcSphGIsmUNMs6Vk&google_cver=1

Request Chain 270

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYwMTU3MDgxMzkwMjMxNjY4Mg%3D%3D

Request Chain 297

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAK2YT9eqGTXehNhYCBomco&google_cver=1&google_push=ARnp8GDyoN4l9r4ZpPnySEXJBfWthN3-kpFdhgkRz9bEapScAjQhn2U4CHjkwbh4t60HyIBeyGZNZmbyQkDwqWpNmZ6Iv8LF0bDH4Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzExMjY4ODc4OTYzODA4NDc1Ng%3D%3D&google_push=ARnp8GDyoN4l9r4ZpPnySEXJBfWthN3-kpFdhgkRz9bEapScAjQhn2U4CHjkwbh4t60HyIBeyGZNZmbyQkDwqWpNmZ6Iv8LF0bDH4Q

Request Chain 298

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMQViUHQRyUb-1zPejJ4Ozk&google_cver=1&google_push=ARnp8GBJ8AhfvUZXM44X9JPLsA3yo6_7gg-qJNQLzY9HBECrSubiFI9J6hlQrVo_0nk5ynB8SKQ5qMriY9biGGS2O_j1aENGLpDtgg HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEMQViUHQRyUb-1zPejJ4Ozk&google_cver=1&google_push=ARnp8GBJ8AhfvUZXM44X9JPLsA3yo6_7gg-qJNQLzY9HBECrSubiFI9J6hlQrVo_0nk5ynB8SKQ5qMriY9biGGS2O_j1aENGLpDtgg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GBJ8AhfvUZXM44X9JPLsA3yo6_7gg-qJNQLzY9HBECrSubiFI9J6hlQrVo_0nk5ynB8SKQ5qMriY9biGGS2O_j1aENGLpDtgg&google_hm=87gpYmUqTQWDWPMrq4hsHQ==

Request Chain 299

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGC9Z5desE-IcYR1UMCDyS4&google_cver=1&google_push=ARnp8GDRteo8x6OIQXROauKW6fw_hcxH0dshaM6briNm-a24CvR0o0F1WircspOoj6ABFE5gq0lB9xhFLmAZoKJ0ZEUa-TO0keVS HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGC9Z5desE-IcYR1UMCDyS4&google_cver=1&google_push=ARnp8GDRteo8x6OIQXROauKW6fw_hcxH0dshaM6briNm-a24CvR0o0F1WircspOoj6ABFE5gq0lB9xhFLmAZoKJ0ZEUa-TO0keVS&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=euZTItr7R9CKDANxul-rGg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDRteo8x6OIQXROauKW6fw_hcxH0dshaM6briNm-a24CvR0o0F1WircspOoj6ABFE5gq0lB9xhFLmAZoKJ0ZEUa-TO0keVS

Request Chain 300

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESECS4UvZcnrs0_LblPk-Qwzg&google_cver=1&google_push=ARnp8GDqYT_jPl9qS4Z3Ei69fsYsMfUnPlW3Yk2Zs95EpddcUIJODkYq6P2HhF0hoj9ShHAUFxDkcGzzJ28IKGS1GCUSzarbwUqf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ARnp8GDqYT_jPl9qS4Z3Ei69fsYsMfUnPlW3Yk2Zs95EpddcUIJODkYq6P2HhF0hoj9ShHAUFxDkcGzzJ28IKGS1GCUSzarbwUqf

Request Chain 338

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPCzMo_lIosTI5Q4ASBxENQ&google_cver=1

Request Chain 340

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEJ405pRbf7pD3TSzBpOI3G4&google_cver=1

Request Chain 363

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1&google_push=ARnp8GDL0gPUcY1tcDfha7fx0CZ9RVGwupRb6IADX7EzIel4zM3hJpQdxKNA4fhiaev1-h-5Mu2C5FmH-1usgvaqt_vaCAVWWO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDM3NzU4MTkwMDI5MTkxNjQyOQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1

Request Chain 364

https://um.simpli.fi/gp_match?google_gid=CAESELFGAkH9tGMr5OrGev77JS8&google_cver=1&google_push=ARnp8GC6xXiIS-fq-3ZhirI754EzUZfgCcH8P51GxBFaZ88n_XZ9nJcW8Iv0y0hz-DmV6mE44zMIQi-oDBpoXyQuN98ndQ1jeCU4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=4E4037BAAB2348A483080A32B0DC2367&google_push=ARnp8GC6xXiIS-fq-3ZhirI754EzUZfgCcH8P51GxBFaZ88n_XZ9nJcW8Iv0y0hz-DmV6mE44zMIQi-oDBpoXyQuN98ndQ1jeCU4

Request Chain 365

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHufvxqwZMpZO4DW0Kaiw30&google_cver=1&google_push=ARnp8GATrceAlF4UiYvWPrFRdrM1SmDF3nPU1e8Qke__U4MI-YPDtZ4AHGd_8dyJPKMmSBQChFQZxbRtWELpULsWMbDY3fp4ZMg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ARnp8GATrceAlF4UiYvWPrFRdrM1SmDF3nPU1e8Qke__U4MI-YPDtZ4AHGd_8dyJPKMmSBQChFQZxbRtWELpULsWMbDY3fp4ZMg&google_hm=Mjc2MDQ5OTQ0NzYxMTU0MDE3OQ%3D%3D

Request Chain 366

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGC9Z5desE-IcYR1UMCDyS4&google_cver=1&google_push=ARnp8GDZYtZaE9oP3JLZIalRvYv6XgnTcdOVRn5GLyChfLUwOIbTmZoPZ89B9h0eVuRcQT3k7ze3S0-115YDv6RvPpmLzLBjBmeB HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=82rAfP1qQbCbBAPh9mxcIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDZYtZaE9oP3JLZIalRvYv6XgnTcdOVRn5GLyChfLUwOIbTmZoPZ89B9h0eVuRcQT3k7ze3S0-115YDv6RvPpmLzLBjBmeB

Request Chain 367

https://match.360yield.com/match/ebda?google_gid=CAESELUrz9jxcHYUDyXwClCYpVg&google_cver=1&google_push=ARnp8GDZjQp76Gis_N8EouAD5lFgHQYh5O2uMn-ueLpCo_2_uX0FehG0PFhNlWDvGHD2T_ym_umZkrF2x-vRGXdO-q9h8orZL-Yy HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESELUrz9jxcHYUDyXwClCYpVg&google_cver=1&google_push=ARnp8GDZjQp76Gis_N8EouAD5lFgHQYh5O2uMn-ueLpCo_2_uX0FehG0PFhNlWDvGHD2T_ym_umZkrF2x-vRGXdO-q9h8orZL-Yy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=-FFnDECISRisNk-QOvWo0A&google_push=ARnp8GDZjQp76Gis_N8EouAD5lFgHQYh5O2uMn-ueLpCo_2_uX0FehG0PFhNlWDvGHD2T_ym_umZkrF2x-vRGXdO-q9h8orZL-Yy

Request Chain 369

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEL6zxCmoXsBEWeRQuV3y3bE&google_cver=1&google_push=ARnp8GCvlBga2iE-SUi8reaXrMWW4viaaD3dkKEDB1lCQ22StZpa1oFC2OIPkFJuUUfSqm2Cc6wNpgj3VqPd-wFcOTcxXMDQuiA- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ARnp8GCvlBga2iE-SUi8reaXrMWW4viaaD3dkKEDB1lCQ22StZpa1oFC2OIPkFJuUUfSqm2Cc6wNpgj3VqPd-wFcOTcxXMDQuiA- HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 382

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELy_tsSObEUs8JTJBGpLL6Q&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELy_tsSObEUs8JTJBGpLL6Q&google_cver=1&__user_check__=1&sync_id=65bf16ab-f386-11ec-b3e0-155da6fd0406

Request Chain 383

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=65bf09dd-f386-11ec-b233-16a7f9820206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NjViZjE2NmYtZjM4Ni0xMWVjLWIzZTAtMTU1ZGE2ZmQwNDA2

Request Chain 384

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS02SWFzMzhGRTJ1SDg5YlViLlc3dlFQRjVEOVc2RnJaeH5B

Request Chain 395

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1&google_push=ARnp8GAB3GmnqBXOTFuJiUfQenGNxhWi9PtWF2DJ55V1weNz9kZVja6sFz7aRb3NItr4bsM_XxIIGWQPidWOOMXNKz29s05SAFv- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDM3NzU4MTkwMDI5MTkxNjQyOQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1

Request Chain 396

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEO0sr3Y-ZOlmOf8wxrPv-gI&google_cver=1&google_push=ARnp8GCNFnDFkdUmPcbugXK8deUj22K7D_iqcEdgEPih9W7t03_fp2VM3mKYCP6FCbTMgwRIH8yWgXJw498VsuYs_0uGHGkMOgSF HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEO0sr3Y-ZOlmOf8wxrPv-gI&google_cver=1&google_push=ARnp8GCNFnDFkdUmPcbugXK8deUj22K7D_iqcEdgEPih9W7t03_fp2VM3mKYCP6FCbTMgwRIH8yWgXJw498VsuYs_0uGHGkMOgSF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WnRIUGlwSDMxTzRDS0c1&google_gid=CAESEO0sr3Y-ZOlmOf8wxrPv-gI&google_cver=1&google_push=ARnp8GCNFnDFkdUmPcbugXK8deUj22K7D_iqcEdgEPih9W7t03_fp2VM3mKYCP6FCbTMgwRIH8yWgXJw498VsuYs_0uGHGkMOgSF

Request Chain 397

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEOKfLaDSXyAMnHTzLPvDqbI&google_cver=1&google_push=ARnp8GBMpur7gE3OLPq8dGgPzlOEJEKo2cLKq0bzl2gJkTDnUkYvSX0gVbaAEq1usHEUfpo3qRGJgAHMIBpgJ9r6dA3tiSfbiai5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ARnp8GBMpur7gE3OLPq8dGgPzlOEJEKo2cLKq0bzl2gJkTDnUkYvSX0gVbaAEq1usHEUfpo3qRGJgAHMIBpgJ9r6dA3tiSfbiai5

Request Chain 399

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMQViUHQRyUb-1zPejJ4Ozk&google_cver=1&google_push=ARnp8GDIAQrBR0IcGiJjGp-14-Zq_olAc0cVFTR24WyMFf9YcL7hwrZxL6VTtKEIk8FRDy5XZYIVbmgX-0NMMEripsv_ZHl8yVjR HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle HTTP 307
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=38b9fd37-c4af-4593-af63-a5cfa5113710&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GDIAQrBR0IcGiJjGp-14-Zq_olAc0cVFTR24WyMFf9YcL7hwrZxL6VTtKEIk8FRDy5XZYIVbmgX-0NMMEripsv_ZHl8yVjR&google_hm=87gpYmUqTQWDWPMrq4hsHQ==

Request Chain 400

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGC9Z5desE-IcYR1UMCDyS4&google_cver=1&google_push=ARnp8GDs25DcnO1zBMJ0YaB48djhYNFSbLKtWNTR4RxxfzZiYItaIxG_qgTlqQZYzDAhyYx3GuP6wEUrexoMpXR8RCj4xcpUAL2R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=82rAfP1qQbCbBAPh9mxcIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDs25DcnO1zBMJ0YaB48djhYNFSbLKtWNTR4RxxfzZiYItaIxG_qgTlqQZYzDAhyYx3GuP6wEUrexoMpXR8RCj4xcpUAL2R

Request Chain 401

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKbHBOq0kVjOumxvgDHoYMU&google_cver=1&google_push=ARnp8GAy21h2OuOz5RD0-9PO-43eTw6cU9-E0XmBR3XZr1Ayx4WOvgSM7MBCVhbbrD26RxoBCMLZ3gxyEsZfTM6cq477VL7GxZ1j HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRTMkpSVUQtMUYtNkE2Sg==&google_push=ARnp8GAy21h2OuOz5RD0-9PO-43eTw6cU9-E0XmBR3XZr1Ayx4WOvgSM7MBCVhbbrD26RxoBCMLZ3gxyEsZfTM6cq477VL7GxZ1j

429 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request tw Show response
reurl.cc/main/
Redirect Chain

http://reurl.cc/
https://reurl.cc/
https://reurl.cc/main/tw

13 KB
5 KB

264ms
263ms

Document
text/html

35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: bd17c1a2d94bfa73b260ea43aaaa9d7cee669eb4ca9ed0a742775c8c2edb12f7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 06:25:03 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

Redirect headers

content-length: 31
content-type: text/html; charset=utf-8
date: Fri, 24 Jun 2022 06:25:03 GMT
location: /main/tw
server: nginx/1.18.0 (Ubuntu)

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
24 KB 61ms
29ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8197377
x-jsd-version: 4.3.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19132-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mhYLrFOu0mmfhxhn0exRaSkloxy87fXWoD6F0fBnTEsCiSikTMwUndhxzoj4TPMQolJ%2B0sUvMw6yJ0Pcgq3NMBNIdiikoPztojp9Jl28gMSgugPY3DkcCuK9v3Vw37ETIeRkhEnI8%2B0Uiaj321A%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 7203624f1c4a0208-ZRH

GET
H2 200 style.css
storage.reurl.cc/stylesheets/rwd/ 3 KB
1 KB 123ms
8ms Stylesheet
text/css 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/stylesheets/rwd/style.css
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e32272da242ceb6ecfad754975bc09782c6229a7a46c58e46cec347aab22be64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 02:52:53 GMT
via: 1.1 google
last-modified: Thu, 05 May 2022 00:38:33 GMT
age: 12730
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public,max-age=28800
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1091

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 164 KB
56 KB 60ms
32ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1004948140419605

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d06372c0d5778d8c41d2742dfedbeec065d8f7be6a4b0c61876f47872fca37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Origin: https://reurl.cc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56302
x-xss-protection: 0
server: cafe
etag: 12618742031724954663
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Jun 2022 06:25:04 GMT

GET
H2 200 pixel.js Show response
reurl.cc/javascripts/ 470 B
559 B 268ms
259ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:03 GMT
content-encoding: gzip
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"61100f5a-1d6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sat, 24 Jun 2023 06:25:03 GMT

GET
H3

200

clipboard.min.js Show response
cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/
Redirect Chain

https://cdn.rawgit.com/zenorocha/clipboard.js/v1.7.1/dist/clipboard.min.js
https://cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/clipboard.min.js

11 KB
4 KB

20ms
19ms

Script
application/javascript

2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/clipboard.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8196512
x-jsd-version: 1.7.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19174-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2aa5-qeaI8MJlRinRJjDbMhGpT3WiLLY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JIJhju0lLnncfazICxonseYoTqsnxAHfHTU7u2l7RxWrxNSL8iPHwWTyyu%2Fby9dcPai%2F3%2BWlgXc1sxCVD%2FiguHyzyYYH%2FIQB3hnkd519DiUQBY%2FgWVvd6yq9q7lnFEXEqRv%2BEIyanDvvs0yPd8Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 72036251fc2d01e3-ZRH

Redirect headers

date: Fri, 24 Jun 2022 06:25:04 GMT
x-content-type-options: nosniff
cdn-edgestorageid: 879
age: 75868
access-control-expose-headers: *
x-cache: MISS, HIT
cdn-cachedat: 06/24/2022 06:25:04
cdn-pullzone: 201235
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443", h3-29=":443", h3-27=":443"
content-length: 113
server: BunnyCDN-AMS1-879
x-served-by: cache-fra19151-FRA, cache-chi-kigq8000110-CHI
access-control-allow-origin: *
cdn-proxyver: 1.02
cdn-requestpullcode: 301
location: https://cdn.jsdelivr.net/gh/zenorocha/clipboard.js@v1.7.1/dist/clipboard.min.js
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
cdn-cache: EXPIRED
vary: Accept-Encoding
cache-control: public, max-age=2592000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e8962827f1fe3994c289122a63dff551
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 301
cdn-requestpullsuccess: True

GET
H2 200 axios.min.js Show response
cdnjs.cloudflare.com/ajax/libs/axios/0.19.0/ 13 KB
5 KB 50ms
19ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/axios/0.19.0/axios.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b52781951c70cc8a2ae2afdaac5d673c656c3be0f1c769fa6c1e9e4f5ed8d3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8504367
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4224
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:06:02 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d6a-3580"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RfvNa%2Babx345xmMa4oSt8mdO2ZVEPDs94%2BaklraUNHrVc0QykQ1oRCVNLLHy02TQDMfK5hMqRA25Dpm6jEioIkIyiRAMijTuiFnHDhC%2FmXDaiB8DjbYmw2WvCxIWNAsssWVEOfQua4GihDlaOPIDcFWD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 72036250dfce0221-ZRH
expires: Wed, 14 Jun 2023 06:25:04 GMT

GET
H2 200 sweetalert2.all.min.js Show response
cdn.jsdelivr.net/npm/sweetalert2@9/dist/ 65 KB
18 KB 142ms
137ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/sweetalert2@9/dist/sweetalert2.all.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2950bc3fd628cb8a8c6b1367f664e31353a6ff9edd99c3f2831ce548610a05b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version: 9.17.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19160-FRA, cache-itm18834-ITM
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"105f5-IoZ47xa2VqsB8s6EqlY9hdo2pRY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FvVWzoMI8ej%2B%2Bp0sQn1xpWMTZNyxo2ZWu1rdQhQszwfYGJGb69VsAqYMbfFdGF0mCVAfJFMTpmQGNuuk95tOyZGLee0sTStWdW34GlvbYJdGbjJleXa%2FLT5b0IShowv0%2FxzVhaFtFPrdPLzys%2Fc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 72036250beed0208-ZRH

GET
H2 200 FileSaver.js Show response
reurl.cc/javascripts/ 12 KB
4 KB 265ms
261ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/FileSaver.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f3481bf12191837d5e19d9526f18fd20fc88395a403c1a0b098eeef10a7f56ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"61100f5a-2fce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sat, 24 Jun 2023 06:25:04 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 165 KB
56 KB 58ms
32ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0e891bacbda12a233f60767408d14e08c11e6cb8d7827789c3b8c87992ff2ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56514
x-xss-protection: 0
server: cafe
etag: 7478586769927422845
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Jun 2022 06:25:04 GMT

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/npm/jquery@3.4.1/dist/ 86 KB
31 KB 56ms
27ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery@3.4.1/dist/jquery.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8197355
x-jsd-version: 3.4.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19122-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"15851-iFI5JDUbrAtdVg/gxXgeJVbnaT0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SNV3yI99%2FtqY1fhNQSIBJv44xe62f1c9iFvUI%2B7f1G2dBuWZ7nBuSGNPt%2Bxxgw1YiE%2BAls0s2pgHAaalXilMD6vntrAUuiuBv3Y21SFVc1AcqauRSAeXJnQlTvh%2Ba1K%2BWMr8vlKQiZkZTy7el7M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 7203624f1c4c0208-ZRH

GET
H2 200 bootstrap.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/ 59 KB
17 KB 52ms
24ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8197276
x-jsd-version: 4.4.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19179-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"ea6a-s8EWxl5vBTqqtF5WGaeOwAJxpQ8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UnJH0WhKz5ntZKMJPK9T%2BwUKlWUDw1QSVdxSsmBzbRz3jHQM5kEZDx68zFYigh7acotgySSY6X4SFFlNY3pQGH8QPa6y%2BrcbckY1jZBFyuIx%2BFyEZ4r%2F9dpUostu4fmiFgkI5yPpsT5KgVK3HKQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 7203624f1c4e0208-ZRH

GET
H2 200 vue.min.js Show response
cdn.jsdelivr.net/npm/vue@2.5.16/dist/ 84 KB
32 KB 67ms
39ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8197359
x-jsd-version: 2.5.16
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19132-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2BQsiP0HRwhh%2FnIA%2BvyozcB7v37PIdudG%2FPc5R1eyWUlmCHOFLm3rnghjEULHkLlObfPTpIw8PU6CKEwfxyqLGweWBPOhPDGX35LoQluu182VD6Cb0CGJ9jwJ%2Fidq0ZPuePZDKN6gvwnLfkbb7c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 7203624f1c4f0208-ZRH

GET
H2 200 vue-qrcode.min.js Show response
reurl.cc/javascripts/ 18 KB
7 KB 268ms
262ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/vue-qrcode.min.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 62a62225a4e6e5ea098b9ed6aa19c2149880cbd6d3e0314f2b875a32b1f8ce25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:03 GMT
content-encoding: gzip
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"61100f5a-470c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sat, 24 Jun 2023 06:25:03 GMT

GET
H2 200 main.js Show response
reurl.cc/javascripts/ 5 KB
1 KB 270ms
264ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/main.js?v=7
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 00fc5eede87ce2644e673193b3ffce854cad06f548d8a6057acce9c0dbef3b2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:03 GMT
content-encoding: gzip
last-modified: Mon, 29 Nov 2021 04:36:28 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"61a458cc-12bf"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sat, 24 Jun 2023 06:25:03 GMT

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ 6 KB
7 KB 13ms
9ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 28
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:37 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: YyJHGyiYmOWuXE3vt6WynEEGCjv3-gO6lpbxqg2pH8cmobZi5XEg3g==

GET
H2 200 renews.js Show response
reurl.cc/javascripts/ 698 B
561 B 271ms
266ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/renews.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 12e46b645dde5408be7fc6f4ce9647addac5d09c5f27dc8e3ffe9e07e6c9a935

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:03 GMT
content-encoding: gzip
last-modified: Thu, 05 May 2022 00:38:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"62731c89-2ba"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sat, 24 Jun 2023 06:25:03 GMT

GET
H2 200 ga2.js Show response
reurl.cc/javascripts/ 618 B
588 B 271ms
267ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/ga2.js?v=2
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 9c8c0ac19964706e18280f35973180a896d74c52c760c2d7047d6a94c1329a6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/main/tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:03 GMT
content-encoding: gzip
last-modified: Thu, 24 Mar 2022 12:16:16 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"623c6110-26a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sat, 24 Jun 2023 06:25:03 GMT

GET
H2 200 rwd_cap.js Show response
cdn.holmesmind.com/js/ 41 KB
41 KB 114ms
9ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rwd_cap.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 003c6c7476d2158d18f48473e7071c87f48e8e1cf957343020a148c97ba30482

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: BN9WwPCNLHdSgIvzd1_opxGo9OZ3hU5f
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Wed, 23 Mar 2022 02:02:46 GMT
server: AmazonS3
age: 49
etag: "8fdf120a4b0155367b0b2347946ccc01"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:15 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 41735
x-amz-cf-id: NGNrTN78krEd6skURJnF_qU0oTFHKRDj0gZL84leAVk_SyWRuXBYUw==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
27 KB 34ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/pixel.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26344
x-xss-protection: 0
pragma: public
x-fb-debug: pYwbyCfqcNopg6h3nLxu8KTsQxNtAB7qElOVeR6XTzZvNX/jzEcFiJesBQINy7OuBU6eB3x/ERPQ6aPEtSl4vw==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 24 Jun 2022 06:25:04 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 feeds Show response
storage.re-news.tw/ 5 KB
5 KB 355ms
270ms XHR
text/html 35.244.196.223
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.re-news.tw/feeds
Requested by: Host: reurl.cc
URL: https://reurl.cc/javascripts/renews.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.196.223 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 223.196.244.35.bc.googleusercontent.com
Software: / Express
Resource Hash: 52dcd184984657840c109f8707e4d742f1c3861663fe7481801d671163adc5fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
via: 1.1 google
etag: W/"1444-7ox+9YWorzMPAG9GXi6E6Q/K+Uo"
x-powered-by: Express
vary: Origin
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5188

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
7ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/javascripts/ga2.js?v=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5757
date: Fri, 24 Jun 2022 04:49:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 24 Jun 2022 06:49:07 GMT

GET
H/1.1 200
OK tagr_lib_learn_tw_v3.js Show response
static-tagr.gd1.mookie1.com/s1/ 4 KB
1 KB 64ms
13ms Script
application/javascript 23.75.245.170
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tagr.gd1.mookie1.com/s1/tagr_lib_learn_tw_v3.js?tagid=V2_98222&id=ClickForce_Learn
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.75.245.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-75-245-170.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 10407b8212733e00354b330f4e4790764e6bc187a9d2b6b62b27aeb387bc268b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 24 Jun 2022 06:25:04 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Jul 2016 05:38:37 GMT
Server: nginx
ETag: "57999a5d-1153"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1217

GET
H/1.1 200
OK checkSegmentsNFI.min.js Show response
static-tagr.gd1.mookie1.com/s1/sas/lh1/ 1 KB
843 B 65ms
13ms Script
application/javascript 23.75.245.170
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tagr.gd1.mookie1.com/s1/sas/lh1/checkSegmentsNFI.min.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.75.245.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-75-245-170.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: afc3261eac9e8f5606c513fa7c62f5add4200b8d171d1972f11abe2ec1a0ac41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 24 Jun 2022 06:25:04 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2016 14:26:27 GMT
Server: nginx
ETag: "581b4913-428"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 552

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 44D8 3 KB
3 KB 8ms
8ms Document
text/html 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c50a4d6505f1216962db6a855d60ebf08222fa6c286e7f21699c002d81b3cd9d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 14
content-length: 3044
content-type: text/html
date: Fri, 24 Jun 2022 06:24:50 GMT
etag: "b585383190cc538c34a520974872d918"
last-modified: Thu, 24 Mar 2022 11:21:34 GMT
server: AmazonS3
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
x-amz-cf-id: x-9_XESW8Cq923xr9u96bnk_jf2R0OPSqsYwLuFGTxpkxuvKDbjTOQ==
x-amz-cf-pop: FRA50-C1
x-amz-version-id: bA4BdajsGoQu4oL_HyEzRCsNuHmwq3bx
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ 662 B
1013 B 8ms
8ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 24
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:41 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 662
x-amz-cf-id: oi0dOq4MpKDNFYEKKHZRtt8s7TeHdLP7gOE4AwEEXztmO9ZptFwyQA==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 396A 6 KB
6 KB 8ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rwd_cap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 14
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:50 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: xRHnKj6Xb6SX7obEfOOLuboje0A5obOByyi690Y-q7bhAs4_vOV_rQ==

GET
H3

200

cm
c.holmesmind.com/
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
16 B

134ms
117ms

Image
text/html

35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Fri, 24 Jun 2022 06:25:04 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 200 page.php Show response
www.facebook.com/plugins/ Frame 8F7B 15 KB
9 KB 55ms
41ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dd062706559b7342963a57eff44c720e493fb1a69b8b27a3815728c0cde8ee02

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Fri, 24 Jun 2022 06:25:04 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Wdz+EUbtlWg84FS+/EVVJRfF5cT2NC5gy9qBeGjqQCLHHyVOaFbMbxPJCP0GZ50Dg+ebzfXbruz3wVjgqSVGvA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame C5C9 3 KB
3 KB 7ms
7ms Document
text/html 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c50a4d6505f1216962db6a855d60ebf08222fa6c286e7f21699c002d81b3cd9d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 14
content-length: 3044
content-type: text/html
date: Fri, 24 Jun 2022 06:24:50 GMT
etag: "b585383190cc538c34a520974872d918"
last-modified: Thu, 24 Mar 2022 11:21:34 GMT
server: AmazonS3
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
x-amz-cf-id: vrMUQFos63Bub0r7iYWtBbqgKq_7mVWgqa80ogEqI99grzqRL_-WUA==
x-amz-cf-pop: FRA50-C1
x-amz-version-id: bA4BdajsGoQu4oL_HyEzRCsNuHmwq3bx
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 03DF 6 KB
6 KB 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 14
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:50 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: Lf3oH7mCv0XaVrpmTPn8SsrYvqsHHwXwJi6J24B_w7gPvR699qJfQA==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame B568 6 KB
6 KB 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 14
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:50 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: uL65SuW9XIGEhy-NysY-A_vQnnT-LAeloFl4f9Z4Jk3osk557roivg==

GET
H3 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 25 KB
7 KB 365ms
357ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.62&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8b322fd88e26f23d89c275efe56b4153928060a4206f03683e1c20c20de6959c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: ttmmWY7YexGOiUOjc07hpz3POqq8FGWHT8kKfNGhWGwFyR2RdkmYO/OivlE+ZM/DeV/0GzysRE5RcQXtwKW9SA==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 24 Jun 2022 06:25:04 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1656051904624
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206160101/ 340 KB
120 KB 52ms
37ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206160101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1004948140419605&plah=reurl.cc

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1004948140419605

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

077da27c1a4741f912e7d2467e0e01d86bdc2fd620f78f2b1eec13f380bbc55b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122744
x-xss-protection: 0
server: cafe
etag: 1546683129667304247
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Jun 2022 06:25:04 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220622/r20190131/ Frame B997 10 KB
5 KB 28ms
6ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220622/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1004948140419605

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34854
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 20:44:10 GMT
etag: 10429905676100781186
expires: Thu, 07 Jul 2022 20:44:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

cm
c.holmesmind.com/ Frame 44D8
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
16 B

137ms
122ms

Image
text/html

35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Fri, 24 Jun 2022 06:25:04 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET cm.php
fcm.holmesmind.com/ Frame 9D29 0
0

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 44D8 4 KB
2 KB 865ms
288ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:05 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 396A 731 B
678 B 507ms
461ms Script
text/html 2600:9000:2156:8a00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=12684
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8a00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 21f132eacc2adf061517872fad22e205bf15966adb0376edae16617736d6f64c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-id: jvMJzbcxepTyxGZuDSx0qnw_M_8NQsbOtiDY-6tVVHaRvPSd1EaGoA==
via: 1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)

GET
H2 200 RwXN2PoG7Ii.css
static.xx.fbcdn.net/rsrc.php/v3/y5/l/0,cross/ Frame 8F7B 18 KB
5 KB 22ms
6ms Stylesheet
text/css 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0,cross/RwXN2PoG7Ii.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cd12dd695fefd532396b9788fc6caf3ba4230accd5d0a25db9593b6043c533f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 8e+BTTQgtCy9qJnFLOwDQg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 4681
x-fb-rlafr: 0
x-fb-debug: E1jIC1aHAkaRe9iLGTXRIpR9Ou12VPQqGvCtwG1ucCaOsmszSURz5PoJwonWBHbTG1ZYuuVOFjvbkAnySOoVDw==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sun, 11 Jun 2023 17:06:09 GMT

GET
H3

200

cm
c.holmesmind.com/ Frame C5C9
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
16 B

120ms
120ms

Image
text/html

35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Fri, 24 Jun 2022 06:25:04 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET cm.php
fcm.holmesmind.com/ Frame 3DD6 0
0

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame C5C9 4 KB
2 KB 861ms
290ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:05 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 03DF 536 B
626 B 494ms
461ms Script
text/html 2600:9000:2156:8a00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13799
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8a00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 051141599f128f399f2cd53514ee1c28ba9d269ce1b065ba81dcc4b11a5d3b02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-id: prxDBgJHT7vPUyvIUo7qaPJXK9CrGMk4QaqODQ7rGHXXkUbYP-7Oug==
via: 1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)

GET
H2 200 learn
tw-gmtdmp.mookie1.com/t/v2/ 43 B
643 B 295ms
263ms Image
image/gif 35.227.202.26
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tw-gmtdmp.mookie1.com/t/v2/learn?tagid=V2_98222&src.domain=reurl.cc&src.url=%252Fmain%252Ftw&src.id=ClickForce_Learn&src.rand=8640088665
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.202.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.202.227.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:04 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK jpt Show response
ib.adnxs.com/ 0
660 B 75ms
41ms Script
text/html 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/jpt?id=10761225&callback=window.xaxS.auctionResult&cb=8983207486

Requested by

Host: static-tagr.gd1.mookie1.com
URL: https://static-tagr.gd1.mookie1.com/s1/sas/lh1/checkSegmentsNFI.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Jun 2022 06:25:04 GMT
X-Proxy-Origin: 217.64.151.31; 217.64.151.31; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 4a9766ed-96b5-4179-97db-1c22a03ac974
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame B568 606 B
640 B 493ms
463ms Script
text/html 2600:9000:2156:8a00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13800
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8a00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e830fb2cd84ed7cc6eb54b4f7b682ddc8bf7dfe2bc02c3662631f0ee9abda2b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-id: Ztu9rm8fQ1ZsxoDmGGg-OjjJBvgjuHKgrNJQ5szu0PVXBM83SOPJ-g==
via: 1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 29ms
14ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=678803555&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ul=en-us&de=UTF-8&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=372420526&gjid=395289411&cid=930484195.1656051904&tid=UA-102456694-1&_gid=782214523.1656051904&_r=1&_slc=1&z=1051814668

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
7ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=678803555&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ul=en-us&de=UTF-8&dt=%E7%B8%AE%E7%9F%AD%E7%B6%B2%E5%9D%80%E7%94%A2%E7%94%9F%E5%99%A8%20-%20reurl&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=pause&ea=0&el=MjE3LjY0LjE1MS4zMQ&ev=1&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=930484195.1656051904&tid=UA-102456694-1&_gid=782214523.1656051904&z=2125290597

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jun 2022 13:24:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 61206
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 212 B
642 B 53ms
16ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-1004948140419605

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206160101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1004948140419605&plah=reurl.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

554b9ec8fe3675e6c6dd12fbba20fb9f774c5ee584434796aa1e0875b001d294

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 69ms
18ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 53ms
19ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&tn=NAV&cls=navbar%20navbar-expand-lg%20navbar-dark%20bg-reurl%20fixed-top%20nav-no-padding&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7CE2 603 B
68 B 44ms
27ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1004948140419605&output=html&adk=1812271804&adf=3025194257&lmt=1656051904&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051904273&bpp=3&bdt=458&idt=106&shv=r20220622&mjsv=m202206160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=826074966906&frm=20&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051904&ga_hid=678803555&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44761044%2C31067769%2C31068195%2C42531606&oid=2&pvsid=1467707561657240&tmod=1063046402&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=156

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:04 GMT
expires: Fri, 24 Jun 2022 06:25:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
437 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102456694-1&cid=930484195.1656051904&jid=372420526&gjid=395289411&_gid=782214523.1656051904&_u=IEBAAEAAAAAAAC~&z=1867761629

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 24 Jun 2022 06:25:04 GMT
content-type: text/plain
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 51ms
20ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102456694-1&cid=930484195.1656051904&jid=372420526&_u=IEBAAEAAAAAAAC~&z=1607529549

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 48ms
17ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102456694-1&cid=930484195.1656051904&jid=372420526&_u=IEBAAEAAAAAAAC~&z=1607529549

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2022062307492933.jpg
img.racingcharger.tw/wp-content/uploads/ 138 KB
139 KB 369ms
31ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.racingcharger.tw/wp-content/uploads/2022062307492933.jpg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0240f389d70ce252e33c27493ec6c0c7f13222d2a97324effb020c4bb4f4e5d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
cf-cache-status: HIT
last-modified: Thu, 23 Jun 2022 07:49:36 GMT
server: cloudflare
age: 6495
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N00V87xdllUYjAVX4LyPAoEHgCWK3pXoYlQvOKc2VHWUIQ74xci4Rc2pNprFtZvns8NuoS1B1v8UpD8FCIBeTMHNtboNqfAOGYD54JWiTndr9YUHH%2FwEiIQQDSV4jEPpi7iPUR%2BpCMjiHqBWI3aoaJVKKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=28800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 72036255bb833756-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 141317

GET
H2 200 1656006789-7343c25bfba66964ef6f303cf7046ff1-840x525.jpg
img.gbyhn.com.tw/2022/06/ 79 KB
80 KB 89ms
28ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.gbyhn.com.tw/2022/06/1656006789-7343c25bfba66964ef6f303cf7046ff1-840x525.jpg

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ba07ffb26836c09a3fc13162d2acfb67d49bd66b74e948f18a4cbc813d2d468

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36678
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 80765
last-modified: Thu, 23 Jun 2022 17:53:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BVN8Bv7NtnN998kN0G5jHa0iLFb7hsUGuYvYI0H%2BcKQkrR%2FMdydD3ZT3d4ROPWlwbZdWMDsCeu5XZtnmbfzxCDDo2i4CZdyA6%2FblkHxStyGWcsdp6eq%2BveJM3PldEJRkvn8v2y2jAtoniWjdFvUE"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 72036253fe75baf3-MXP
expires: Thu, 30 Jun 2022 18:12:33 GMT

GET
H2 200 %E4%BF%A1%E8%B2%B8%E6%87%B6%E4%BA%BA%E5%8C%855.png
blog.alphaloan.co/wp-content/uploads/2022/06/ 179 KB
180 KB 204ms
169ms Image
image/png 192.0.78.187
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alphaloan.co/wp-content/uploads/2022/06/%E4%BF%A1%E8%B2%B8%E6%87%B6%E4%BA%BA%E5%8C%855.png

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.187 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

aeb63af102f5c2c830253e989845a55307bf225c46e0e47bca4f8422b7750a99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Wed, 22 Jun 2022 06:39:00 GMT
server: nginx
etag: "62b2b904-2ccd4"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 183508
expires: Fri, 01 Jul 2022 06:25:04 GMT

GET
H2 200 2022-%E6%82%A0%E9%81%8A%E4%BB%98%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4%E8%88%87%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg
creditcards.com.tw/wp-content/uploads/2022/01/ 23 KB
23 KB 745ms
484ms Image
image/webp 192.0.78.244
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://creditcards.com.tw/wp-content/uploads/2022/01/2022-%E6%82%A0%E9%81%8A%E4%BB%98%E5%84%AA%E6%83%A0%E5%BD%99%E6%95%B4%E8%88%87%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg?crop=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.244 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1635767d7568e97bda363053c5037ccb19014367d44d7bb4815aa112f9101e1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
x-ac: 2.hhn _atomic_ams
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-length: 23682
x-nc: HIT bur 5
last-modified: Thu, 03 Feb 2022 16:13:53 GMT
server: nginx
etag: "be339b07d3bb8c39"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
expires: Sun, 04 Feb 2024 04:13:53 GMT

GET
H2 200 1653407871-IMG_1645-scaled.jpg
i0.wp.com/golike.tw/wp-content/uploads/2022/05/ 24 KB
24 KB 33ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/golike.tw/wp-content/uploads/2022/05/1653407871-IMG_1645-scaled.jpg?fit=1024%2C406&ssl=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

07b6ef4b8ac233279c3dee075dba88467584f27907d47f325508509799f857e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Fri, 24 Jun 2022 06:25:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 20 Jun 2022 08:58:05 GMT
server: nginx
etag: "5702fa31f5b16c20"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://golike.tw/wp-content/uploads/2022/05/1653407871-IMG_1645-scaled.jpg>; rel="canonical"
content-length: 24480
expires: Wed, 19 Jun 2024 20:58:05 GMT

GET
H2 200 file.png
static.wixstatic.com/media/8d2acb_fdb46ac5354548829f23a46cc4d4a954~mv2.jpeg/v1/fit/w_1000,h_720,al_c,q_80/ 1 MB
1 MB 38ms
8ms Image
image/png 34.102.176.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wixstatic.com/media/8d2acb_fdb46ac5354548829f23a46cc4d4a954~mv2.jpeg/v1/fit/w_1000,h_720,al_c,q_80/file.png
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.176.152 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 152.176.102.34.bc.googleusercontent.com
Software: openresty/1.19.9.1 /
Resource Hash: 42176dd8bba6d2b3043429bc0f0401f069e2c8e3e2642fa3f2cfef58cad0071b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 17 Jun 2022 10:45:41 GMT
via: 1.1 google
server: openresty/1.19.9.1
age: 589163
etag: ""
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
content-length: 1235774
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
wix-tracer: 2AhXMIycNCGbxhaUPN5rYJO1FlH
x-seen-by: image-manipulator-6cf84679cc-d7lfl

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 58ms
47ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&rl=&if=false&ts=1656051904635&sw=1600&sh=1200&v=2.9.62&r=stable&ec=0&o=28&fbp=fb.1.1656051904634.182449745&it=1656051904261&coo=false&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Fri, 24 Jun 2022 06:25:04 GMT

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 396A 2 KB
1 KB 784ms
265ms Script
text/html 52.197.44.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=12684&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=686&o=1&d=1&b=2&ts=1&ii=undefined&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.197.44.129 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-197-44-129.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2cbee1ceb3c7c5e71d28e7aec13053f53de07995ad478d2ea7b25c97ad01c6f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 396A 3 KB
3 KB 931ms
930ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: RefreshHit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:06 GMT
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: 9m8buBNYEpBOORhhL9nU2RJzYkVdtNiKO7zSl2J18RpgcndsKDcOSg==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 396A 119 KB
39 KB 52ms
17ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

850a150239aa319a9c772f1e6e71c15680d670c980c3daf41734c6ce8e0e8255

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
content-encoding: gzip
last-modified: Tue, 03 May 2022 11:21:03 GMT
server: nginx
etag: W/"6271101f-1dc01"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 25 Jun 2022 06:25:04 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 396A 2 KB
3 KB 13ms
10ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 36
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:04 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: W3QPRMYv16kkjg9cPjubz_oyl6pyXCFeX2gSW3zwSnUL3keqKKKK-w==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame 396A 4 KB
5 KB 14ms
12ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
server: AmazonS3
age: 21
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:04 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 4530
x-amz-cf-id: pFkCMtUWcSCw6bxpHxlvNoGJmq-jh1TTizrUOfYvgpYO7x_pCsngpA==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 396A 3 KB
3 KB 919ms
917ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "548ed610a8571343fb3022f543174735"
x-cache: RefreshHit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:06 GMT
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: NLMGdNP5ixCL-TnYy6mxU3u6_veERUYE2qAmbcb2aOLCC97ILfXCVg==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame 396A 3 KB
3 KB 15ms
13ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d541f77dd45df41c827a1c2b2899696c336c7bb3a1a06422d66ca4f37454258e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 15 Oct 2021 07:41:44 GMT
server: AmazonS3
age: 21
etag: "adc35fd9401ac04bdb2a47c466e46174"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:04 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2568
x-amz-cf-id: rvQi5NRF6kF25GzjUMT9aqYwgidIz2AW9aorZa0I8CX4Tuoky1YVhA==

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 03DF 2 KB
990 B 809ms
293ms Script
text/html 52.197.44.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13799&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=38&o=1&d=1&b=2&ts=1&ii=3&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.197.44.129 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-197-44-129.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 136849942f455b10202728809aaa4700b83b8bce17adc0a2e7ed3a0900549f8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 03DF 3 KB
3 KB 929ms
929ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:06 GMT
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: huhHAuVOd8DhSvEZ93NjMubAhbMoY_9mJF9onRi6MurUHzJPG10Jvw==

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame B568 2 KB
1003 B 990ms
475ms Script
text/html 52.197.44.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13800&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=25&o=1&d=1&b=2&ts=1&ii=3&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.197.44.129 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-197-44-129.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 02fcf704d3a53d4f40e5eac7b60e273e1434fe0524b4f708556dc3549fa929e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame B568 3 KB
3 KB 929ms
928ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: UnyxSa-zcAy3o8lDS2wsZNZ-8QnSrKvZxeJ2-drNZw1vVi1NpmLFiA==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame B568 3 KB
3 KB 916ms
916ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:06 GMT
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: UjJm54HHSRuMv_1XZ6WjTZZdmGekYTgGkv4PZTx5rWHiGBPDzSkaWQ==

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 396A 0
159 B 876ms
291ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.37607514532750574
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 24 Jun 2022 06:25:04 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://reurl.cc
cache-control: private
access-control-allow-credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 396A
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

2 B
19 B

273ms
272ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 24 Jun 2022 06:25:05 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H2 200 landing.php Show response
fp.holmesmind.com/ Frame 0209 0
249 B 319ms
263ms Document
text/html 34.117.219.39
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 06:25:05 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 396A 4 KB
2 KB 286ms
281ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:05 GMT

GET
H2 200 landing.php Show response
fp.holmesmind.com/ Frame BB13 0
82 B 321ms
274ms Document
text/html 34.117.219.39
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 06:25:05 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 03DF 4 KB
2 KB 287ms
282ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:05 GMT

GET
H2 200 landing.php Show response
fp.holmesmind.com/ Frame E3F7 0
82 B 312ms
274ms Document
text/html 34.117.219.39
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 06:25:05 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame B568 4 KB
2 KB 407ms
404ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:05 GMT

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame C5C9 37 B
409 B 285ms
284ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

c4e7a085e9dc7b7855f8f8712ca49743e950bc576587102feb107945f99d5f1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 44D8 37 B
409 B 286ms
285ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

67cb636a8d2b09c9d1b59b8013b9c490fdd8b5064335bf3a1a375c85ba3668b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 396A 37 B
402 B 285ms
284ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

a51eaeadf23008c9964ce532503c26970de1edcc77b499e5f6dda90c70f18f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 03DF 37 B
402 B 285ms
285ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

abe23de190e605c87e6fd65509a6e585ebcaf26ba2944877e922123169d310f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame B568 37 B
402 B 285ms
284ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

db6352d4320162bbde815b84c05ef48eacd003b00c9581aae07e9ebddceb6783

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame C5C9 30 B
278 B 285ms
284ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=fb814dca-c29a-4dad-9014-709a6a93db83

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 44D8 30 B
278 B 285ms
284ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=bfba6fbc-79e0-409a-8ff6-61cafe18b536

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 396A 30 B
271 B 286ms
285ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=62654d01-df33-49b1-a060-210113bab332

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 396A 10 KB
10 KB 14ms
12ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=12684&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=686&o=1&d=1&b=2&ts=1&ii=undefined&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 52
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: Ip5AMLa0nFi6_7ruqY7d5RgVLSlRbv9jhFnPqwunyYe0-XWpEuVxRA==

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 03DF 30 B
271 B 285ms
284ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=62654d01-df33-49b1-a060-210113bab332

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 03DF 10 KB
10 KB 8ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13799&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=38&o=1&d=1&b=2&ts=1&ii=3&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 52
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: VJT4smRwj3s5xHMfP4fJKFgucWE84RRsyMy4YRY3XIZ_OyfYSShwjQ==

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame B568
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

2 B
19 B

273ms
272ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 396A
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

2 B
19 B

274ms
273ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame B568 30 B
271 B 285ms
285ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=62654d01-df33-49b1-a060-210113bab332

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 396A 0
170 B 517ms
167ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:06 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 03DF 0
170 B 518ms
168ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:06 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame B568 0
170 B 513ms
164ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:06 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame B568 10 KB
10 KB 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13800&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=25&o=1&d=1&b=2&ts=1&ii=3&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 52
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: m21VOPlCA2TsPHx0ahDMgJ70gx7ICI8-WDxX74BzM8-nUhS75UhcbQ==

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 396A 0
187 B 288ms
287ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&mp=62654d01-df33-49b1-a060-210113bab332

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net/ Frame 396A 0
80 B 1172ms
284ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net/pixel?bd=62654d01-df33-49b1-a060-210113bab332&t=50ef57

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 pixel
62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net/ Frame 03DF 0
79 B 1163ms
284ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net/pixel?bd=62654d01-df33-49b1-a060-210113bab332&t=50ef57

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 03DF 0
187 B 285ms
285ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&mp=62654d01-df33-49b1-a060-210113bab332

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net/ Frame B568 0
79 B 1029ms
284ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net/pixel?bd=62654d01-df33-49b1-a060-210113bab332&t=50ef57

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame B568 0
187 B 285ms
285ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&mp=62654d01-df33-49b1-a060-210113bab332

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame FBFF 6 KB
7 KB 9ms
8ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 30
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:37 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: dAjhVO0SVTQQQIawN1UyG1Hz1drd1Ut50I-YMqZHoC-gsyi51IeCMg==

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame C36B 6 KB
7 KB 8ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 30
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:37 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: Con7iuJwPaXGLutTKDsjivy3r3YskQYCpMjDFHajGHZIcJwOeHJl9g==

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 883A 3 KB
3 KB 7ms
7ms Document
text/html 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c50a4d6505f1216962db6a855d60ebf08222fa6c286e7f21699c002d81b3cd9d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 16
content-length: 3044
content-type: text/html
date: Fri, 24 Jun 2022 06:24:50 GMT
etag: "b585383190cc538c34a520974872d918"
last-modified: Thu, 24 Mar 2022 11:21:34 GMT
server: AmazonS3
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
x-amz-cf-id: WL_38kOhdcadVrqcA36uJtqT3qnyTQb0Xx4UM2OX3AEV4P7hXTaeMQ==
x-amz-cf-pop: FRA50-C1
x-amz-version-id: bA4BdajsGoQu4oL_HyEzRCsNuHmwq3bx
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ Frame FBFF 662 B
1003 B 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 26
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:41 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 662
x-amz-cf-id: HH98YE9eICvqofHuB8pzYFHOqFWGeXSe2hq08-iQ4t0Yyul0TqrhFg==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame E943 6 KB
6 KB 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 16
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:50 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: gTK2W78i6qKEd_RUAIRze2xnAubyy48ADKvVx-Q6jqsWb-a9sF_C3A==

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 90E4 3 KB
3 KB 8ms
8ms Document
text/html 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c50a4d6505f1216962db6a855d60ebf08222fa6c286e7f21699c002d81b3cd9d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 16
content-length: 3044
content-type: text/html
date: Fri, 24 Jun 2022 06:24:50 GMT
etag: "b585383190cc538c34a520974872d918"
last-modified: Thu, 24 Mar 2022 11:21:34 GMT
server: AmazonS3
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
x-amz-cf-id: FDwql862EXyRIPbkmHCqSxxVGU3ICa6IqBqdWUUlZKxXxPsvbylRVA==
x-amz-cf-pop: FRA50-C1
x-amz-version-id: bA4BdajsGoQu4oL_HyEzRCsNuHmwq3bx
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ Frame C36B 662 B
1002 B 8ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 26
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:41 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 662
x-amz-cf-id: 7pLBaUw7XJ5Kciq2Fhsez9Fote9Xay8hNa6TI5-n0wK5MN7r_HjbEQ==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 48A7 6 KB
6 KB 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 16
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:50 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: 1o6LEN9EvH2X7DaoIbp1raMY0Tymo_vwK39Q7gammDoDv5BxMEs4AQ==

GET cm.php
fcm.holmesmind.com/ Frame D7F6 0
0

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 883A 4 KB
2 KB 288ms
286ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:06 GMT

GET
H3 200 cm
c.holmesmind.com/ Frame 883A 0
15 B 418ms
417ms Image
text/html 35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 883A 35 B
470 B 1174ms
205ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 24 Jun 2022 06:25:07 GMT
Server: TornadoServer/1.2.1
Connection: keep-alive
Content-Type: image/gif
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

GET
H2

200

google
m.holmesmind.com/ml/ Frame 883A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined
https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEM-ZEjF81c1c8scRCKTJyIE&google_cver=1

0
138 B

949ms
924ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEM-ZEjF81c1c8scRCKTJyIE&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
x-guploader-uploadid: ADPycdvgQdPZ9t9QFjOn6X1Tmn1HRfkBXvqmla9hs6tiqoMhFjLsVbTuqKkbm3hIlwiL8LTm54YsFqDLlF3c4RhgEl7dPQ
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-generation: 1519198601160228
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
content-type: image/png
expires: Fri, 24 Jun 2022 07:25:07 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEM-ZEjF81c1c8scRCKTJyIE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame E943 764 B
693 B 14ms
14ms Script
text/html 2600:9000:2156:8a00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=12683
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8a00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 9b78e53c08e957d3c108aca00801eb75b820eb311cc7882c8a7905fba96aeda7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:19:00 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 365
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: lhwHQrT9_tbdQA2c7F_qd9Y6Yx3Ez_mS4JsFONq1lOMlzXr1fx3bwQ==
via: 1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)

GET
H3 200 cm
c.holmesmind.com/ Frame 90E4 0
15 B 442ms
442ms Image
text/html 35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET cm.php
fcm.holmesmind.com/ Frame 03D0 0
0

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 90E4 4 KB
2 KB 284ms
283ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:06 GMT

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 90E4 35 B
470 B 1164ms
205ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 24 Jun 2022 06:25:07 GMT
Server: TornadoServer/1.2.1
Connection: keep-alive
Content-Type: image/gif
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

GET
H2

200

google
m.holmesmind.com/ml/ Frame 90E4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined
https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEGnJd297jI1_W_6jxkws1Ao&google_cver=1

0
478 B

939ms
913ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEGnJd297jI1_W_6jxkws1Ao&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
x-guploader-uploadid: ADPycdvWPYEg90ViWoHGoExxCc4UIEJ_xKy2ciDsL4Uee_CnFModNFxghdtjg0Yu46GxYzFVJ2atZW1FsBLhgKfiE7_cE_7Q-Ygc
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-generation: 1519198601160228
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
content-type: image/png
expires: Fri, 24 Jun 2022 07:25:07 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEGnJd297jI1_W_6jxkws1Ao&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 48A7 668 B
653 B 250ms
249ms Script
text/html 2600:9000:2156:8a00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13802
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8a00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 5c9b0652899d3687ea14076efe8f4144d1317fe1073dd7f1e87af7413408339a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-id: arBG4WAMbWRxPot_cqaNIjWtDhv4hbF3datXReIyFVsMCLqqeL-rKA==
via: 1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame E943 3 KB
1 KB 271ms
268ms Script
text/html 52.197.44.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=12683&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=7&o=1&d=1&b=2&ts=1&ii=2&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.197.44.129 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-197-44-129.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 740cb16b2bfb96a666595df4d64f37646447e56ebf2be11c2c4d2496244d8dc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame E943 3 KB
3 KB 11ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 1
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: 7uCRnMHJKZCn9GyyxyulLQF8fChq6XWbuscJKdqrwzgnW3EdzpviQw==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame E943 119 KB
39 KB 28ms
25ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

850a150239aa319a9c772f1e6e71c15680d670c980c3daf41734c6ce8e0e8255

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
last-modified: Tue, 03 May 2022 11:21:03 GMT
server: nginx
etag: W/"6271101f-1dc01"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 25 Jun 2022 06:25:06 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame E943 2 KB
3 KB 11ms
8ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 38
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:04 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: TvNJ3lZUdodPJz2zsCaSYyA5ZiGFn2gvrSCGMf7vqgZM9E0JCVhFBg==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame E943 4 KB
5 KB 12ms
9ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
server: AmazonS3
age: 23
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:04 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 4530
x-amz-cf-id: qOxT0WAaOQG46GYGwtE4IYVIoygFY36-Z9gqs463WAX5ZwwiIup6Zw==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame E943 3 KB
3 KB 13ms
10ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 1
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:06 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: yB_w711wNsEXWNcMtSuwn2DInsKKDVeJXp93OrELsB8XS9Mv3rDsSg==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame E943 3 KB
3 KB 13ms
11ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d541f77dd45df41c827a1c2b2899696c336c7bb3a1a06422d66ca4f37454258e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 15 Oct 2021 07:41:44 GMT
server: AmazonS3
age: 23
etag: "adc35fd9401ac04bdb2a47c466e46174"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:04 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2568
x-amz-cf-id: UjsWF02tsHhZNC5xMTqzZLulxNNM1pCi3c8SGTCWiHDssi0yzpESpw==

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame E943 0
170 B 166ms
165ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:06 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 prebid.aspx Show response
prebid.scupio.com/recweb/ Frame E943 0
50 B 289ms
287ms XHR
text/html 210.59.219.181
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.495888296773235
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 210.59.219.181 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
access-control-allow-origin: https://reurl.cc
cache-control: private
access-control-allow-credentials: true

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame E943
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

2 B
19 B

265ms
265ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame E943
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

2 B
19 B

267ms
267ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ Frame DE80 6 KB
7 KB 8ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 30
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:37 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6552
x-amz-cf-id: QugkjkWhlIZzlK9ueR2zoAgoZeYuappae4gWon6xdea6NoDmnX6Yhw==

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame DED4 3 KB
3 KB 8ms
8ms Document
text/html 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c50a4d6505f1216962db6a855d60ebf08222fa6c286e7f21699c002d81b3cd9d

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 16
content-length: 3044
content-type: text/html
date: Fri, 24 Jun 2022 06:24:50 GMT
etag: "b585383190cc538c34a520974872d918"
last-modified: Thu, 24 Mar 2022 11:21:34 GMT
server: AmazonS3
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
x-amz-cf-id: O2M7Z1Mzu1fQk10wgfep5DXYrlScwUaCvJQ2gUAyUR6Yex14b9ii3w==
x-amz-cf-pop: FRA50-C1
x-amz-version-id: bA4BdajsGoQu4oL_HyEzRCsNuHmwq3bx
x-cache: Hit from cloudfront

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ Frame DE80 662 B
1002 B 8ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 26
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:41 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 662
x-amz-cf-id: 12efhTQ37u11mVO2DSlledpll5b9Kbz2uT_CkNC_s-vxws33hGZdNA==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 45CF 6 KB
6 KB 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: TffX4.BvLss5nGbaNkDOhki_IqknqyWa
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 18 Mar 2022 03:26:21 GMT
server: AmazonS3
age: 16
etag: "8de5f5c245a6377bb4dc88fbf8c0c6f5"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:24:50 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6093
x-amz-cf-id: -9v4xIZKhJFRbSPEPL8HBRE6dTPgEknE85LPUcLg9H65IXllOZsKhQ==

GET
H3 200 cm
c.holmesmind.com/ Frame DED4 0
15 B 414ms
413ms Image
text/html 35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET cm.php
fcm.holmesmind.com/ Frame 5402 0
0

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame DED4 4 KB
2 KB 283ms
281ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:06 GMT

GET
H/1.1 200
OK /
cm.lndata.com/ Frame DED4 35 B
470 B 1102ms
243ms Image
image/gif 116.50.36.71
DONGFONG-TW DongF...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 , Taiwan, ASN18046 (DONGFONG-TW DongFong Technology Co. Ltd., TW),
Reverse DNS
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 24 Jun 2022 06:25:07 GMT
Server: TornadoServer/1.2.1
Connection: keep-alive
Content-Type: image/gif
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

GET
H2

200

google
m.holmesmind.com/ml/ Frame DED4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined
https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEM-ZEjF81c1c8scRCKTJyIE&google_cver=1

0
142 B

968ms
968ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEM-ZEjF81c1c8scRCKTJyIE&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
x-guploader-uploadid: ADPycdsKu8W-xaxR8goWPRvCbSA5uOphgUoL9fkBfNZN04JU2v6WCoPoGtu3yGc9O5Zf5zxiXPV7dQuATKdZ6giNteoF_zGdxCIG
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-generation: 1519198601160228
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
content-type: image/png
expires: Fri, 24 Jun 2022 07:25:07 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://m.holmesmind.com/ml/google?cf_uid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&uu_m=undefined&google_gid=CAESEM-ZEjF81c1c8scRCKTJyIE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 45CF 668 B
653 B 459ms
459ms Script
text/html 2600:9000:2156:8a00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=13803
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8a00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 5c9b0652899d3687ea14076efe8f4144d1317fe1073dd7f1e87af7413408339a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-amz-cf-id: X0jbnHe0rZwlezRiCXnpna75e7TTIFYj8wniqbgKYJhxBHX7xfiS8Q==
via: 1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)

GET
H3 200 landing.php Show response
fp.holmesmind.com/ Frame 7D59 0
37 B 294ms
266ms Document
text/html 34.117.219.39
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame E943 4 KB
2 KB 285ms
281ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:06 GMT

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 48A7 3 KB
1 KB 290ms
285ms Script
text/html 52.197.44.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13802&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=471&o=1&d=1&b=2&ts=1&ii=2&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.197.44.129 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-197-44-129.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 43eb7db8b51fc562c77586523f2b6ec4bc38b3b8ef81b46732d567ab21d79b59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 48A7 3 KB
3 KB 11ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 1
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: ngJo2HH4WwNDDqubisf8xn_Ik6vAQ2BWFZpajkaMdLxCW5c3qetPnw==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 48A7 119 KB
39 KB 28ms
25ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

850a150239aa319a9c772f1e6e71c15680d670c980c3daf41734c6ce8e0e8255

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
last-modified: Tue, 03 May 2022 11:21:03 GMT
server: nginx
etag: W/"6271101f-1dc01"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 25 Jun 2022 06:25:06 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 48A7 2 KB
3 KB 12ms
9ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 38
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:04 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: v6PF_OgcIs_v8tnRoS5TNPlgdMLEoXQk7W7mZbN8F2Vn6FUsgB9X8w==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 48A7 3 KB
3 KB 13ms
11ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 1
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:06 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: fpdQ044NBAnVweeXnvUutzZvJ_MYwyXqjoZs88YMKsOEZhtMTeOcRQ==

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 48A7 0
170 B 173ms
161ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:06 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 48A7
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

2 B
19 B

267ms
267ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 883A 36 B
408 B 285ms
284ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

fb1004dcdd9e9acefb4aa29ef674505cff55f7a0854ef08b0d5911e2f1b3ca76

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 90E4 36 B
408 B 285ms
285ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

fb1004dcdd9e9acefb4aa29ef674505cff55f7a0854ef08b0d5911e2f1b3ca76

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame E943 10 KB
10 KB 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=12683&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=7&o=1&d=1&b=2&ts=1&ii=2&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 53
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: v4pMybo_vbDU_fT8pWr0DFN1jfiYmZ777QPL6Gy2MGcfBp4KSV8tow==

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 48A7 0
210 B 46ms
13ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=123&profileId=184&cb=47275524389

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 24 Jun 2022 06:25:05 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame FBFF 0
214 B 881ms
376ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D45917%26Tags%3D2005%2C2004%2C2003
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame FBFF 0
215 B 878ms
373ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D46134%26Tags%3D2005%2C2004%2C2003
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame FBFF 0
214 B 958ms
453ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D46109%26Tags%3D2004%2C2003
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame FBFF 0
214 B 885ms
381ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D44161%26Tags%3D2010%2C2009%2C2005%2C2004%2C2003%2C2002
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

POST
H2 204 events
bidder.criteo.com/csm/ Frame 48A7 0
209 B 13ms
12ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 48A7 43 B
365 B 16ms
15ms Image
image/gif 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Mon, 19 Jun 2023 06:25:06 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 48A7 43 B
365 B 20ms
19ms Image
image/gif 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Mon, 19 Jun 2023 06:25:06 GMT

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame DED4 36 B
408 B 285ms
284ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

fb1004dcdd9e9acefb4aa29ef674505cff55f7a0854ef08b0d5911e2f1b3ca76

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H3 200 landing.php Show response
fp.holmesmind.com/ Frame CF26 0
37 B 273ms
273ms Document
text/html 34.117.219.39
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 06:25:06 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 48A7 4 KB
2 KB 282ms
282ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:06 GMT

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame E943 36 B
401 B 285ms
284ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

fb1004dcdd9e9acefb4aa29ef674505cff55f7a0854ef08b0d5911e2f1b3ca76

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 48A7 10 KB
10 KB 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13802&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=471&o=1&d=1&b=2&ts=1&ii=2&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 53
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: wQAJqZO-ySHjKP9my6g6zUCSU9G5-FzQtQjk9m221ulCWijCr_bsNg==

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame C36B 0
214 B 717ms
454ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D45917%26Tags%3D2005%2C2004%2C2003
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame C36B 0
214 B 640ms
377ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D46109%26Tags%3D2004%2C2003
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame C36B 0
214 B 429ms
428ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D46134%26Tags%3D2005%2C2004%2C2003
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame C36B 0
214 B 429ms
429ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D44161%26Tags%3D2010%2C2009%2C2005%2C2004%2C2003%2C2002
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 883A 30 B
278 B 285ms
284ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=1fec7629-e5d0-4770-bc96-84aa1807b2e3

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 90E4 30 B
278 B 284ms
284ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=1fec7629-e5d0-4770-bc96-84aa1807b2e3

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 45CF 3 KB
1 KB 271ms
270ms Script
text/html 52.197.44.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=13803&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=605&o=1&d=1&b=2&ts=1&ii=2&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.197.44.129 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-197-44-129.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 14c881341b3f1f369d16a5d213b5883f80fa6557013e95de5e95f4ea7e1877bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 45CF 3 KB
3 KB 9ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: AmazonS3
age: 1
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2773
x-amz-cf-id: WkKeGHjwUjzxuLX8NPT12znUFLCW1LvuZbxIYWjIXVDlLBdJENTp0A==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 45CF 119 KB
39 KB 24ms
23ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

850a150239aa319a9c772f1e6e71c15680d670c980c3daf41734c6ce8e0e8255

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
content-encoding: gzip
last-modified: Tue, 03 May 2022 11:21:03 GMT
server: nginx
etag: W/"6271101f-1dc01"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 25 Jun 2022 06:25:06 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 45CF 2 KB
3 KB 9ms
8ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: AmazonS3
age: 38
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:04 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2443
x-amz-cf-id: A5BTcRF0RIATurKnuGj6BwpGc6VbLUdxOwCWtuXZp70W4LP5aUY48Q==

GET
H2 200 appierV2.js Show response
cdn.holmesmind.com/js/ Frame 45CF 3 KB
3 KB 9ms
8ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: AmazonS3
age: 1
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:06 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3177
x-amz-cf-id: dhHmvQ7nvkpfjUSi3zJA7qBGPw58Mx363HIr3ZsLUUFd1wl6ouSiZA==

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 45CF 0
170 B 164ms
164ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 45CF
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg

2 B
19 B

272ms
271ms

XHR
application/json

34.96.119.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Server: 34.96.119.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.119.96.34.bc.googleusercontent.com
Software: nginx/1.19.0 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
via: 1.1 google
server: nginx/1.19.0
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
access-control-allow-origin: null
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=N6PniqW5Az6UUrExwVi1Yg
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 45CF 0
209 B 17ms
16ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=123&profileId=184&cb=80351565614

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 24 Jun 2022 06:25:06 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame DED4 30 B
278 B 285ms
285ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=1fec7629-e5d0-4770-bc96-84aa1807b2e3

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 45CF 43 B
365 B 16ms
15ms Image
image/gif 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Mon, 19 Jun 2023 06:25:07 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 45CF 43 B
365 B 16ms
15ms Image
image/gif 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Mon, 19 Jun 2023 06:25:07 GMT

POST
H2 204 events
bidder.criteo.com/csm/ Frame 45CF 0
209 B 13ms
13ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://reurl.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 883A 0
194 B 288ms
288ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&mp=1fec7629-e5d0-4770-bc96-84aa1807b2e3

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/ Frame 883A 0
79 B 977ms
284ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/pixel?bd=1fec7629-e5d0-4770-bc96-84aa1807b2e3&t=cf

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H3 200 landing.php Show response
fp.holmesmind.com/ Frame 69DD 0
37 B 269ms
269ms Document
text/html 34.117.219.39
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&CFFPCKUUID=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&maindomain=reurl.cc
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with,content-type
access-control-allow-methods: *
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 45CF 4 KB
2 KB 282ms
282ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 24 Jun 2022 06:35:07 GMT

GET
H2 200 pixel
1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/ Frame 90E4 0
79 B 972ms
285ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/pixel?bd=1fec7629-e5d0-4770-bc96-84aa1807b2e3&t=cf

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 90E4 0
194 B 284ms
284ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&mp=1fec7629-e5d0-4770-bc96-84aa1807b2e3

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 45CF 10 KB
10 KB 7ms
7ms Script
application/javascript 2600:9000:2156:d000:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=13803&rf=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&n=605&o=1&d=1&b=2&ts=1&ii=2&FPCK=6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 54
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 24 Jun 2022 06:25:05 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: pnAlhjvUQQje9b6pWBlLLbb2v_UMWiX5z19vGI3jBAZq422oGXCDkQ==

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame DE80 0
214 B 542ms
541ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D45917%26Tags%3D2005%2C2004%2C2003
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame DE80 0
214 B 555ms
555ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D46134%26Tags%3D2005%2C2004%2C2003
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame DE80 0
214 B 552ms
552ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D46109%26Tags%3D2004%2C2003
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 chtmp.php
ccm.holmesmind.com/ Frame DE80 0
214 B 550ms
550ms Image
text/html 52.198.234.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6%26SID%3D44161%26Tags%3D2010%2C2009%2C2005%2C2004%2C2003%2C2002
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.234.122 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-234-122.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://reurl.cc
date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 pixel
1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/ Frame DED4 0
79 B 855ms
285ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/pixel?bd=1fec7629-e5d0-4770-bc96-84aa1807b2e3&t=cf

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame DED4 0
194 B 284ms
284ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6&mp=1fec7629-e5d0-4770-bc96-84aa1807b2e3

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2

200

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame 1A80
Redirect Chain

https://ads.aralego.com/sdk
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

42 KB
43 KB

69ms
24ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ea014dbd2141838e64f839656dd6eec7e513ebac16b0b811430b3a81b777a58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3224
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43274
last-modified: Thu, 10 Feb 2022 09:21:22 GMT
server: cloudflare
etag: "6204d912-a90a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BugScKWDsoZ6Sn4uyFTsnUcyAqwbMjDkldm0PluHJtcYoni2VTuLkXA6zLn1o8DaC49dY0HH25Gjr%2FRIp8k8zJq1dx2ZOFfN1sS9x0EsNm7lGYdXxwoN8F1XhpB8n%2FE2gh2g6C8lBZ9OvzgfJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 720362689f5859e9-MXP

Redirect headers

location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
connection: close
content-length: 0

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame E943 0
187 B 286ms
286ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&mp=1fec7629-e5d0-4770-bc96-84aa1807b2e3

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/ Frame E943 0
79 B 760ms
284ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/pixel?bd=1fec7629-e5d0-4770-bc96-84aa1807b2e3&t=50ef57

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2

200

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame A753
Redirect Chain

https://ads.aralego.com/sdk
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

42 KB
43 KB

43ms
25ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ea014dbd2141838e64f839656dd6eec7e513ebac16b0b811430b3a81b777a58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3224
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43274
last-modified: Thu, 10 Feb 2022 09:21:22 GMT
server: cloudflare
etag: "6204d912-a90a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ULAf7ILKZcI5TSze0Wfv4KugcPJPGldadUdYrgJDk8w6WnQ8pruLgKmXkRTgf32Ac9lCYV1SMuK6AF4Ap7aojf8%2F868enibT49rXuH9SiBxDAA7isrOiMTXfRlUWlx0eQfnBm7gUjn%2BtrV1OA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 720362689f5c59e9-MXP

Redirect headers

location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
connection: close
content-length: 0

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 48A7 0
187 B 285ms
285ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&mp=62654d01-df33-49b1-a060-210113bab332

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net/ Frame 48A7 0
79 B 284ms
284ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net/pixel?bd=62654d01-df33-49b1-a060-210113bab332&t=50ef57

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2

200

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame 48EF
Redirect Chain

https://ads.aralego.com/sdk
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

42 KB
43 KB

21ms
21ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H2
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ea014dbd2141838e64f839656dd6eec7e513ebac16b0b811430b3a81b777a58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3224
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43274
last-modified: Thu, 10 Feb 2022 09:21:22 GMT
server: cloudflare
etag: "6204d912-a90a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6uvpELA54Fp8q4ge6CyKMtZPN%2FfDaPju0OaSwCuUn8waGNqS10N6La4oC%2F6ZWXVPLLlDzOaXA1dskx4CbnvpaSP2ldDMcmsQ19DS4uWpxdvIsIpI2BItIM%2B5aRDQA5Z4tx89OlGjTzxKKZVYGg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 72036268bf8c59e9-MXP

Redirect headers

location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
connection: close
content-length: 0

GET
H2 200 pixel
1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/ Frame 45CF 0
79 B 284ms
284ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net/pixel?bd=1fec7629-e5d0-4770-bc96-84aa1807b2e3&t=50ef57

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 45CF 0
187 B 285ms
285ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX&mp=1fec7629-e5d0-4770-bc96-84aa1807b2e3

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://reurl.cc
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H3 200 ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 1A80 975 B
846 B 51ms
32ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 702
cf-polished: origSize=1191
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Mar 2018 07:19:46 GMT
server: cloudflare
etag: W/"5aab7012-4a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V9RYl4BrcpguazJcSZuN8id8lGWhcxJ8KxQwrRZ5Q2V%2B8ZKSZnQrG%2BBXcln2oPoijYWXMQu1YibvPIC11Yh9X4WOJjWfQ852xklt%2BTJTJTGCOKOO5vyRc7V78MuPk%2BBBnQab2dRHazsREZalYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 72036268efddf923-MXP
cf-bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame 1A80 46 B
486 B 392ms
94ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: d500d2f127bd65fa6b689563c2c6f930a8b3094a119a1ffbd605a5716f195933

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
connection: close
content-length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ Frame 1A80 553 B
1 KB 350ms
145ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&adid=ad-772A83DE72BEEAE6F2668A9E7A3B9AB&w=970&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.8899158003826504&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=970%2C250%3B&ao=https%3A%2F%2Freurl.cc&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: d5bdbd2b5059b1b2f8c1f9ed994af05e0c97c9d55d30fcbde876229ab1492d11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
x-width: 970
x-height: 250
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-expose-headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
x-adsource: PSA
x-adtype: html
connection: close
access-control-allow-credentials: true
content-length: 553
x-adstyle: banner

GET
H3 200 ucfad-formats.css
cdn.aralego.net/css/dev/ Frame A753 975 B
882 B 36ms
32ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 702
cf-polished: origSize=1191
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Mar 2018 07:19:46 GMT
server: cloudflare
etag: W/"5aab7012-4a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zeq9nMNW34M2HbaGozlPz%2FKkwHZpYeySqXs8bxXfcE5xotulVLtlj2H2Enog%2BBVdMM%2BBIBhmKYB1tPsFDUQ8jN5a8q0281WryF6fIy0yhljKuyOB7d27yMIaaBUQscmbS%2FexNjfTCoOGeMY%2BOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 72036268efdcf923-MXP
cf-bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame A753 46 B
486 B 378ms
94ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: d500d2f127bd65fa6b689563c2c6f930a8b3094a119a1ffbd605a5716f195933

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
connection: close
content-length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ Frame A753 554 B
1 KB 843ms
161ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&adid=ad-E2B64EDA2E2EEE771779EE992A288D72&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.9991321813712093&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&ao=https%3A%2F%2Freurl.cc&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: a93f716cf27b006ca9b1cf4379be09a005335f365b3295659a07733c6c2127e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
x-width: 300
x-height: 250
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-expose-headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
x-adsource: PSA
x-adtype: html
connection: close
access-control-allow-credentials: true
content-length: 554
x-adstyle: banner

GET
H3 200 ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 48EF 975 B
846 B 22ms
22ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 702
cf-polished: origSize=1191
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Mar 2018 07:19:46 GMT
server: cloudflare
etag: W/"5aab7012-4a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wDOE%2F6gWlp0DNJwESni%2Bs7%2FTzIYJN3KgMWPGBlmC2e7SBPuw674X4L7SwmbdflSSr0wM4vuGGI9gZ8vviDx3mM3OCNC5TDf7C%2BzukqjrD73X3ONm7dch7B9lfJKgGUaVJ5peh0KvJnVMnmfCg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 72036268efdef923-MXP
cf-bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame 48EF 46 B
486 B 376ms
95ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: d500d2f127bd65fa6b689563c2c6f930a8b3094a119a1ffbd605a5716f195933

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
connection: close
content-length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ Frame 48EF 554 B
1 KB 1155ms
485ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&adid=ad-BE7A8D43EB8B26491AD93B7AD2AB466&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.7969709387040298&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&ao=https%3A%2F%2Freurl.cc&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: cd42c2aaf9bb3ea7ad6ea15458266d65693e6b7d01e280f12bcdd1a7e0ce6133

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
x-width: 300
x-height: 250
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://reurl.cc
access-control-expose-headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
x-adsource: PSA
x-adtype: html
connection: close
access-control-allow-credentials: true
content-length: 554
x-adstyle: banner

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame BA09 117 KB
39 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: ads.aralego.com
URL: https://ads.aralego.com/sdk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1427296f508f7a81af11a9056693af862366b346ac53ca80ec0e708e90bba0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39791
x-xss-protection: 0
server: cafe
etag: 9805962267032222770
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H3 200 cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame 88FA 714 B
839 B 29ms
28ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
age: 2621
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 7203626b38e1f923-MXP
content-encoding: br
content-type: text/html
date: Fri, 24 Jun 2022 06:25:08 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 09 Feb 2022 05:59:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ihPMf6WI7ST4k7E6t1L2%2FR0IZUT1HLrAsmrFoyw%2BEXpOSci4VebKit9miMLoDEmTsRvPqmJGF6tF%2B%2BkJ0OKP1EbWeSVSd1XlrDsirMUbqwqS5HchPJ4cxwlrgfY9JqGN9dqHktsy50ljc71Iw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK idsync
sync.aralego.com/ Frame 1A80 35 B
384 B 286ms
99ms Image
image/gif 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
connection: close
content-length: 35
content-type: image/gif

GET
H3 200 cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame 3B2C 714 B
840 B 33ms
32ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
age: 2621
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 7203626b38e3f923-MXP
content-encoding: br
content-type: text/html
date: Fri, 24 Jun 2022 06:25:08 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 09 Feb 2022 05:59:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2FyY3DWaDOVrkUphtTnX3PzTzjCoOzQK6rPakpQlk0yFYbe8QrplT0cB6nFTfwBZxzjmeE8lTH7MMqedRx8KRpIOXuaoDIgFf38fbe%2FftojzsKO2jZgDbovNDif%2BNoiMI6voG3O7bdRfOdkDhw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK idsync
sync.aralego.com/ Frame A753 35 B
384 B 289ms
97ms Image
image/gif 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
connection: close
content-length: 35
content-type: image/gif

GET
H3 200 cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame 1687 714 B
840 B 22ms
22ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
age: 2621
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 7203626b48ecf923-MXP
content-encoding: br
content-type: text/html
date: Fri, 24 Jun 2022 06:25:08 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 09 Feb 2022 05:59:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OMMMnaYPmVnXlfyB2bmKQrGvHKrqzbq50dTzkgUIRUv8IMqrDNT0KjFPFA76qDZ924ZDlSXLfP4oY4HTHj9VGj2nFJ6dkb1NsHIwhwxSmQFPvSXBuiiYwS7lb3sX%2BU2rPd6S%2FplFOZzu7Fg26Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK idsync
sync.aralego.com/ Frame 48EF 35 B
384 B 283ms
98ms Image
image/gif 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
connection: close
content-length: 35
content-type: image/gif

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/ Frame BA09 339 KB
120 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4485239425924787&plah=reurl.cc&bust=31068187

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b9b1760aefea0e51c23b7c1be73e6a8389a17d7a6c48dd97d86a62e73a4cbc3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122380
x-xss-protection: 0
server: cafe
etag: 123693511077931000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 88FA 82 KB
28 KB 58ms
21ms Script
text/javascript 142.250.186.162

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6cf4be50613224f3f8864519dd2dafa49a61d41d86181c913364676591938eb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28097
x-xss-protection: 0
server: sffe
etag: "1254 / 160 of 1000 / last-modified: 1656021990"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 3B2C 81 KB
28 KB 60ms
34ms Script
text/javascript 142.250.186.162

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f3dc6384535eaf8d59617589a4a74f52cbd67ee439cb828f951ec528295699bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28093
x-xss-protection: 0
server: sffe
etag: "1254 / 323 of 1000 / last-modified: 1656021990"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1687 81 KB
28 KB 57ms
31ms Script
text/javascript 142.250.186.162

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

68ada4a2165a996d3926bd7be842770bf1c0ee5ac9d52d97de09f960ce07663f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28094
x-xss-protection: 0
server: sffe
etag: "1254 / 340 of 1000 / last-modified: 1656021990"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame BA09 12 B
53 B 30ms
15ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4485239425924787&plah=reurl.cc&bust=31068187

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame BA09 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame BA09 107 B
122 B 32ms
17ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1D4F 18 KB
10 KB 302ms
302ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12683&adk=2922729533&adf=2645242779&pi=t.ma~as.2784%2F12683&w=970&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908363&bpp=11&bdt=407&idt=77&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051908&ga_hid=1669365375&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=936&biw=1600&bih=1200&isw=970&ish=250&ifk=3978344474&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31065742%2C31068031%2C31068187&oid=2&pvsid=825385243156423&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b5e95znbqzvq&fsb=1&dtd=97

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9cf4b5748de4e4493c46a708346b4cdbb9c64ea0b10326abb22a0b42aa8caaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 9847
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_2022062101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1687 372 KB
126 KB 23ms
8ms Script
text/javascript 142.250.186.162

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js?cb=31068189

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b75b3b21ae775a45091f0e3bf542ad86aa9b243dc2d6548d85090c79a1ccf68b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 18:23:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129096
x-xss-protection: 0
last-modified: Tue, 21 Jun 2022 08:34:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 23 Jun 2023 18:23:37 GMT

GET
H3 200 pubads_impl_2022061601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 88FA 370 KB
125 KB 11ms
7ms Script
text/javascript 142.250.186.162

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061601.js?cb=31068172

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

801d950152c16000c54c7303164bd5857300d473e853a89546c22eda7b3b045f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 08:29:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128400
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 08:36:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 23 Jun 2023 08:29:23 GMT

GET
H3 200 pubads_impl_2022062201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 3B2C 373 KB
126 KB 14ms
12ms Script
text/javascript 142.250.186.162

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062201.js?cb=31068190

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a1ad79f8595bd0e292ee596db63d06f80e8a3ec4a6cf84621a4d2af673562a87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 22:02:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30158
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129224
x-xss-protection: 0
last-modified: Wed, 22 Jun 2022 08:35:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 23 Jun 2023 22:02:30 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 88FA 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061601.js?cb=31068172

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 88FA 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061601.js?cb=31068172

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 88FA 313 B
165 B 51ms
51ms XHR
text/plain 142.250.186.162

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4071998024587669&correlator=1088985643092596&eid=31068172%2C44761478%2C42531606&output=ldjh&gdfp_req=1&vrg=2022061601&ptt=17&impl=fifs&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=64515409&sfv=1-0-38&ecs=20220624&fsapi=false&sc=1&cdm=cdn.aralego.net&abxe=1&dt=1656051908571&lmt=1644386353&dlt=1656051908381&idt=165&biw=-12245933&bih=-12245933&adxs=-12245933&adys=-12245933&ucis=9ewhdyltkziv&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&nhd=5&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Freurl.cc%2F&top=https%3A%2F%2Freurl.cc%2F&frm=8&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x-1&fws=256&ohw=0&ea=0&ga_vid=398663017.1656051909&ga_sid=1656051909&ga_hid=156459887&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061601.js?cb=31068172

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

918107640362e7d0964540d5e97d3b27bfa6d4c3669114fabb3ea1497c66d3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
7ab8616f7bce8d803f3fbcd11a78b642.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8917 6 KB
4 KB 85ms
14ms Document
text/html 2a00:1450:4001:811::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://7ab8616f7bce8d803f3fbcd11a78b642.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061601.js?cb=31068172

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:08 GMT
expires: Sat, 24 Jun 2023 06:25:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1687 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js?cb=31068189

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1687 107 B
122 B 19ms
18ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js?cb=31068189

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1687 313 B
166 B 45ms
45ms XHR
text/plain 142.250.186.162

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4122407779203402&correlator=3262323039921306&eid=31068189%2C42531607&output=ldjh&gdfp_req=1&vrg=2022062101&ptt=17&impl=fifs&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=64515409&sfv=1-0-38&ecs=20220624&fsapi=false&sc=1&cdm=cdn.aralego.net&abxe=1&dt=1656051908620&lmt=1644386353&dlt=1656051908392&idt=203&biw=-12245933&bih=-12245933&adxs=-12245933&adys=-12245933&ucis=yfcxdp1t2nvk&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&nhd=5&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Freurl.cc%2F&top=https%3A%2F%2Freurl.cc%2F&frm=8&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x-1&fws=256&ohw=0&ea=0&ga_vid=1579197870.1656051909&ga_sid=1656051909&ga_hid=1966525077&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js?cb=31068189

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

27464fe31a17fa6accd1d4b1fa30785145c9950665b2eb47d4cb447bc0ed381e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
16453c646dc8bcc444ddd022bc7b3391.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 75C9 6 KB
3 KB 50ms
15ms Document
text/html 2a00:1450:4001:811::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://16453c646dc8bcc444ddd022bc7b3391.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js?cb=31068189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:08 GMT
expires: Sat, 24 Jun 2023 06:25:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 3B2C 107 B
122 B 20ms
20ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062201.js?cb=31068190

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3B2C 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062201.js?cb=31068190

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3B2C 313 B
165 B 43ms
42ms XHR
text/plain 142.250.186.162

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2430586817231220&correlator=1082196473679607&eid=31068190%2C31067168%2C31060888%2C42531605&output=ldjh&gdfp_req=1&vrg=2022062201&ptt=17&impl=fifs&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=64515409&sfv=1-0-38&ecs=20220624&fsapi=false&sc=1&cdm=cdn.aralego.net&abxe=1&dt=1656051908654&lmt=1644386353&dlt=1656051908387&idt=247&biw=-12245933&bih=-12245933&adxs=-12245933&adys=-12245933&ucis=gctm1jd4jljo&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&nhd=5&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Freurl.cc%2F&top=https%3A%2F%2Freurl.cc%2F&frm=8&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x-1&fws=256&ohw=0&ea=0&ga_vid=1911679020.1656051909&ga_sid=1656051909&ga_hid=293740625&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062201.js?cb=31068190

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

040ba40bf7b0caa6844e534bec643802ad7f655f57f09ba15f326ad45335ad9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
19e72da6586dc9f78496c79497de15c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3674 6 KB
3 KB 57ms
15ms Document
text/html 2a00:1450:4001:811::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://19e72da6586dc9f78496c79497de15c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062201.js?cb=31068190

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:08 GMT
expires: Sat, 24 Jun 2023 06:25:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 88FA 14 KB
10 KB 39ms
24ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022061601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061601.js?cb=31068172

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2324bcdbffcd85c43fddf6cbfc11c64a89336411875b990158fbd53381cb36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10604
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1687 14 KB
11 KB 35ms
23ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022062101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js?cb=31068189

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5284b1fa09f5ea2cd57aa7a7e14f69de4c4937f681320c197f587d752ebf1d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10739
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1687 17 KB
7 KB 154ms
19ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js?cb=31068189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 88FA 17 KB
6 KB 162ms
28ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061601.js?cb=31068172

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 3A35 117 KB
39 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: ads.aralego.com
URL: https://ads.aralego.com/sdk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99e285ab2d2bf5223d57b5f3eda1c9c33439ffb6fe35f2ff2c7ebf750c368ba7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39796
x-xss-protection: 0
server: cafe
etag: 329521751423430340
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1D4F 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DtaL1q6qs9KewydvERcTGpYjqMzE733RzMH_RRbSqQ0-HCCPmbzZIhNmkAvtRpY3_03jX3JWpfeFahnT-6zKQF5ML4rC_QVF-mtBu3kOht-A9oKKU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12683&adk=2922729533&adf=2645242779&pi=t.ma~as.2784%2F12683&w=970&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908363&bpp=11&bdt=407&idt=77&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051908&ga_hid=1669365375&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=936&biw=1600&bih=1200&isw=970&ish=250&ifk=3978344474&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31065742%2C31068031%2C31068187&oid=2&pvsid=825385243156423&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b5e95znbqzvq&fsb=1&dtd=97

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 1D4F 3 KB
2 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 05:42:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2585
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 05:42:03 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 1D4F 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:13:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 705
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:13:23 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1D4F 0
0 32ms
15ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTr_0vPa18-_ddmj6sAUy9zr2Gu0jom9N0OjhSS5uwWdgAVZO5YgweOFYD8vuG5Jm_U_vvtG1oBOl9PthTTA7Q3DQeWaw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12683&adk=2922729533&adf=2645242779&pi=t.ma~as.2784%2F12683&w=970&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908363&bpp=11&bdt=407&idt=77&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051908&ga_hid=1669365375&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=936&biw=1600&bih=1200&isw=970&ish=250&ifk=3978344474&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31065742%2C31068031%2C31068187&oid=2&pvsid=825385243156423&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b5e95znbqzvq&fsb=1&dtd=97
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1D4F 137 KB
43 KB 42ms
20ms Script
text/javascript 2a00:1450:4001:827::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CC67 624 B
297 B 17ms
16ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYi_avvwEwAQ&v=APEucNVBmxYmOPfGowxt0uuYBewkd4rExD5itoOt5pEbEW-EMs88ljA6GTC4tnfxWwvZiG5kW8ZlmRiUx_xeANw4hBDe0TMnT9mJ5-7l7NjLH0fZnG-FevpPmH_oZ0CUaqYHpX5yJLdSl-_m7cmVdbTLkEUmIriC0ukRQSyfLUYN2zWDQzVCxmI

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12683&adk=2922729533&adf=2645242779&pi=t.ma~as.2784%2F12683&w=970&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908363&bpp=11&bdt=407&idt=77&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051908&ga_hid=1669365375&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=936&biw=1600&bih=1200&isw=970&ish=250&ifk=3978344474&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31065742%2C31068031%2C31068187&oid=2&pvsid=825385243156423&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b5e95znbqzvq&fsb=1&dtd=97
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1D4F 77 KB
32 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BCjJ2cSq2_9zKk-xk75MQKqbsopJahZ2ECwkPJ1_RdzjhRO1gxeRXUkPywRFO-HnBRhnN641w-KZtyZpXz0e_xBwBmcONVQU9X_oMiogPjslfFEet_UOgB72ySGBPNMB7F-Kj4Mll9I2dAZhiNg_VplkMWKg&dbm_d=AKAmf-C0qz3MhYZ79yvWrTiaQb4JyS3eR-_5bFb6eLov4izxPmtj4--A7LL3vUDpFf7DD9TQ1IFcv96bZ9qk8wWZjoTJBd7memKHa4iqkHMpb-N4axQp-tUyMcB_B-PLA50zWT3ctD3qO_uN1nxtbpXg7AC77DdQqVN0UQmpUX1hBgJswLS2tdoHNcfej4hWp_JJYUEX6R0lsEVuBrzTWf8qlRhekHbF8r30g7Lm8M2F-Ny_cspXDupEe5-sVBTG6cp9-ODwdLIzBOMovA82Dcanm1JTzvWmDZ5oVQrI2rOERBF7nl-EkHkghAM2Bd4QIwjJIfnoQX0S-Y_oiKwrrHuW0zadSf0jU_W9VZ6LYUOzamcdvdTx5mHoPuVtDlgwDOoyLdMgYrYIetLWYKumi3X5aFdLSUOFbSi9r3p81ybgi2EGWzU3jYKBFv0lLtnylRcuuqHScu7gGLlKkdrS8GP_z9I-QVoLTDOkehEKJhHFLLp8fI4b9201UJHrQ8hjQDI2f0ZmStmauBk4Agrq5Z2b2SwrtUBRBzW4Jbdp4Jz4XMskvXO4JNJFtjHyJEZODZ401qXxIm7-gWi8WvrP_UNM8hY5OOkXVvyi-UF_owsNpi5pj3Kt2uhn0v9V0fCiFSEfO_wBeumY0zCF-ecTkGeI7a-3-Ua7Lk-1yJ1kLmpJD4ZTWPNFNT6BB4rVTGMxG8F5FizyIik-p9Q7YzAgVmH_mY37pWe5pBqLRNhoo4ZvJVtu5QfR0Gorr84nqXh8cmIjz2BYDAA_JUrr3awkHFZC_V6X290IbZTepP50XEGJkCGqHRvb6ccV2qmCgbPky69kDubjPJpPdZX4byDEu-Q78vQAptCJN0vXr7xyL3fUfTNhKqJ82ZkxRI7pAmhI5JqMelxJiZoed7RZZHiLchbv9kLfUFKrY0fI3fkkC80d8sP9OkCoBdc0gko8k2u7xQhZXlIL-d5wMbFAmmnE476SRAv2BEKylG2LMwV3aLHKWW09COnP2MwoqFuG6dCSrEaznHCvG8BpPF54Rwsq7IcfZs8H-pD7fdsHJcQQTM0dPO3x_Ll5il2mSeGYmcEdJ9JcupDucpwBv35Cw2SEH2aQK56w_2E3BP3TTDe0SrmnqtCPcqVTb3_2rvNzv9aRVssMbUuJnn-0UM7Dy8H3iZPzyDUHw_PwCfHVXgc6B9us-49huxDH5iUkwnkKN-ewKDcNzDCfOx_W_PwxeHSocukC_9CVztFrO9sNpVnj9NEtAWtIlRNvnUM1kSr25arKrjUkqF6H368lioWRIFAKbWInD7Wabe2AtJPxy1QKagWqKe4RBPIbESP0Ti3XeNGYRFnS8JPT7XbwrmDNCOGs7Wg3tlk8xzaxFEbkyPf6jjol07I4vWL83MhitBgyGbMHwBgVR4zGETjYXyGwr4Qx4wTL4XwDhrHfjy-ik4KhFfJdm0IUO6GaMmN9T1_aU6t78ITz7Q0-3Xu8w5z0aJJcaPzcZuL6FLO9tNb2UvpKC6BGyJnHM2dmvpYqM8oURoBEV8uASohCYD-RomldAkNlcJabQku7ZGOMbZlMTqvUaIbVcC04Wv6WYDImeXFDRt8rKQJNMX18UEBN65-ivY07YC2Txo8taXTcoQnQRiUE1pJAPqmx0OHfpmBoT6zF6SquLJLfdDPKpgaeu_QZkzDT9KReC3mCmIv3uSsw21wSuMM2GZXsXT6fd3p4EVRLjCaAnivRuSdoRfUK7m0fhjvOKmGCm5-paM5Lw9SkVcY2kujbynMHmI77CIwm7HW3Jfe6i0EFGrJyhwYRqaro9rHPWTMtkjAuA49jXODR4-VNnBWWFv8GqAFzf7Pun_xYHO1Zw9L0mp3wlwzm6dxQ1QBk8YrgllN8TTACY_cYdgLVHd5AsbZQ70gHW_YuI9I4DpSCiCoinvdpCF1oaLLuB-Hmr-yerrlfJqVFq4mmAX7D6oJ5PhcHZxaiYBo7ePUbg3M01Ky6V05bxD1kDMuBuPpOaFM6w9SQ0HHmFLkqUmwxRM-sIYKhccAkXZ0-wzUJenUoc_ffAEYDhAHKX7k_McNHUAbUVM1w_6sX6cip7oOUkzV5kDeMU5QTc4YRvTjxDj-iadneotpxW8G7zkRYszj2ee6By6K17KL9NtutDkLnNNiBB9PQieRvc20z5MLhzWRnPJnnZHYAw2wH6Uzb0J_sFHdN4Jfb5yFjlf3rHVAjp4KqNQUy8_iQgm_-7_a4EHpMi8aUD9xh7UfPjPih0ljbMmtZIxdrcMT1_JztuYAyCK5OW6MQns10o4Qdu-khd0s19FjcUhiK41hyl7e43Mn5f1mlBP0FfEB7s-Hc3eH8lYFWiJdzov_gNR4AGkX752ZJdJKhbp450LAc8_zlw_g5tv0M4Ls9DLDaqhaJxhMwKAxhNfYUk3Hj9YBz7i9G-6Cgo4Q0VClRkCz58wh70q4i4tv5-OsmtSDpvEGcln96N8lVxn5l8l2TNVXLxVN2UcBBBMczj_wKOdZh7_edC8lb8Y4wVpdAcor92wCRyo_Mv3T3T3uIfGBd3l5qFPb_cqnyvEH2C-qmNvhfhL3y12MLNGqmz7VoYd_zwamPjzlQCnBZ6DofMXNWPedDpzD8ejbDL1S_6NeNVCLw25tvpjFC0A0Su2BOIXworkfzUVCKrfW2h6cbWZ46FWwZ3oukUpcFkbxKat7BfnBZd5itW1rwlmhIetAaIpq50hIeNmiGeEE8qp1x-CisxnTTIgqT-qIgwkkgYPPjH5LOXbGwN4heYfVUAvZKh6nlMMLOPHj3Z7r5XwqXEzR-AkchuH0tHiIfhfKWUDWGN2moybl9tCKRQhD9QU1r8H2asMvtJqdyd--MCQk5Cer0JsEtjxL9UxILfekYni9R8mhwqQKnk9PI2cgsveG2hRB_TAAtPlQu1-Wdbo9ilvrNdBoAL5ZvjGLfh9omcQehGHah_GbVWtmHggIyK9cWgHwygc0VG9Ig-3PLR-anwRnn2WABtUZMKfqSj5JFzUNOzFUIbSXxezSd93zzSlurdEF-10E0kflI9prk_Pg2SlB8c4cY3AORVFoEDqUy9M75Hd8iPW9DTJ-WWE8z8TLa3sBM1iWengBkgPtkBXGJTWFllxKTBf1SGFaRTq19OAL7QP_4OMdAOusHWTMjgK_BwzaN_-wD_2J8gY0tqurBl6l0JCLUcdj_PFNGup2jjKXpAldQQR2brRJ_quO0ZwvdaCfkItPGCBex5HWYJEsbY-Lt3XmvSSsNLuPUG2hbjqS45Prix2lvhSAAJsyZxF21xhxPqgL-KdgC4wrXLpeXKllZL1aYQ60La9MSgnUhui1kjtetBjbx15KKBhEShuz_z3pv3w&cid=CAASJeRoqfLrHxPsIA4h6x8fgs6MFxJXPlriukbRs4_yz_M0rs-51qE&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3117ea4f1639013455170390ca14410f16de5228aa82a2a3826a029b3ae060c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12683&adk=2922729533&adf=2645242779&pi=t.ma~as.2784%2F12683&w=970&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908363&bpp=11&bdt=407&idt=77&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051908&ga_hid=1669365375&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=936&biw=1600&bih=1200&isw=970&ish=250&ifk=3978344474&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31065742%2C31068031%2C31068187&oid=2&pvsid=825385243156423&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b5e95znbqzvq&fsb=1&dtd=97
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33098
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3B2C 14 KB
11 KB 21ms
21ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022062201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062201.js?cb=31068190

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea086ff182cf2762b9d0c19f7cc9c150619c05704dc3a6fc1f606be79e629a17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10760
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/ Frame 3A35 339 KB
120 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4485239425924787&plah=reurl.cc&bust=31068167

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88595841f654879ddbb3e8774856bab15a53ec583d093150522db39ef390dd7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122380
x-xss-protection: 0
server: cafe
etag: 17827920728741146188
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3B2C 17 KB
6 KB 48ms
31ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062201.js?cb=31068190

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 06:25:08 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame CC67
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1&C=1

43 B
911 B

55ms
45ms

Image
image/gif

104.18.19.126

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYi_avvwEwAQ&v=APEucNVBmxYmOPfGowxt0uuYBewkd4rExD5itoOt5pEbEW-EMs88ljA6GTC4tnfxWwvZiG5kW8ZlmRiUx_xeANw4hBDe0TMnT9mJ5-7l7NjLH0fZnG-FevpPmH_oZ0CUaqYHpX5yJLdSl-_m7cmVdbTLkEUmIriC0ukRQSyfLUYN2zWDQzVCxmI
Protocol: H3
Server: 104.18.19.126 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 7203626f5ac58fe0-FRA
pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETExX%2FhOs%2B1TQfX7mPKu23qU57joTRADT7wTvm1k5sFd6pcVwS0wH9JzHwloIZS%2FAFFeEEZBcDlYuJJr2hHxLYhibgCU3PbdEfJofab4NotHTCp1MKsoNutHS1UJKoBSl9Cs%2B0%2FpJGdEwA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:08 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vKlUOwxhdP6p6fyL%2B2Fw9FolU5BBw2bLZ01g5CGaUdSslAbZjMSPlrgnDZp%2BIimdrzdCzI2S%2BvWrbAgWKaI5I5Ir9MM0rsGi7IjbPEcYS2sHsHnWci3ErsjYfp%2BOG1wntCtcensWDYoGHg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1&C=1
cache-control: no-cache
cf-ray: 7203626f19635c26-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame CC67
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YrVYxDFwN3fU77OEvGDsbAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1

43 B
919 B

27ms
26ms

Image
image/gif

104.18.19.126

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYi_avvwEwAQ&v=APEucNVBmxYmOPfGowxt0uuYBewkd4rExD5itoOt5pEbEW-EMs88ljA6GTC4tnfxWwvZiG5kW8ZlmRiUx_xeANw4hBDe0TMnT9mJ5-7l7NjLH0fZnG-FevpPmH_oZ0CUaqYHpX5yJLdSl-_m7cmVdbTLkEUmIriC0ukRQSyfLUYN2zWDQzVCxmI
Protocol: H3
Server: 104.18.19.126 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 720362701b968fe0-FRA
pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fn0lDym1bUjONVFFdyWF7fSmikRNlsNg0UFu69TasRAXjQ%2F3swEeh%2FJm6LutmzdABMH%2BUY2ItdZO%2BqhznVDfk%2FH%2BHRQni%2FWP%2FxXziVnI1SSGy2ZhWlAVlZ6jZ0JTbuky0vvwjU93ZdbaNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMewWSkvJsWnS8j6rRiMUQI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame CC67
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJhCKu8RcSphGIsmUNMs6Vk&google_cver=1

43 B
1016 B

78ms
66ms

Image
image/gif

185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJhCKu8RcSphGIsmUNMs6Vk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYi_avvwEwAQ&v=APEucNVBmxYmOPfGowxt0uuYBewkd4rExD5itoOt5pEbEW-EMs88ljA6GTC4tnfxWwvZiG5kW8ZlmRiUx_xeANw4hBDe0TMnT9mJ5-7l7NjLH0fZnG-FevpPmH_oZ0CUaqYHpX5yJLdSl-_m7cmVdbTLkEUmIriC0ukRQSyfLUYN2zWDQzVCxmI

Protocol

HTTP/1.1

Server

185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Jun 2022 06:25:09 GMT
X-Proxy-Origin: 217.64.151.31; 217.64.151.31; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: b122692c-c2c2-4b30-8618-0cfab2c5d15d
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJhCKu8RcSphGIsmUNMs6Vk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CC67
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYwMTU3MDgxMzkwMjMxNjY4Mg%3D%3D

170 B
188 B

17ms
16ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYwMTU3MDgxMzkwMjMxNjY4Mg%3D%3D

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 24 Jun 2022 06:25:08 GMT
X-Proxy-Origin: 217.64.151.31; 217.64.151.31; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 14c48d2e-1db3-41c0-8552-00a3f413c3a3
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYwMTU3MDgxMzkwMjMxNjY4Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1E3D 13 KB
5 KB 31ms
22ms Document
text/html 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5880
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 04:47:08 GMT
expires: Sat, 24 Jun 2023 04:47:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E4C3 783 B
535 B 33ms
32ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

baa8cd9079f3a6c2cf07cf5aa88d98d8f9f6e3010129ecbf8170877877942bd0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7FvWk8CqPhP1luSva81nfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-7FvWk8CqPhP1luSva81nfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:08 GMT
expires: Fri, 24 Jun 2022 06:25:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7B7F 13 KB
5 KB 27ms
21ms Document
text/html 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5880
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 04:47:08 GMT
expires: Sat, 24 Jun 2023 04:47:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C80B 783 B
535 B 31ms
29ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

07b8f9434d671190e1afc776004b7b7cb604e018c18aa3afd7fcb33a15c09bc9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3mYNSjo0IVBS3-wTga9xRQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-3mYNSjo0IVBS3-wTga9xRQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:08 GMT
expires: Fri, 24 Jun 2022 06:25:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 1D4F 106 KB
38 KB 64ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 19:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39924
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Jun 2022 19:19:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/ Frame 1D4F 8 KB
3 KB 17ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BCjJ2cSq2_9zKk-xk75MQKqbsopJahZ2ECwkPJ1_RdzjhRO1gxeRXUkPywRFO-HnBRhnN641w-KZtyZpXz0e_xBwBmcONVQU9X_oMiogPjslfFEet_UOgB72ySGBPNMB7F-Kj4Mll9I2dAZhiNg_VplkMWKg&dbm_d=AKAmf-C0qz3MhYZ79yvWrTiaQb4JyS3eR-_5bFb6eLov4izxPmtj4--A7LL3vUDpFf7DD9TQ1IFcv96bZ9qk8wWZjoTJBd7memKHa4iqkHMpb-N4axQp-tUyMcB_B-PLA50zWT3ctD3qO_uN1nxtbpXg7AC77DdQqVN0UQmpUX1hBgJswLS2tdoHNcfej4hWp_JJYUEX6R0lsEVuBrzTWf8qlRhekHbF8r30g7Lm8M2F-Ny_cspXDupEe5-sVBTG6cp9-ODwdLIzBOMovA82Dcanm1JTzvWmDZ5oVQrI2rOERBF7nl-EkHkghAM2Bd4QIwjJIfnoQX0S-Y_oiKwrrHuW0zadSf0jU_W9VZ6LYUOzamcdvdTx5mHoPuVtDlgwDOoyLdMgYrYIetLWYKumi3X5aFdLSUOFbSi9r3p81ybgi2EGWzU3jYKBFv0lLtnylRcuuqHScu7gGLlKkdrS8GP_z9I-QVoLTDOkehEKJhHFLLp8fI4b9201UJHrQ8hjQDI2f0ZmStmauBk4Agrq5Z2b2SwrtUBRBzW4Jbdp4Jz4XMskvXO4JNJFtjHyJEZODZ401qXxIm7-gWi8WvrP_UNM8hY5OOkXVvyi-UF_owsNpi5pj3Kt2uhn0v9V0fCiFSEfO_wBeumY0zCF-ecTkGeI7a-3-Ua7Lk-1yJ1kLmpJD4ZTWPNFNT6BB4rVTGMxG8F5FizyIik-p9Q7YzAgVmH_mY37pWe5pBqLRNhoo4ZvJVtu5QfR0Gorr84nqXh8cmIjz2BYDAA_JUrr3awkHFZC_V6X290IbZTepP50XEGJkCGqHRvb6ccV2qmCgbPky69kDubjPJpPdZX4byDEu-Q78vQAptCJN0vXr7xyL3fUfTNhKqJ82ZkxRI7pAmhI5JqMelxJiZoed7RZZHiLchbv9kLfUFKrY0fI3fkkC80d8sP9OkCoBdc0gko8k2u7xQhZXlIL-d5wMbFAmmnE476SRAv2BEKylG2LMwV3aLHKWW09COnP2MwoqFuG6dCSrEaznHCvG8BpPF54Rwsq7IcfZs8H-pD7fdsHJcQQTM0dPO3x_Ll5il2mSeGYmcEdJ9JcupDucpwBv35Cw2SEH2aQK56w_2E3BP3TTDe0SrmnqtCPcqVTb3_2rvNzv9aRVssMbUuJnn-0UM7Dy8H3iZPzyDUHw_PwCfHVXgc6B9us-49huxDH5iUkwnkKN-ewKDcNzDCfOx_W_PwxeHSocukC_9CVztFrO9sNpVnj9NEtAWtIlRNvnUM1kSr25arKrjUkqF6H368lioWRIFAKbWInD7Wabe2AtJPxy1QKagWqKe4RBPIbESP0Ti3XeNGYRFnS8JPT7XbwrmDNCOGs7Wg3tlk8xzaxFEbkyPf6jjol07I4vWL83MhitBgyGbMHwBgVR4zGETjYXyGwr4Qx4wTL4XwDhrHfjy-ik4KhFfJdm0IUO6GaMmN9T1_aU6t78ITz7Q0-3Xu8w5z0aJJcaPzcZuL6FLO9tNb2UvpKC6BGyJnHM2dmvpYqM8oURoBEV8uASohCYD-RomldAkNlcJabQku7ZGOMbZlMTqvUaIbVcC04Wv6WYDImeXFDRt8rKQJNMX18UEBN65-ivY07YC2Txo8taXTcoQnQRiUE1pJAPqmx0OHfpmBoT6zF6SquLJLfdDPKpgaeu_QZkzDT9KReC3mCmIv3uSsw21wSuMM2GZXsXT6fd3p4EVRLjCaAnivRuSdoRfUK7m0fhjvOKmGCm5-paM5Lw9SkVcY2kujbynMHmI77CIwm7HW3Jfe6i0EFGrJyhwYRqaro9rHPWTMtkjAuA49jXODR4-VNnBWWFv8GqAFzf7Pun_xYHO1Zw9L0mp3wlwzm6dxQ1QBk8YrgllN8TTACY_cYdgLVHd5AsbZQ70gHW_YuI9I4DpSCiCoinvdpCF1oaLLuB-Hmr-yerrlfJqVFq4mmAX7D6oJ5PhcHZxaiYBo7ePUbg3M01Ky6V05bxD1kDMuBuPpOaFM6w9SQ0HHmFLkqUmwxRM-sIYKhccAkXZ0-wzUJenUoc_ffAEYDhAHKX7k_McNHUAbUVM1w_6sX6cip7oOUkzV5kDeMU5QTc4YRvTjxDj-iadneotpxW8G7zkRYszj2ee6By6K17KL9NtutDkLnNNiBB9PQieRvc20z5MLhzWRnPJnnZHYAw2wH6Uzb0J_sFHdN4Jfb5yFjlf3rHVAjp4KqNQUy8_iQgm_-7_a4EHpMi8aUD9xh7UfPjPih0ljbMmtZIxdrcMT1_JztuYAyCK5OW6MQns10o4Qdu-khd0s19FjcUhiK41hyl7e43Mn5f1mlBP0FfEB7s-Hc3eH8lYFWiJdzov_gNR4AGkX752ZJdJKhbp450LAc8_zlw_g5tv0M4Ls9DLDaqhaJxhMwKAxhNfYUk3Hj9YBz7i9G-6Cgo4Q0VClRkCz58wh70q4i4tv5-OsmtSDpvEGcln96N8lVxn5l8l2TNVXLxVN2UcBBBMczj_wKOdZh7_edC8lb8Y4wVpdAcor92wCRyo_Mv3T3T3uIfGBd3l5qFPb_cqnyvEH2C-qmNvhfhL3y12MLNGqmz7VoYd_zwamPjzlQCnBZ6DofMXNWPedDpzD8ejbDL1S_6NeNVCLw25tvpjFC0A0Su2BOIXworkfzUVCKrfW2h6cbWZ46FWwZ3oukUpcFkbxKat7BfnBZd5itW1rwlmhIetAaIpq50hIeNmiGeEE8qp1x-CisxnTTIgqT-qIgwkkgYPPjH5LOXbGwN4heYfVUAvZKh6nlMMLOPHj3Z7r5XwqXEzR-AkchuH0tHiIfhfKWUDWGN2moybl9tCKRQhD9QU1r8H2asMvtJqdyd--MCQk5Cer0JsEtjxL9UxILfekYni9R8mhwqQKnk9PI2cgsveG2hRB_TAAtPlQu1-Wdbo9ilvrNdBoAL5ZvjGLfh9omcQehGHah_GbVWtmHggIyK9cWgHwygc0VG9Ig-3PLR-anwRnn2WABtUZMKfqSj5JFzUNOzFUIbSXxezSd93zzSlurdEF-10E0kflI9prk_Pg2SlB8c4cY3AORVFoEDqUy9M75Hd8iPW9DTJ-WWE8z8TLa3sBM1iWengBkgPtkBXGJTWFllxKTBf1SGFaRTq19OAL7QP_4OMdAOusHWTMjgK_BwzaN_-wD_2J8gY0tqurBl6l0JCLUcdj_PFNGup2jjKXpAldQQR2brRJ_quO0ZwvdaCfkItPGCBex5HWYJEsbY-Lt3XmvSSsNLuPUG2hbjqS45Prix2lvhSAAJsyZxF21xhxPqgL-KdgC4wrXLpeXKllZL1aYQ60La9MSgnUhui1kjtetBjbx15KKBhEShuz_z3pv3w&cid=CAASJeRoqfLrHxPsIA4h6x8fgs6MFxJXPlriukbRs4_yz_M0rs-51qE&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:14:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:14:44 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/ Frame 1D4F 27 KB
10 KB 15ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 747
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10545
x-xss-protection: 0
server: cafe
etag: 4672069523611413616
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:12:41 GMT

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 3A35 12 B
53 B 15ms
15ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 3A35 107 B
122 B 23ms
23ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3A35 107 B
122 B 25ms
24ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5DE7 18 KB
10 KB 267ms
266ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0314caa2089f146723222b566c32e3653daf6cfa046a1ae38e45dee639408615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 9749
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame ACDC 13 KB
5 KB 9ms
6ms Document
text/html 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5881
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 04:47:08 GMT
expires: Sat, 24 Jun 2023 04:47:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A3AE 783 B
533 B 20ms
17ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4e711c99d82fdd56f43e884e572646b64f1d43c33c89e01050553b25e834d8ea

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tFENuRnX5UibS95kswmRbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-tFENuRnX5UibS95kswmRbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:09 GMT
expires: Fri, 24 Jun 2022 06:25:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1D4F 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 325841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 11:54:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5D17 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61137
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 13:26:12 GMT
etag: 48472445140208031
expires: Fri, 24 Jun 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1D4F 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36e1203653419a6244b62207c267e088a9d0f755c15aaa5b59e4c78593cc8ac3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E4C3 0
0 56ms
56ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022062101&jk=4122407779203402&rc=
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C80B 0
0 57ms
57ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022061601&jk=4071998024587669&rc=
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js Show response
pagead2.googlesyndication.com/bg/ Frame 7B7F 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 21:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 21:56:32 GMT

GET
H3 200 lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js Show response
pagead2.googlesyndication.com/bg/ Frame 1E3D 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 21:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 21:56:32 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/210455675382575598/ Frame 4C14 6 KB
2 KB 23ms
7ms Document
text/html 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5eab24d57b85d2c2ff0c272c49a23cfe36aac55ddf01cf1b5094a8c06d1c3daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 143028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1681
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Jun 2022 14:41:21 GMT
expires: Thu, 22 Jun 2023 14:41:21 GMT
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1D4F 0
622 B 78ms
50ms Ping
image/gif 142.250.185.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssViPWjCSNB0GboYY5kMYQTNgOCSihhkiIteCOYiwwSKl3nXGpiGsSf80n0I5ARa-LBWQ4c_Q-VQpmvDvJ-rUX0ZUaSp-Fn7BdcUpOWLh68EnQie2P4qbsLJTw7vwCB3xoT3zg3mSKf_PwPTFXjjXXjQrrB0IBiLSNp6Yjcpgq6a6KAAdM7eSfcMTzqpHDHgqkKwRfUU8LFoma-y5N4xiWcs1W2JjpY7MJjJsB7lm7lnYvQSj-e9DD8c7ogxf5xYxkwd899Vfvws44um72srk0L1gvHcRZ1h6sspooitvcy3VNizdGME5ZGs3D7QdyHzzMMZuvBQn1mYVONxNBIgCMIrNDkEug9mGGeo_u34JN532p6JGAYCj2M_cSKavI-ip6ss4hlkyP69k6juRu5D-yVrUUEiuyQbIdVfvqorAXXQKBpC5xX-AAaK8lI--f1OXe6u6InU4g3GH8HNJ96BwXNUIp-nOqgTN4JWAu41kon4gS9xjB7X2brpmff0AacOIcrlkNVum3SFAEqrjCiqi4cBQE38XaIyI5HH84CAqSOKhukOrKGuYYlwQ7xLJfJDcApy-acA_3eov0NoNyeTsUCXs_AkRNJQVkk6kKiCrP65au2qe23oS3w0fIK866WqkEZd_N4yl5bK7_zZioexFS6nhYk0IwWmXmxbbsOxmJ0t3EAwlhuPDoNKDU-bJbUhimVR_MIBfTEkqP6QC0dH1xyvJMPQ3RINFSWhYjRiVHdieBGSl1GkTcyG5WR4pmpNWFf6nw5pZuqf6U-sqcEwplkVuiQJrhjUIFZR3CJ-TjOTFzrjgQyDJywguCdf93FCy86PanWdwciSsVfy1V5aRyGZ644hUBAVy_nJGQ5JHXpGnd6LKue5kjn8HCzzRgR5YX83fdYyJKVnRPdwuU4XXxvlErdg-tDQbhPAESTI_mJ-CcxhIuL0CEnIcn1tlLkCvGHt93xchKZLyVUi59hUxpHeVgI-3I9d43QXjsH0DlSlQSKE_k0AC6t3qYljb0tMzNGdmoeTus_kOCDhO0L-rQi9Xt8_tr6-LoXQ0xTQg2TRT6ndB8BcMD7QfxWNIwwZ_vNiPiWkzP4XWiRCMePGtR5CLbdMpGE48SPlmbHmkHPa6nIBrF9xjWRVJWOExu8fg8eSaBULgF11VaV-ZBCOC4Y-TJA_FOBMg0kZd2rDadEIZg90Wr2GjE0gcSHZwxz3L10jKptvodpAVpXxQ-Ytk9mDr5S-FWBD_CI2ARqLaID&sai=AMfl-YReNE3IquUp7cN0cLyFBZ-ZEAa4KBOjyTb_b5Lqze4gD9iOhI-OSzZmcf6BEJjjjaWX6ISe_pR73ftaSw6wPk21HqSJE0AjedbFB3U4jYqkGIPhqf8Jrr6gTM-CjtaYn67l_V2ujapai4xa-gM62hdqwxXAMy0mP676xmkfHghrZaauG8qTBZMzyv3SOL8xR1wbrt6q4EuHM9Rzs2ZqLXNW&sig=Cg0ArKJSzB9Nvq0DPSL4EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=189&cbvp=1&cstd=186&cisv=r20220622.34845&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Fri, 24 Jun 2022 06:25:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5B11 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 316039
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 14:37:50 GMT
expires: Tue, 20 Jun 2023 14:37:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 0120 117 KB
39 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: ads.aralego.com
URL: https://ads.aralego.com/sdk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ed46f0e5d470a72e788ff9649708fb83b211c667e019e7cec1348cc8e802382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39770
x-xss-protection: 0
server: cafe
etag: 4243693716625626572
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Jun 2022 06:25:09 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 5D17 0
104 B 110ms
28ms Image
text/plain 2a02:fa8:8806:12::1370

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEDJ0nTX-R0eBUk3VtmhHOHw&google_cver=1&google_push=ARnp8GASGE9FBon17pftgMpsDdxCmR1nN4gBgZfoKLbD1roE853FfH_lXvosqUGbCSE6F0Epy8V8-xuaAKULbODmvxdQ-DvxYOVR9w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12683&adk=2922729533&adf=2645242779&pi=t.ma~as.2784%2F12683&w=970&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908363&bpp=11&bdt=407&idt=77&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051908&ga_hid=1669365375&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=936&biw=1600&bih=1200&isw=970&ish=250&ifk=3978344474&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31065742%2C31068031%2C31068187&oid=2&pvsid=825385243156423&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b5e95znbqzvq&fsb=1&dtd=97
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 5D17 70 B
265 B 120ms
48ms Image
image/gif 3.33.220.150

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESED9dpxxo9fe8Krx0lq-MecQ&google_cver=1&google_push=ARnp8GApSt6hyJ2T5_q1QZ6_Bz5qCjUgftzdZzniEKHl743dTUkZ5KuC7ye5bE0MJEXWy7w4XZRpIqza6wb_q7b5wbHOQ5JV80Ayvg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12683&adk=2922729533&adf=2645242779&pi=t.ma~as.2784%2F12683&w=970&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908363&bpp=11&bdt=407&idt=77&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=2&ga_vid=930484195.1656051904&ga_sid=1656051908&ga_hid=1669365375&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=936&biw=1600&bih=1200&isw=970&ish=250&ifk=3978344474&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31065742%2C31068031%2C31068187&oid=2&pvsid=825385243156423&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b5e95znbqzvq&fsb=1&dtd=97
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5D17
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAK2YT9eqGTXehNhYCBomco&google_cver=1&google_push=ARnp8GDyoN4l9r4ZpPnySEXJBfWthN3-kpFdhgkRz9bEapScAjQhn2U4CHjkwbh4t60HyIBeyGZNZmbyQkDwqW...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzExMjY4ODc4OTYzODA4NDc1Ng%3D%3D&google_push=ARnp8GDyoN4l9r4ZpPnySEXJBfWthN3-kpFdhgkRz9bEapScAjQhn2U4CHjkwbh4t60HyIBeyGZNZmbyQkDwqWpNmZ...

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzExMjY4ODc4OTYzODA4NDc1Ng%3D%3D&google_push=ARnp8GDyoN4l9r4ZpPnySEXJBfWthN3-kpFdhgkRz9bEapScAjQhn2U4CHjkwbh4t60HyIBeyGZNZmbyQkDwqWpNmZ6Iv8LF0bDH4Q

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzExMjY4ODc4OTYzODA4NDc1Ng%3D%3D&google_push=ARnp8GDyoN4l9r4ZpPnySEXJBfWthN3-kpFdhgkRz9bEapScAjQhn2U4CHjkwbh4t60HyIBeyGZNZmbyQkDwqWpNmZ6Iv8LF0bDH4Q
Date: Fri, 24 Jun 2022 06:25:09 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5D17
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMQViUHQRyUb-1zPejJ4Ozk&google_cver=1&google_push=ARnp8GBJ8AhfvUZXM44X9JPLsA3yo6_7gg-qJNQLzY9HBECrSubiFI9J6hlQrVo_0nk5ynB8SKQ5qMriY9biGGS2O_j1...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEMQViUHQRyUb-1zPejJ4Ozk&google_cver=1&google_push=ARnp8GBJ8AhfvUZXM44X9JPLsA3yo6_7gg-qJNQLzY9HBECrSubiFI9J6hlQrVo_0nk5ynB8SKQ5qMriY9biGG...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GBJ8AhfvUZXM44X9JPLsA3yo6_7gg-qJNQLzY9HBECrSubiFI9J6hlQrVo_0nk5ynB8SKQ5qMriY9biGGS2O_j1aENGLpDtgg&google_hm=87gpYmUqTQWDWPMrq4hsHQ==

170 B
188 B

21ms
20ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GBJ8AhfvUZXM44X9JPLsA3yo6_7gg-qJNQLzY9HBECrSubiFI9J6hlQrVo_0nk5ynB8SKQ5qMriY9biGGS2O_j1aENGLpDtgg&google_hm=87gpYmUqTQWDWPMrq4hsHQ==

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GBJ8AhfvUZXM44X9JPLsA3yo6_7gg-qJNQLzY9HBECrSubiFI9J6hlQrVo_0nk5ynB8SKQ5qMriY9biGGS2O_j1aENGLpDtgg&google_hm=87gpYmUqTQWDWPMrq4hsHQ==
Date: Fri, 24 Jun 2022 06:25:09 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5D17
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=euZTItr7R9CKDANxul-rGg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=euZTItr7R9CKDANxul-rGg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDRteo8x6OIQXROauKW6fw_hcxH0dshaM6briNm-a24CvR0o0F1WircspOoj6ABFE5gq0lB9xhFLmAZoKJ0ZEUa-TO0keVS

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=euZTItr7R9CKDANxul-rGg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDRteo8x6OIQXROauKW6fw_hcxH0dshaM6briNm-a24CvR0o0F1WircspOoj6ABFE5gq0lB9xhFLmAZoKJ0ZEUa-TO0keVS
date: Fri, 24 Jun 2022 06:25:08 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5D17
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESECS4UvZcnrs0_LblPk-Qwzg&google_cver=1&google_push=ARnp8GDqYT_jPl9qS4Z3Ei69fsYsMfUnPlW3Yk2Zs95EpddcUIJODkYq6P2HhF0hoj9ShHAUFxDkcGzzJ28IKGS1...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ARnp8GDqYT_jPl9qS4Z3Ei69fsYsMfUnPlW3Yk2Zs95EpddcUIJODkYq6P2HhF0hoj9ShHAUFxDkcGzzJ28IKGS1GCUSzarbwUqf

170 B
188 B

19ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ARnp8GDqYT_jPl9qS4Z3Ei69fsYsMfUnPlW3Yk2Zs95EpddcUIJODkYq6P2HhF0hoj9ShHAUFxDkcGzzJ28IKGS1GCUSzarbwUqf

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Jun 2022 06:25:09 GMT
via: 1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA50-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ARnp8GDqYT_jPl9qS4Z3Ei69fsYsMfUnPlW3Yk2Zs95EpddcUIJODkYq6P2HhF0hoj9ShHAUFxDkcGzzJ28IKGS1GCUSzarbwUqf
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: y_lGZnOCi6x79fIRAdYdkDb6-SK_oAvQx8BgeiSxR6HwRAFLnZMrXw==

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 5D17 43 B
65 B 15ms
14ms Image
image/gif 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEDIHXrCuLCED3bF_4h3jHQA&google_cver=1&google_push=ARnp8GAMjd4-tvR2D_iWdFbymJ5aiJWCcKfQVedKeD23kZUBJg3Af6ntQHSpadtsY0ya3Z_YxB_OTWmTjqj_jyY1qRyszqC0LUjvfKU

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Jun 2022 06:25:09 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5D17 0
12 B 15ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JmnImd9uuy9PnPbLuDe0fw1DHayiyes5IBlqYzaj-QmE7PGDZqnRlIymkp5fNnAcoJdOUQ1A

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A3AE 0
0 49ms
48ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022062201&jk=2430586817231220&rc=
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 bannerify.css
s0.2mdn.net/sadbundle/210455675382575598/ Frame 4C14 5 KB
890 B 8ms
7ms Stylesheet
text/css 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/bannerify.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e5eea9d861ec6f5cbdf98d058098b02920b77cfc44bd788df4fe83654e5c5e13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 861
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 578515114.jpg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 327 KB
327 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/578515114.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c735ff87872fe6dc846929f596c39f30c803b5a056c88cd037b995c94c48b75d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334823
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715053.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 6 KB
2 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715053.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5633db8a7b67fd33a591df74e0c3f091aebf7f4e115e1219d172c16e4475210d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2191
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715054.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 7 KB
3 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715054.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

93ce6a6c55d11da55a1682c0f34ece7daefd175ef724c3b80c38a2cfe42a9df2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2876
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715088.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 3 KB
1 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715088.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

da73894b515e6dbcdc760ceb8d0c4fd4e74dbc42a48ef526e53495eb493f37e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1257
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715220.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 192 B
192 B 11ms
8ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715220.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

43e54afd88ff31836c28e4b238a2d9e42bd42101884a7cf8b84e4913475dcc1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 163
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715221.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 195 B
194 B 12ms
9ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715221.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

172a0bb0d8a0670909e1036587abf27b626f249f64ab6b1909afeb2da1edb4d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 165
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715223.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 192 B
192 B 12ms
10ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715223.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b4d8f353c6fff8c0ddbab6d7320f5a19dc698033d30c98a8f9655e1a3a0c28cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 163
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715228.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 193 B
193 B 14ms
11ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715228.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

886df2c17ea75d0654cd8053a98dcc745b5800ab1e3ef934f162a3fd047f6f4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 164
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715229.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 192 B
192 B 17ms
14ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715229.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

33fc12f83bedfa1aade8ecf2eb069635b391475b6d93e4d3613f6a7649d04a14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 163
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715224.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 192 B
192 B 17ms
15ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715224.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b4d8f353c6fff8c0ddbab6d7320f5a19dc698033d30c98a8f9655e1a3a0c28cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 163
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715225.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 193 B
194 B 15ms
13ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715225.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a2e3a7131ebe4f34610b7d51a222cd293e2420fdee1f5e8e9e564b14cb8dd2ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 165
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715226.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 195 B
194 B 14ms
12ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715226.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

75e1ac6947461280b4b1b64c568c458dffec1fe86d9905f406d6267ae5b56fda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 165
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 580715227.svg
s0.2mdn.net/sadbundle/210455675382575598/images/ Frame 4C14 193 B
195 B 15ms
13ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/images/580715227.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

48c55a3eec777695404fa1a0e707a3ed28e0a9f71e1025f9355993d4301ea0c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 166
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:21 GMT

GET
H3 200 bannerify.js Show response
s0.2mdn.net/sadbundle/210455675382575598/ Frame 4C14 825 B
402 B 8ms
7ms Script
application/x-javascript 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/210455675382575598/bannerify.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/210455675382575598/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6b24d467c5486a0485ec8d5f5c946b91aa605f3cc5c354bb74c61746dc80285d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/210455675382575598/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142978
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 373
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 16:03:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:42:11 GMT

GET
H3 200 lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js Show response
pagead2.googlesyndication.com/bg/ Frame ACDC 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 21:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 21:56:32 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206160101/ Frame 0120 340 KB
120 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206160101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4485239425924787&plah=reurl.cc&bust=31068166

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a4701dc0687fb81d0feede739e6bdc70f1b43176808b14614905b0bcef04123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122742
x-xss-protection: 0
server: cafe
etag: 617958396531989791
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Jun 2022 06:25:09 GMT

GET
H3 200 lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js Show response
pagead2.googlesyndication.com/bg/ Frame 5B11 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 21:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 21:56:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DE7 42 B
63 B 40ms
39ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AFhSy7aSGVdnMkAhmLhoPeX829rs1wJwBTiK98QKUoPk4Awb3dm7PjqGBldTBAgdTClfFV_uoLMeVAYF1Iwv3JY_lS8C6Q_59uvXIkWMsTC_AxJXs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 5DE7 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 199
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:21:50 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 5DE7 17 KB
7 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:21:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:21:10 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5DE7 0
0 16ms
14ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTfxkYzj9_hoGsb-YppuAPLrF7IgrNLwRmbiAHbZ6s3sX2DAAgOl7bbwoesPM--ciJvXniXeTuWSIS2utG6Bv-bDVOk-g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5DE7 137 KB
42 KB 36ms
18ms Script
text/javascript 2a00:1450:4001:827::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 06:25:09 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 68D0 640 B
316 B 22ms
22ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNUrGkCrWTClIpz7pOrLBW_p6yF9pfs2TfVmYKbU0G-t-Oc_8vuFlcG38On-XlotDxD14u-LJTQSFDJPvoYA-tEQE4Hp2uK8-ZKj_FYE7xd-q05WUuP85YsdcXKAK4dhbdXB879Qoeh9NAstH3uFmxXWgycgC9QyQZ0lO6Q075vDpLz5qss

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 295
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5DE7 76 KB
32 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C04MYhYZ-xjIccQthBdBqL4x23tieY8dYdkNhWb1hAndbHx1AOX69C_4Z_273U1AHD9fvul97iqzF8HsgUqvm7h9bfgPInjP7_Uj6w3euTbHRDl48qfOMAIADOwm9O0O6bRg8h7KVBORjBHYXDaJFCFZ08ow&dbm_d=AKAmf-ASjNTb6z7ijUtRtr62d9Ez3KTUSZSedXREpYlqKzmXNXjKtkiLiz93dOkxDLfXWqEYYSaqjaJ83V8QNljZRFLTxyg1XxS1GKRBp09DCCm0O_crpyzEI7infzqHZxeE-zCU35p09EbIHw9lwZ4X0vPbNydEAMDxDzckl6AKXupg84CoinZYrSfzgCZXsOeMzThAkYx6Ff2mO03c_MjPlCZoQ6pInDuN-ptNb9X0tx3t0j9XieYzgeHtvGswn_Or34V1GG9iDcu8Es-aX6938ZU0wdVDFPfSCz-X2vZZohzq3FTUkVCJ6WWFnVExnrOBfrArTy3ZZndlP8efdMnOZ1DppLW31PEQDfvBtwf68DAio0jvyRfbmUm0wnI9ItrRScZ7xA412L5zN66hneXNUKmULVFvS_KP36anOlX3CgqjveVPgNUOqgCTjhfxsV_KBrFjpA-tp7gvuV5ZWSjSzJDE9e4J_vUnEHWSuV4M3a4atNb8S6SRCC44nSEW0heLPXvIudTtDYMho-cfVmsncMOvFHszt2eoQklJdakqCGlyTMkbFQOzgf1hLJ_OR1v15w0SSzqvVrNJ7tQvispIBRxYA_MMCt7meO2rW5ml2bJLiULhQw3rUlcOvkQ3NVTeyRHvRl84THFSHDp-itnePhr5fv-2k-8U-G1rsKzWkxEiCJDyt_76W3eKjFrRs80d1bUTOaePdmek7gaJ2AB64K_BUn7oY3RNEUl1ClYkqZwFcJvr28YoSit5d-x_TwGOT1KX1bWYNHEB4t8NaEPHugs6iZmfo1IIyT-2ZRJquhkiCSmhNFwrv90LOSWpSlwX8aL_cO_zUvIbJoiJxjWcBSRRLkWfDrnwXcL-bsP0Bp5spmKcvE0ESJj8iyyDKlGfElWM_CU624pSXsD8Aft7YY0UNDpXGm62TJhrP0x47okxZIsZ18RB2CQFxPsgNH6AdReohSKmxf7C_Vu0Jyx_QhiJHg90P5SMXDpmT8HJ2yL7rzwOdaCDjGugEFrsb3trmdR5TJte9IB7WgsDAI_70KVXN8zjwfwgHbezSRBLWSVSzN1EUVHtvjmOvMgWas2ozgteBz7-gDq72guaX1oZ4rjlXK3OhpdipFshO-WYtG12vPPGcTR3ipVjidph9uXWwJuEGT4PnGJkaCJxhx7X-0DcIgRGkl1G9PTAthiB34Mq574NSseyHURPSN9ig3HEzJVP1dYwYi6s4ePzNjehyP223u6XD6s1msfrR_uoFR34QT3gxGz7xupVt-wjiDhwrPZrJS9gjrahfg8K5bNzwIxc3EunHR--8crnimV3BEZUpssuB8Esf8FfE9Jat3mdP7Uo3DdJKRjI0RUl_9uyFfYcqJYW89tnnjQvSPmudSIGsoyK0tHgAaF1QUrjk6A6zDNXCnVKQdizr3obRQsjg0pn7ygDRyzUpgCpbZcqXR9DQ3TfkJZmROBtnWY4pq5jsMAq73hU4P_ncgiRCkEoJjv1gWhU-v63rjT2WQSgBgvCEypLpznYgAmTa_17YKG62N68Ju1nhKIwdFWmHA-XhjyAE2ljnijckPTIpOAaYebIK1ts-ybB5pgeLp63sfl2LXNeYv7CANdM--6y7ZUCq9JG6MOh95_OF9lYDUhKHTCJknFBesTo3mK3PVsSnZjKZg_IOABDBObMF5J-Hme7rgSgZzzMWO5FnY_ICpvCesFgXff8l5TwrmM9z5fsV8_mk3eZRIPPhpYumV7bYeLkMNQgl_Gx0dyRcEF8I5k68TctORi-HMROn0aTucRHZVTnx7krD0L-h-x_nAlKKjYk5z5RUBYpi1V2Vgn8PASQ0fM84iY8x1qYzoISSzZeVbmXpFMdR0RqCAputFzpRd8yHZasZOsM617j4PoLDREAr6J69-_WVyII5D6KhHem6Iymm-j6Q5eKyFt8KCBJCEsWdIdHjIu-eJX98lb5U4mF30J3Hnm0-0cBjM-m2MgnUdWRKBsStpmKfZZrnvIK8M0WsWsglsu4wZP7qvfN1yFquA4f-kbEp90kWngFEeklY3eV_rz0gWnAONEYtdGY23kBkf7qO3T9k4FBaifDBMpZSZK-Qsb4NqPWe06RSov3hYAiGahPt54YQTIUjzI7C5QbWBOzEb6_Q7AUJVeqIDEkr9cnTVFr5Zu_VkoBkk7b6DJfEKKIl6xOxakr8kcYHq26E5I6OxgDZhYY4JqDyxVEZs9rgesKvva8pVApXDjNBqSFtJA9LTyw7qE9Lp-ogsh71f3_3Gtb9me2s7rk-kyvrRGtjzrWb95BJ-mRyC29O11l7cu4nDQXdo8_cKeLuBga0aq-DcwJrWERh4UKSpkdM3A1apceEMuRScQ3WifLo1Q5lkVS4TsPN_QcfWWDt3uhRDkVZdDY6hGBm9Ua7dheHvMFFwV9FIiQroyYpjYpHCbUnMaOWIMuh5QvFGDUkbitJ1T4wzTkOwxrXVt-hQHxdsswmAouvqQBr4jqKPA6QZUP4gZ7EinJveasJhUPT4H_Wpj5fKch5VgofGuCozllAfkmctZkai37EYArradaWRrEHVwtLJ37DT0SLyzc_02Ol2kwjMFifFADH9lUS_STVrM5Crm_qcm7KC4Ik_oa7ljlWyaw-de3VqEgLkvEkUyHw94qUvg9I2czk9CjM2hQ5PLTG_NBRprd9Rq4sVlk9KIcjK-Yw6X4eTtjfbgKt8WBWXwvy_v-1uMfAk9wXdfk3nWt6-pP1S-0Pj3HHzeYPKf00aRbCbrCtjOvZZhVkg54wnbPTtwoizFlllrj9EVK826RbDlIRUr1xsiUUxqsEJF7PIa91NMw0ax4BGbeYM64-rtx52vaBuwvoGqaFSlIEUMkD4EZ09AFwjPcpt0qNFazi-4aOXI4nNqKjaBJ1B3lLE1qWrf_ogTWpyjWA1OefgWqGPuYmVdKvHYLJsFPibDay_uJ9IJw72orV-dqeZM9qC3Pt1n3RI7uDb1fAfoBpA1OAwgKkHNelMBMhrjuARjcCQRqJG7n4eaOeEYOIk1pBhGp0wb4t8-Ux2-8HD8MCMnhaOREQ5ZkqnDrBtN6jlOnjZcxyqFEdRzR8TEGYLxdvobg5Su6UuX9tc2jgT7AVOVAYzmUGZR3ZeVhwW7zGlq4jCrOqzFE2mVzEtVmxLdORp0ErBGPig5irttku4rI2YbkW8KgKBHY8itzYUCCMYDZ3y3kIMgIvcbtPEQP_6RxJyRP5hDOyZMRusn4UU0ln_gMF_CjtOhwEf3g2yp2noU9NMh_2_yoUWmPcTXm88vuzf5z9hrz_L-vhBbTPVvSUL7NwVrMrp4&cid=CAASJeRoNOIz3JvTA4agLbCW5WVspghmsi86titmR4pxgeOOfdqSW0g&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11d82e2a37443898cee73b856766a4a4b7043eaa260631d81304ed8fcbbdfaf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32843
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1D4F 0
26 B 61ms
43ms Ping
image/gif 142.250.185.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssViPWjCSNB0GboYY5kMYQTNgOCSihhkiIteCOYiwwSKl3nXGpiGsSf80n0I5ARa-LBWQ4c_Q-VQpmvDvJ-rUX0ZUaSp-Fn7BdcUpOWLh68EnQie2P4qbsLJTw7vwCB3xoT3zg3mSKf_PwPTFXjjXXjQrrB0IBiLSNp6Yjcpgq6a6KAAdM7eSfcMTzqpHDHgqkKwRfUU8LFoma-y5N4xiWcs1W2JjpY7MJjJsB7lm7lnYvQSj-e9DD8c7ogxf5xYxkwd899Vfvws44um72srk0L1gvHcRZ1h6sspooitvcy3VNizdGME5ZGs3D7QdyHzzMMZuvBQn1mYVONxNBIgCMIrNDkEug9mGGeo_u34JN532p6JGAYCj2M_cSKavI-ip6ss4hlkyP69k6juRu5D-yVrUUEiuyQbIdVfvqorAXXQKBpC5xX-AAaK8lI--f1OXe6u6InU4g3GH8HNJ96BwXNUIp-nOqgTN4JWAu41kon4gS9xjB7X2brpmff0AacOIcrlkNVum3SFAEqrjCiqi4cBQE38XaIyI5HH84CAqSOKhukOrKGuYYlwQ7xLJfJDcApy-acA_3eov0NoNyeTsUCXs_AkRNJQVkk6kKiCrP65au2qe23oS3w0fIK866WqkEZd_N4yl5bK7_zZioexFS6nhYk0IwWmXmxbbsOxmJ0t3EAwlhuPDoNKDU-bJbUhimVR_MIBfTEkqP6QC0dH1xyvJMPQ3RINFSWhYjRiVHdieBGSl1GkTcyG5WR4pmpNWFf6nw5pZuqf6U-sqcEwplkVuiQJrhjUIFZR3CJ-TjOTFzrjgQyDJywguCdf93FCy86PanWdwciSsVfy1V5aRyGZ644hUBAVy_nJGQ5JHXpGnd6LKue5kjn8HCzzRgR5YX83fdYyJKVnRPdwuU4XXxvlErdg-tDQbhPAESTI_mJ-CcxhIuL0CEnIcn1tlLkCvGHt93xchKZLyVUi59hUxpHeVgI-3I9d43QXjsH0DlSlQSKE_k0AC6t3qYljb0tMzNGdmoeTus_kOCDhO0L-rQi9Xt8_tr6-LoXQ0xTQg2TRT6ndB8BcMD7QfxWNIwwZ_vNiPiWkzP4XWiRCMePGtR5CLbdMpGE48SPlmbHmkHPa6nIBrF9xjWRVJWOExu8fg8eSaBULgF11VaV-ZBCOC4Y-TJA_FOBMg0kZd2rDadEIZg90Wr2GjE0gcSHZwxz3L10jKptvodpAVpXxQ-Ytk9mDr5S-FWBD_CI2ARqLaID&sai=AMfl-YReNE3IquUp7cN0cLyFBZ-ZEAa4KBOjyTb_b5Lqze4gD9iOhI-OSzZmcf6BEJjjjaWX6ISe_pR73ftaSw6wPk21HqSJE0AjedbFB3U4jYqkGIPhqf8Jrr6gTM-CjtaYn67l_V2ujapai4xa-gM62hdqwxXAMy0mP676xmkfHghrZaauG8qTBZMzyv3SOL8xR1wbrt6q4EuHM9Rzs2ZqLXNW&sig=Cg0ArKJSzB9Nvq0DPSL4EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=462&vt=11&dtpt=273&dett=3&cstd=186&cisv=r20220622.34845&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame BA09 14 KB
10 KB 26ms
23ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220622&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e4e303bee9152bd487e324a9abeebc77b8e9323396d1fb4c4895577da5fede4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10664
x-xss-protection: 0

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 0120 12 B
53 B 15ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 0120 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0120 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reurl.cc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B937 18 KB
10 KB 185ms
184ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

640bc5966402f9283ba2ddfab231b7c98d71257fbd23a0e09623f0879ddf9b4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 9761
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7B7F 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?wY-wuw
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame BA09 17 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 06:25:09 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1E3D 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?OqoflA
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 68D0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPCzMo_lIosTI5Q4ASBxENQ&google_cver=1

43 B
275 B

22ms
22ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPCzMo_lIosTI5Q4ASBxENQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNUrGkCrWTClIpz7pOrLBW_p6yF9pfs2TfVmYKbU0G-t-Oc_8vuFlcG38On-XlotDxD14u-LJTQSFDJPvoYA-tEQE4Hp2uK8-ZKj_FYE7xd-q05WUuP85YsdcXKAK4dhbdXB879Qoeh9NAstH3uFmxXWgycgC9QyQZ0lO6Q075vDpLz5qss
Protocol: H2
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPCzMo_lIosTI5Q4ASBxENQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 68D0 43 B
145 B 464ms
441ms Image
image/gif 35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNUrGkCrWTClIpz7pOrLBW_p6yF9pfs2TfVmYKbU0G-t-Oc_8vuFlcG38On-XlotDxD14u-LJTQSFDJPvoYA-tEQE4Hp2uK8-ZKj_FYE7xd-q05WUuP85YsdcXKAK4dhbdXB879Qoeh9NAstH3uFmxXWgycgC9QyQZ0lO6Q075vDpLz5qss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
content-encoding: gzip
server: OXGW/7f1e280
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 68D0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEJ405pRbf7pD3TSzBpOI3G4&google_cver=1

23 B
172 B

73ms
41ms

Image
image/gif

104.90.161.232

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEJ405pRbf7pD3TSzBpOI3G4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNUrGkCrWTClIpz7pOrLBW_p6yF9pfs2TfVmYKbU0G-t-Oc_8vuFlcG38On-XlotDxD14u-LJTQSFDJPvoYA-tEQE4Hp2uK8-ZKj_FYE7xd-q05WUuP85YsdcXKAK4dhbdXB879Qoeh9NAstH3uFmxXWgycgC9QyQZ0lO6Q075vDpLz5qss
Protocol: H2
Server: 104.90.161.232 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
cache-control: max-age=0, no-cache, no-store
expires: Fri, 24 Jun 2022 06:25:09 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEJ405pRbf7pD3TSzBpOI3G4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 68D0 23 B
172 B 97ms
42ms Image
image/gif 104.90.161.232

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNUrGkCrWTClIpz7pOrLBW_p6yF9pfs2TfVmYKbU0G-t-Oc_8vuFlcG38On-XlotDxD14u-LJTQSFDJPvoYA-tEQE4Hp2uK8-ZKj_FYE7xd-q05WUuP85YsdcXKAK4dhbdXB879Qoeh9NAstH3uFmxXWgycgC9QyQZ0lO6Q075vDpLz5qss
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.161.232 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
cache-control: max-age=0, no-cache, no-store
expires: Fri, 24 Jun 2022 06:25:09 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 5DE7 106 KB
37 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 19:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39924
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Jun 2022 19:19:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/ Frame 5DE7 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C04MYhYZ-xjIccQthBdBqL4x23tieY8dYdkNhWb1hAndbHx1AOX69C_4Z_273U1AHD9fvul97iqzF8HsgUqvm7h9bfgPInjP7_Uj6w3euTbHRDl48qfOMAIADOwm9O0O6bRg8h7KVBORjBHYXDaJFCFZ08ow&dbm_d=AKAmf-ASjNTb6z7ijUtRtr62d9Ez3KTUSZSedXREpYlqKzmXNXjKtkiLiz93dOkxDLfXWqEYYSaqjaJ83V8QNljZRFLTxyg1XxS1GKRBp09DCCm0O_crpyzEI7infzqHZxeE-zCU35p09EbIHw9lwZ4X0vPbNydEAMDxDzckl6AKXupg84CoinZYrSfzgCZXsOeMzThAkYx6Ff2mO03c_MjPlCZoQ6pInDuN-ptNb9X0tx3t0j9XieYzgeHtvGswn_Or34V1GG9iDcu8Es-aX6938ZU0wdVDFPfSCz-X2vZZohzq3FTUkVCJ6WWFnVExnrOBfrArTy3ZZndlP8efdMnOZ1DppLW31PEQDfvBtwf68DAio0jvyRfbmUm0wnI9ItrRScZ7xA412L5zN66hneXNUKmULVFvS_KP36anOlX3CgqjveVPgNUOqgCTjhfxsV_KBrFjpA-tp7gvuV5ZWSjSzJDE9e4J_vUnEHWSuV4M3a4atNb8S6SRCC44nSEW0heLPXvIudTtDYMho-cfVmsncMOvFHszt2eoQklJdakqCGlyTMkbFQOzgf1hLJ_OR1v15w0SSzqvVrNJ7tQvispIBRxYA_MMCt7meO2rW5ml2bJLiULhQw3rUlcOvkQ3NVTeyRHvRl84THFSHDp-itnePhr5fv-2k-8U-G1rsKzWkxEiCJDyt_76W3eKjFrRs80d1bUTOaePdmek7gaJ2AB64K_BUn7oY3RNEUl1ClYkqZwFcJvr28YoSit5d-x_TwGOT1KX1bWYNHEB4t8NaEPHugs6iZmfo1IIyT-2ZRJquhkiCSmhNFwrv90LOSWpSlwX8aL_cO_zUvIbJoiJxjWcBSRRLkWfDrnwXcL-bsP0Bp5spmKcvE0ESJj8iyyDKlGfElWM_CU624pSXsD8Aft7YY0UNDpXGm62TJhrP0x47okxZIsZ18RB2CQFxPsgNH6AdReohSKmxf7C_Vu0Jyx_QhiJHg90P5SMXDpmT8HJ2yL7rzwOdaCDjGugEFrsb3trmdR5TJte9IB7WgsDAI_70KVXN8zjwfwgHbezSRBLWSVSzN1EUVHtvjmOvMgWas2ozgteBz7-gDq72guaX1oZ4rjlXK3OhpdipFshO-WYtG12vPPGcTR3ipVjidph9uXWwJuEGT4PnGJkaCJxhx7X-0DcIgRGkl1G9PTAthiB34Mq574NSseyHURPSN9ig3HEzJVP1dYwYi6s4ePzNjehyP223u6XD6s1msfrR_uoFR34QT3gxGz7xupVt-wjiDhwrPZrJS9gjrahfg8K5bNzwIxc3EunHR--8crnimV3BEZUpssuB8Esf8FfE9Jat3mdP7Uo3DdJKRjI0RUl_9uyFfYcqJYW89tnnjQvSPmudSIGsoyK0tHgAaF1QUrjk6A6zDNXCnVKQdizr3obRQsjg0pn7ygDRyzUpgCpbZcqXR9DQ3TfkJZmROBtnWY4pq5jsMAq73hU4P_ncgiRCkEoJjv1gWhU-v63rjT2WQSgBgvCEypLpznYgAmTa_17YKG62N68Ju1nhKIwdFWmHA-XhjyAE2ljnijckPTIpOAaYebIK1ts-ybB5pgeLp63sfl2LXNeYv7CANdM--6y7ZUCq9JG6MOh95_OF9lYDUhKHTCJknFBesTo3mK3PVsSnZjKZg_IOABDBObMF5J-Hme7rgSgZzzMWO5FnY_ICpvCesFgXff8l5TwrmM9z5fsV8_mk3eZRIPPhpYumV7bYeLkMNQgl_Gx0dyRcEF8I5k68TctORi-HMROn0aTucRHZVTnx7krD0L-h-x_nAlKKjYk5z5RUBYpi1V2Vgn8PASQ0fM84iY8x1qYzoISSzZeVbmXpFMdR0RqCAputFzpRd8yHZasZOsM617j4PoLDREAr6J69-_WVyII5D6KhHem6Iymm-j6Q5eKyFt8KCBJCEsWdIdHjIu-eJX98lb5U4mF30J3Hnm0-0cBjM-m2MgnUdWRKBsStpmKfZZrnvIK8M0WsWsglsu4wZP7qvfN1yFquA4f-kbEp90kWngFEeklY3eV_rz0gWnAONEYtdGY23kBkf7qO3T9k4FBaifDBMpZSZK-Qsb4NqPWe06RSov3hYAiGahPt54YQTIUjzI7C5QbWBOzEb6_Q7AUJVeqIDEkr9cnTVFr5Zu_VkoBkk7b6DJfEKKIl6xOxakr8kcYHq26E5I6OxgDZhYY4JqDyxVEZs9rgesKvva8pVApXDjNBqSFtJA9LTyw7qE9Lp-ogsh71f3_3Gtb9me2s7rk-kyvrRGtjzrWb95BJ-mRyC29O11l7cu4nDQXdo8_cKeLuBga0aq-DcwJrWERh4UKSpkdM3A1apceEMuRScQ3WifLo1Q5lkVS4TsPN_QcfWWDt3uhRDkVZdDY6hGBm9Ua7dheHvMFFwV9FIiQroyYpjYpHCbUnMaOWIMuh5QvFGDUkbitJ1T4wzTkOwxrXVt-hQHxdsswmAouvqQBr4jqKPA6QZUP4gZ7EinJveasJhUPT4H_Wpj5fKch5VgofGuCozllAfkmctZkai37EYArradaWRrEHVwtLJ37DT0SLyzc_02Ol2kwjMFifFADH9lUS_STVrM5Crm_qcm7KC4Ik_oa7ljlWyaw-de3VqEgLkvEkUyHw94qUvg9I2czk9CjM2hQ5PLTG_NBRprd9Rq4sVlk9KIcjK-Yw6X4eTtjfbgKt8WBWXwvy_v-1uMfAk9wXdfk3nWt6-pP1S-0Pj3HHzeYPKf00aRbCbrCtjOvZZhVkg54wnbPTtwoizFlllrj9EVK826RbDlIRUr1xsiUUxqsEJF7PIa91NMw0ax4BGbeYM64-rtx52vaBuwvoGqaFSlIEUMkD4EZ09AFwjPcpt0qNFazi-4aOXI4nNqKjaBJ1B3lLE1qWrf_ogTWpyjWA1OefgWqGPuYmVdKvHYLJsFPibDay_uJ9IJw72orV-dqeZM9qC3Pt1n3RI7uDb1fAfoBpA1OAwgKkHNelMBMhrjuARjcCQRqJG7n4eaOeEYOIk1pBhGp0wb4t8-Ux2-8HD8MCMnhaOREQ5ZkqnDrBtN6jlOnjZcxyqFEdRzR8TEGYLxdvobg5Su6UuX9tc2jgT7AVOVAYzmUGZR3ZeVhwW7zGlq4jCrOqzFE2mVzEtVmxLdORp0ErBGPig5irttku4rI2YbkW8KgKBHY8itzYUCCMYDZ3y3kIMgIvcbtPEQP_6RxJyRP5hDOyZMRusn4UU0ln_gMF_CjtOhwEf3g2yp2noU9NMh_2_yoUWmPcTXm88vuzf5z9hrz_L-vhBbTPVvSUL7NwVrMrp4&cid=CAASJeRoNOIz3JvTA4agLbCW5WVspghmsi86titmR4pxgeOOfdqSW0g&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:14:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 625
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:14:44 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/ Frame 5DE7 27 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 748
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10545
x-xss-protection: 0
server: cafe
etag: 4672069523611413616
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:12:41 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5B95 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5881
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 04:47:08 GMT
expires: Sat, 24 Jun 2023 04:47:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AADD 783 B
534 B 19ms
19ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fd3fffc6d6dba71bf9c9c368f4ad5d95bcb419fabda1430cfb23e98aa3803a31

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zdP6tpWO-o1tA8ItuOi1FA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-zdP6tpWO-o1tA8ItuOi1FA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:09 GMT
expires: Fri, 24 Jun 2022 06:25:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 DE_Consideration_Contradictions_White_DIS_HTML5_300x250.html Show response
s0.2mdn.net/sadbundle/8169253649497119168/ Frame 330D 9 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8169253649497119168/DE_Consideration_Contradictions_White_DIS_HTML5_300x250.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

66da7d095d3ca20f29a973167ba48a9e398db880060bcbe5f7731db1171befca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 142945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3086
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Jun 2022 14:42:44 GMT
expires: Thu, 22 Jun 2023 14:42:44 GMT
last-modified: Sun, 20 Feb 2022 14:03:15 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5DE7 0
27 B 52ms
51ms Ping
image/gif 142.250.185.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss1uJJVAIvPNvIq86LQi2OIkrTW0VMN8Gm_-_1wp2e_tmzaue_jNEfcJb05mq-mkMuyxQimpG_v0kZifd4exspMLHpIX7KZ7M_7EqQx3tnw3TBRmD1-v5LU9L12huWDlt3bK2jBUOXiUpmhppW6YhWGgvH1T6dV6sxzy4rTNAmwuL12Cgrju-o6-cgjw9VPrC6g0fR2pvvknZzGvBfkhwJq7L1jpCkT5OwDRJ5plbcfX9Ic1_d4kpX1bGnOXZs0gNM5rr7lc8gG28m5sQDBmJlmJ4-Sj5jE7SE9LppRaTzP5ZJku3ivZgyuZATWz_rmPRFjpuzgEKvrryFZRY_Gn_tfGmszhV6oHYQeV7xrP15flgfir_9EgiuBV-edoETXPDLAAGNQN883F6pXvvqvadZ_XSToPIMOJFHU4qCfpcEMefyGCeS3qqMSuCfyRatW649zrHKOcFkee7Q6ArzZK2gJNF4aym2-DGn9-h0Br6PfbUNRGISiTgqa4D79rBVcKOGuyghvEK_Xo7-2y75CiH7p6gk-aMv4RW5wmJazqrW64FB081-G4vBrUjZzBLQZdB8xJ067erTvnA0Go582kd7xgX6rowD9sgLO2JaX9uxxd3MaHmgHTXTdhT-NP5dx_KoP0PnnoIazaUsKbPqzBKQN2jviEPfOJPA8PYqmPKsQcYm5LA4UIO6RnTTWkSJH1nbCGrLOpJo6RkSsfJR8IDVGuE1yxpQxIK-7tF2oz1LN9cGLJ8ckaPjOE0nezpZ2OraSgptluQ74_vj-qvxFdLmV9QMXrmKbgMQoFAvRnWqjn36wrFctNt-OcxC59tWbQhEagJiEnKT9fFCM3H9tUa0s_2QOtUp0qA72h-xagcbMAYk0erv1gYiBPREbHdIX0KgxoDF9noAKy7rQvEki8SmCQrVsHw_UxJnogWMdy5sG97U444vD4yODumvoVJAmF1AYNHk2AI3_GWOSUjFFlU35TnkjiNXxv8oX1sgmSFkAOaMtvPCT2f8gNe2ruVrirnYF9E5Y7ZVKW7a4XSleitQyR34KsiUuI6BQUBAMU_qAvzdtOGK38dZFEyETRE3Uevdi9A4BzJUbBVOb8VRZXShqBd2D3zw4ZAiasvY1GxBj06BG02lBN0Z9OxMGUhcbFGDS1EljdzBBeuw3tFxCuqVBwNDml6EGvIB4oCpLbIU1vAA8k84ghr45XTOYbIkQqIhDjKyf&sai=AMfl-YREudy5P7bPZ8lo1bA7KKdTgrUvcItpTmiAAuS4JbDSrZOB525x-ORlMHCew5VNtz1M_MVNUBVh-C3gsuE4_mLyIPBi10bbIng0CyPmG8XWEb3UoPACMSixv1ftZpszcIKLVT3sKeLDPsQ2P5_Coe4gA_ahimHZrA3HgkYAtd8V8CZM2jlwjmNR48OXOWHDMBmLNUOG5jz0YgImoAmbyM8d&sig=Cg0ArKJSzCnZIpiIrBzJEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=78&cbvp=1&cstd=77&cisv=r20220622.76285&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Fri, 24 Jun 2022 06:25:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5DE7 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 325841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 11:54:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 355D 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61137
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 13:26:12 GMT
etag: 48472445140208031
expires: Fri, 24 Jun 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5DE7 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5169bf65d818e4f65180d86cf98ffb9a3fc873ed74450b6dbf6b6b2ccb009619

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame ACDC 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?gNRJDA
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/8169253649497119168/ Frame 330D 3 KB
593 B 7ms
6ms Stylesheet
text/css 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8169253649497119168/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8169253649497119168/DE_Consideration_Contradictions_White_DIS_HTML5_300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b1dd3020beeb52ce820248834024fb863a8cb424fa5e4d08ca5fc60524e24831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8169253649497119168/DE_Consideration_Contradictions_White_DIS_HTML5_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142994
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 564
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:03:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:55 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 330D 60 KB
24 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8169253649497119168/DE_Consideration_Contradictions_White_DIS_HTML5_300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8169253649497119168/DE_Consideration_Contradictions_White_DIS_HTML5_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Jun 2022 06:25:09 GMT

GET
H3 200 animation.js Show response
s0.2mdn.net/sadbundle/8169253649497119168/ Frame 330D 2 KB
623 B 8ms
7ms Script
application/x-javascript 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8169253649497119168/animation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8169253649497119168/DE_Consideration_Contradictions_White_DIS_HTML5_300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

874847e8c027267545c21fe342e0f5803919669ad5ee18fd0b6940df0852bfb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8169253649497119168/DE_Consideration_Contradictions_White_DIS_HTML5_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142994
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 594
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:03:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:55 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B937 42 B
63 B 39ms
39ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-COS6T2YiAnFhhTZbNBWGTOiSlT8UuBHwZXlWdwAzjzomHzNrtYEU3W1sdJgxflWh-JwdjbtNJ3qI2z6eA6zG-ETa3J8rFcKBHQPYC4T8I6ByvQuKs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame B937 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 199
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:21:50 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame B937 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:21:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:21:10 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B937 137 KB
42 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:827::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 06:25:09 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9CC3 466 B
301 B 17ms
17ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNWK8XD0Oi3lzRzaZOa59wNeroMt3Pqg7K3Jo0PR5OjVTDDzZnOgrm7UJaCat4DzNNMkQlLht2PVoy-xWDK1aLgNro80S3Lld61N_2AK3OrMA8dzt7It6qDf06BDk5zj20HbqH4KEimdaHwL8kN1kJOdJnT1A46wHs-wsbXvnaCO1xE6-Eo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 280
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B937 76 KB
32 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BANrfqMesI3AQT-YvyAfOnArXKqs35QFR2Ek2aT-ZN6aovKmzMy2FDNkUGrPn1Tq6v79WnxqPptwjYSNt2s956w4vIwk0_uijCLairm7509ztxXxCrGLaN3463JZ1EtYmZedk5RZ-w515BoFCOFdm9Zq1tUg&dbm_d=AKAmf-C3MiY_aH4TKl2xz3OUu_iv_xNj7pK_yTI5O2uAUHTnXWQRfXTKzQ-s8YvOxAM53JVzrqa2uybukOJ54_DKETzVpfKUREh5la-5D7_EleTm4XAxJvU_o4JsRk58xdEA0EfwxnDya2rYs70HfLvhtYJoJekxYeG5u_SThSto_9Ftb-qIO52-QE8OLu-pEVGFi6B2wCG9crVqVG1qQnFJQQoKEnSvtvDJjm03tvu2zpbvpARnd6moehgkbBIQBXkya-WYRxbvDtR2r3GW5e2xWx8uO9ndqruuglmV3OSbxFZIoxCG3W_mOWVk7roTVnXnGKx8FQJpUiPLSRtXj5KdSiS-bFgmSVXuBuaPBwtYZDxrAbCFgCVbBMznmQFT5tFuouOyQr0WFs-VNtzkq3yKQNEgkFWtzQ8lIgQu59aDYnMDOR7RmuVwBDV85o-F-532mIL6EV--AKGZeurSx4axWVF6xOjJk-dGu6BxwIyAwyZHKUKVSsMG8dCy1XYwoLa-eQdErOTX_ykzPcM8CRHz9vqsEDphtEiTthS2mn5m5SxYPH_C20YDB5NDwVZI9iyFpZxCNl5EJeF_aLevrRdWujkCN1KN9p2203lrLpRhtCvK6sxrDnjXTUhZa8LSONqtg9hGC_OmH9TM0Aan0buzn-1HLKQ7FoFetbpGMafxBv7nElcqzoYniTXIo9dmpNOMELjLCsjRjfNGyDWoutzj17-8nTtNlnKAKIX3VPLuwll6DOppvXmAT9QBUOua_JfEADIyIT-fOem9o_v963m8nU4g84tIMexOjZEmNw8yMholVxhnz9_Y9RC0GMme8-T0CpQF4TUmFBIbu7NjOjd99BPtMyl34_D57YQN0kvtS-7m-gvPG8eGpnj800AAJxSol5xuvOh4w5rdaxggegHrWUNeirq-DSue4kbVCr4qNSpgVQv4IFgIsCDldILnCV0SbHbbaypNpxDzoWFWN57ve5EwT8PzWPLhYKdKTUUlJsB77MDzAkyix5cjm8eFavI9OXT_urdqhtJWpr-8HckZmkdwgpMDG1mPq-Pv-DP6nARFrSCfves8ig6nhwhbC0Sa1yzlp0Bn-qjIpH-aaLsr2uPeiHJM7URFnYlBk9uFFJDDizR-VJvjfHxNcwJo6cSnP5NhLIF4bu4qo8TQ9cBdny06GwNR4BYMsV4JgA3Rd7XSVBnWyrAT3Cp4ek4FnKkkGHj_KnG2r_OcIqma1liv3pznFZwIsI_9wARwXdVlSTO_fb42lM_6hyJhmIjBCPkExOuR4f7aLIrwi-bt6nMXN8IXk-KyfQefxvXnIMYSL01aFSH1hWEU8CuUBB2yTMhvADtGccXszmWnzS7YIxPWdZueu4wPYXjkYyU8bb4MgAWAv1qn4mtgG9FntaExttgd7MTBvAA0O5J87s2mQHj3jD-xeyGVQ1frlteDBRprMBKYUXwGLWSq1N2iSLNyKZwrlFUItH0m_FM2oGGi4-1ldzj708pcUPZrv283vxR0-icqhuUl56CW-MsVj3r3GXqWBXDqtj530jpPsq8VX4-QUb8Ozu6jtV6G5yc4wiLvPrQ-t6UAlFNSJkm2JBUjh-ZX9uYDpryI5MBsIZUjYOPHlXx1H4oodkXZBzP2Rjp2o2j2DjsfqQJTG2cmX8MxWOmXuQQV3eqJF5PUn91XJNce5WKHBW94PwbzKdqNkCada9LFOzh2nbzigXdLlNNWsKJBfn725ebqofaFW_rbfBE6T9Lft_fpMvl7wLiUAKgNj-ettLh2FgRM_HO3Peh2B0bpraK1fvfO1KozFgYCSQV5CosDaMmqhLR1HlWhKv0lNfYr-XEmR08SQN4S-xjFJKzO6eXpd_y8t14MPhYxtxBROiOMMOhLI8LHFVhlwJ6YwzyYqA9Zsqj1cU6UM_h23ALzNMKIpDTIHkSUZxp_KkY2lSvE1yHdFCaZidQGXF5H2-uWUV7JNZdebHJrMSs3Cs0ulKhQ4sWJ6UBknrXMTenR3cdAxO9XOTecWo5G4X5Vt7BH6n8cMXtlFyeCoEgX1OCGBjj2GvuWljFrwcJOTyYhuDefxWydoi4AqVv6BuBL4mF0qLct6Mg_7Km0bRU0NheLBrxjJ889VpcJUDwVADiPjAGL-8iJEoexNXYKb7UqNMrvZFq_REQvHX3NmdqYW1UFkxL-a3qmW2gQl4sbK-24kUjqLN98svSeNwl6zGTxa8jaH170xOcMyR-Gcd0ipDlRZYj-GVwgJJLouw6NOnMfLVqXHwQ-EcYxxvxjc6buFTMqvlWI55jY4-fiCi7rB3BM1Ps8y3Omgah4z5HIr5kuddy-LCvOD6jOXqF7erFUIIv2azmpVyjNXD-tt2QmFqXNcSQBir096YIRV9NgoX14TwO_YVk0m1fLTxbwxhr6mewXSAQW1FxOA20eX_hsADat1sSNBvgCHunyRnHB4_37_l1Nm69NFK9NHp5vxgXbAqs2G2DJWgEp7wv3sy2tQoCOSW1kq03qJhuIYKuU5hByNZGWxLhSo5GX-ZMtqaiUoZAU4WHrwNX6jKuWmuTqRWzv7SNhHFvoxD8lD8Ms6EuNBL03jhR2StV4BJZHO_dihWaZbRTdK4g_q5X0UfChLSKLYY-5oTWGk7uTjj0GoUhqGmjGgI3L31yCd0gwglxq5RMyK-B7Vn4OzQdk13JRk1mcZRh7OwohLiN5UW1FAIrcomoYNLEbrc2CUb_e5-Fkms8LlC_3XuJEpWMH6Ezgi6Ww0aiIWSEbO_sbXIgSE5mGcr-chlvgAywajpGBzxUgo965hnbipBQPC86l2veGl1dPSujlf2_00RXRMqYpyVj9MnJ_CtNaN224cVqqkposivOBMfF0q3LwPzPpvlkTnlYZd3rENp3loCkcM4_DvpelwvnFlWhz5t7hp4pesve5d_gG3131E3JvcP96-5UeEMnyiHVGqwKZ0GCQEzFwLmtOpFhsPwvFykOEUnyaQ6z-UsI9_9LQ91eJ91kfu0B0fqbk5BMe8oSAZQqIjo_jOCscuhMb7O36COrKwgCwel6-ykCbgsB6IzvJeEy_czdo6bjz9ys7aKfbzy8ASVM_2ack_WpGUa7bzgVLoqcoyB7x4cUCQsuoohx7KvbbTrG7YGclf8Hi3hqMdeDDBiij0_xm1hMxiyIaTaYDZPGv1Utkzzm2QW8RI_g6yWM-YFhtCooyZPIOUpTA9L-MokcWC5NfgpnSqCMJl0VEbRIWBNrgw0a7j-I8ZdgV6eQH4XtrW0esXaZi4PMSer6nbbkmEzQr1ipNZ8GOG3AL7KE7NA_DkeP8ezSCXAk&cid=CAASJeRo_dfFCA02A8j7f2Hd5xsAL0zIk-yUSwC4NYkGV_YkzmnVhbY&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

008480ff77aa23e1598bdedbfe3cd828079c7ac5f405856eddd32ce1cef4615b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33156
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D99D 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 316039
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 14:37:50 GMT
expires: Tue, 20 Jun 2023 14:37:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 355D
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1&google_push=ARnp8GDL0gPUcY1tcDfha7fx0CZ9RVGwupRb6IADX7EzIel4zM3hJpQdxKNA4fhiaev1-h-5Mu2C5FmH-1usgvaqt_vaCAVWWO4
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDM3NzU4MTkwMDI5MTkxNjQyOQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1

43 B
398 B

85ms
13ms

Image
image/gif

2001:678:cb4:bbbb::11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146
Protocol: H2
Server: 2001:678:cb4:bbbb::11 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 355D
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESELFGAkH9tGMr5OrGev77JS8&google_cver=1&google_push=ARnp8GC6xXiIS-fq-3ZhirI754EzUZfgCcH8P51GxBFaZ88n_XZ9nJcW8Iv0y0hz-DmV6mE44zMIQi-oDBpoXyQuN98ndQ1jeCU4
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=4E4037BAAB2348A483080A32B0DC2367&google_push=ARnp8GC6xXiIS-fq-3ZhirI754EzUZfgCcH8P51GxBFaZ88n_XZ9nJcW8Iv0y0hz-DmV6mE44zMIQi-oDBpoXyQ...

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=4E4037BAAB2348A483080A32B0DC2367&google_push=ARnp8GC6xXiIS-fq-3ZhirI754EzUZfgCcH8P51GxBFaZ88n_XZ9nJcW8Iv0y0hz-DmV6mE44zMIQi-oDBpoXyQuN98ndQ1jeCU4

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Jun 2022 06:25:09 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=4E4037BAAB2348A483080A32B0DC2367&google_push=ARnp8GC6xXiIS-fq-3ZhirI754EzUZfgCcH8P51GxBFaZ88n_XZ9nJcW8Iv0y0hz-DmV6mE44zMIQi-oDBpoXyQuN98ndQ1jeCU4
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Thu, 23 Jun 2022 06:25:09 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 355D
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHufvxqwZMpZO4DW0Kaiw30&google_cver=1&google_push=ARnp8GATrceAlF4UiYvWPrFRdrM1SmDF3nPU1e8Qke__U4MI-YPDtZ4AHGd_8dyJPKMmSBQChFQZxbRtWELpULsWMbDY3fp...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ARnp8GATrceAlF4UiYvWPrFRdrM1SmDF3nPU1e8Qke__U4MI-YPDtZ4AHGd_8dyJPKMmSBQChFQZxbRtWELpULsWMbDY3fp4ZMg&google_hm=Mjc2MDQ5OTQ0NzYxMTU0MDE...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ARnp8GATrceAlF4UiYvWPrFRdrM1SmDF3nPU1e8Qke__U4MI-YPDtZ4AHGd_8dyJPKMmSBQChFQZxbRtWELpULsWMbDY3fp4ZMg&google_hm=Mjc2MDQ5OTQ0NzYxMTU0MDE3OQ%3D%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Jun 2022 06:25:09 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ARnp8GATrceAlF4UiYvWPrFRdrM1SmDF3nPU1e8Qke__U4MI-YPDtZ4AHGd_8dyJPKMmSBQChFQZxbRtWELpULsWMbDY3fp4ZMg&google_hm=Mjc2MDQ5OTQ0NzYxMTU0MDE3OQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 355D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=82rAfP1qQbCbBAPh9mxcIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

16ms
16ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=82rAfP1qQbCbBAPh9mxcIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDZYtZaE9oP3JLZIalRvYv6XgnTcdOVRn5GLyChfLUwOIbTmZoPZ89B9h0eVuRcQT3k7ze3S0-115YDv6RvPpmLzLBjBmeB

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=82rAfP1qQbCbBAPh9mxcIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDZYtZaE9oP3JLZIalRvYv6XgnTcdOVRn5GLyChfLUwOIbTmZoPZ89B9h0eVuRcQT3k7ze3S0-115YDv6RvPpmLzLBjBmeB
date: Fri, 24 Jun 2022 06:25:08 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 355D
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESELUrz9jxcHYUDyXwClCYpVg&google_cver=1&google_push=ARnp8GDZjQp76Gis_N8EouAD5lFgHQYh5O2uMn-ueLpCo_2_uX0FehG0PFhNlWDvGHD2T_ym_umZkrF2x-vRGXdO-q9h8o...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESELUrz9jxcHYUDyXwClCYpVg&google_cver=1&google_push=ARnp8GDZjQp76Gis_N8EouAD5lFgHQYh5O2uMn-ueLpCo_2_uX0FehG0PFhNlWDvGHD2T_ym_umZkrF2x-vRGXdO...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=-FFnDECISRisNk-QOvWo0A&google_push=ARnp8GDZjQp76Gis_N8EouAD5lFgHQYh5O2uMn-ueLpCo_2_uX0FehG0PFhNlWDvGHD2T_ym_umZkrF2x-vRGXd...

170 B
188 B

25ms
25ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=-FFnDECISRisNk-QOvWo0A&google_push=ARnp8GDZjQp76Gis_N8EouAD5lFgHQYh5O2uMn-ueLpCo_2_uX0FehG0PFhNlWDvGHD2T_ym_umZkrF2x-vRGXdO-q9h8orZL-Yy

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=-FFnDECISRisNk-QOvWo0A&google_push=ARnp8GDZjQp76Gis_N8EouAD5lFgHQYh5O2uMn-ueLpCo_2_uX0FehG0PFhNlWDvGHD2T_ym_umZkrF2x-vRGXdO-q9h8orZL-Yy
date: Fri, 24 Jun 2022 06:25:09 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 355D 43 B
65 B 15ms
14ms Image
image/gif 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEDIHXrCuLCED3bF_4h3jHQA&google_cver=1&google_push=ARnp8GDAhyK-OgB9nyKLkRYgat7vWlPPR77lr9Pm20CsuPcZJudCQn5UnFVq5i2Ivc2P1xIC31Zyhtk1PNP6yDeKzae-J3GWYkR5Kw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Jun 2022 06:25:09 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 355D
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEL6zxCmoXsBEWeRQuV3y3bE&google_cver=1&google_push=ARnp8GCvlBga2iE-SUi8reaXrMWW4viaaD3dkKEDB1lCQ22StZpa1oFC2OIPkFJuUUfSqm2Cc6wNpgj3VqP...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ARnp8GCvlBga2iE-SUi8reaXrMWW4viaaD3dkKEDB1lCQ22StZpa1oFC2OIPkFJuUUfSqm2Cc6wNpgj3VqPd-wFcOTcxXMDQuiA-
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

9ms
8ms

Image
text/plain

51.89.9.251

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Server

51.89.9.251 -, , ASN (),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 355D 0
12 B 16ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Icn0aJUCrG7mpizpCAyW9Is8ZzSwf_lL06G70cuY9BeFlkU0NjsowMoQ5HCmeJOPRZANi8vXQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13802&adk=655181929&adf=2645242782&pi=t.ma~as.2784%2F13802&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051908891&bpp=15&bdt=921&idt=128&shv=r20220622&mjsv=m202206210101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=380261760&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=365&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=2341969609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C44761043%2C31065741%2C31067527%2C31068167%2C31067989%2C42531607&oid=2&pvsid=2994487905228750&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ic8ra38xih6e&fsb=1&dtd=146

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:09 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AADD 0
0 43ms
43ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220622&jk=825385243156423&rc=
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js Show response
pagead2.googlesyndication.com/bg/ Frame 5B95 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 21:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 21:56:32 GMT

GET
H3 200 copy1.svg
s0.2mdn.net/sadbundle/8169253649497119168/img/ Frame 330D 3 KB
1 KB 9ms
9ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8169253649497119168/img/copy1.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8169253649497119168/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

bacdba5098bbf3fccb394a4bdd9d9bf796ee2cefb861761e3bdc2894fde7a409

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8169253649497119168/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1479
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:03:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:56 GMT

GET
H3 200 copy2.svg
s0.2mdn.net/sadbundle/8169253649497119168/img/ Frame 330D 2 KB
976 B 9ms
8ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8169253649497119168/img/copy2.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8169253649497119168/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

84daed9ce4ba56222c15baea3bb440bc7c00b1908b617dc71e5a937c965f7618

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8169253649497119168/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 947
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:03:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:56 GMT

GET
H3 200 copy3.svg
s0.2mdn.net/sadbundle/8169253649497119168/img/ Frame 330D 5 KB
2 KB 10ms
10ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8169253649497119168/img/copy3.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8169253649497119168/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ae259b9ba9c1746b10122d79cc51bf0fd4db2790ac0cf5cd1c10845a99d2dbf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8169253649497119168/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1853
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:03:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:56 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/8169253649497119168/img/ Frame 330D 7 KB
3 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8169253649497119168/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8169253649497119168/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

18c3c8696d111a522175c9805103f786ee0dc390fa029ee4b012882f03268131

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8169253649497119168/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:41:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2981
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:03:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:41:56 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B11 0
20 B 44ms
42ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5IEuxFi1YsyFN52H7_UPpuSwiAYAAAAAOAHgBAI&bg=!kZKlktbNAAZlcKWdRXA7ACkAdvg8WjmX5I9pU1wfcj5AxsGBrOHPeZBNiDU9Cn9qDXFiG0AWYUBOxgIAAAEwUgAAAAJoAQcKAHtula4RrTzShnt98ENRI3W16XL9v7NycFxLDtwrK8J-eanwJmWCyXYIedOxrUqahOoFTeReXNLnF3nsei5BX38H5O3VFM_tGAF2_jvfMuxdPpVXZVf1rINbv-TvhUKyM8GddysgCzk_fj17M4Y-iSUw1KY_2VyLdZ5sl3uZAxgyAA3Vo4GKYsFg6faL5RpreczY6f74zzWKarAfKj5ISu1KiFgXNP_e-10AwNKYD9_jUx2ffnWFoh__1Apq7NuSrwUTPnHqj2NrgLTdu2vnXa27p3HcchfSjA_TCP1YpZPkIgYjZG-CiVy7aF4OJtkMAZViw75YBZIlD-V9ds0bMOFnDpX3P255GyHBrHPrwsWpe4TXNuVuzLeJ3A0nqu2x7-ZEyrlFxEQ3_s4ud3hj3xb7EGJAW7Fapz6VpKGGMo_o48Axm8pPGMV3Ce7wxBM7QvlsULO7yKOVda2JBsBROvue12UPbITtlQynbhmWi3ktG9G_mCukFA94JJDufPoOWKA7_4CpN8YfenzUhsDL4cpC5sn4oC9PXZUWMq4RSzfsW8Db-mZSsIGekuak8pI0GmFQyK34QjNZZM66H6P1gJi4o2aT7jvUQQB63phHAwLrZKc8G7_nzuL_XYmXiy12koTOgNLjcxw-ihVT9uuGPqiZE1qhA-bVGFIXKaQVzXaWQenvrfZC9Teju2NjtSDO_gZIPei8y1ZiquYKEzEvrPePR6Oq_mgLLpFMf_5795tf4g-vUoItJpyWdqNl784aj2ijHP2xulYeQLbm7uCPcVuX19GCPEKBL--Q3sYp0E90GyW5lktMos3PDEcaxe-XCVqqIJqk228dqR3DEUj0HE4_N99dzJAZaV9OkUHPhOsVz8vT3rWV-0ePC1FD8RA20BhVkKAy3csCZ7laE-0PM1W3gGTcErxMwD4tesJKWB8rM9cTEBvmdxpSgy2pTigfkjkH4AN-YYB_oWYUEJQRZ5MQn57QUFfUMeGAc1ONSPOtoafZEz7zUlV8rEK2CHpt1IC209jopZQICsjxjtUZ5bs5fwscu8aRnYTDaJMUDqmR0hOEX9UTOl4ssFRiute54EZBFV-Oin6KDjfGqJaq-bLaJSSMChtHAQJ-dIFdKJ56XD6hDhBzt2fqk6NbX7aq3vbteUZy4byM1xoqKZGWdkb9Sdmqr2MH_myxmhigqrcg0vw2L3JxqrEYfnZ2hR1X7ueVeHthrMc

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame B937 106 KB
37 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 19:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39924
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Jun 2022 19:19:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/ Frame B937 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BANrfqMesI3AQT-YvyAfOnArXKqs35QFR2Ek2aT-ZN6aovKmzMy2FDNkUGrPn1Tq6v79WnxqPptwjYSNt2s956w4vIwk0_uijCLairm7509ztxXxCrGLaN3463JZ1EtYmZedk5RZ-w515BoFCOFdm9Zq1tUg&dbm_d=AKAmf-C3MiY_aH4TKl2xz3OUu_iv_xNj7pK_yTI5O2uAUHTnXWQRfXTKzQ-s8YvOxAM53JVzrqa2uybukOJ54_DKETzVpfKUREh5la-5D7_EleTm4XAxJvU_o4JsRk58xdEA0EfwxnDya2rYs70HfLvhtYJoJekxYeG5u_SThSto_9Ftb-qIO52-QE8OLu-pEVGFi6B2wCG9crVqVG1qQnFJQQoKEnSvtvDJjm03tvu2zpbvpARnd6moehgkbBIQBXkya-WYRxbvDtR2r3GW5e2xWx8uO9ndqruuglmV3OSbxFZIoxCG3W_mOWVk7roTVnXnGKx8FQJpUiPLSRtXj5KdSiS-bFgmSVXuBuaPBwtYZDxrAbCFgCVbBMznmQFT5tFuouOyQr0WFs-VNtzkq3yKQNEgkFWtzQ8lIgQu59aDYnMDOR7RmuVwBDV85o-F-532mIL6EV--AKGZeurSx4axWVF6xOjJk-dGu6BxwIyAwyZHKUKVSsMG8dCy1XYwoLa-eQdErOTX_ykzPcM8CRHz9vqsEDphtEiTthS2mn5m5SxYPH_C20YDB5NDwVZI9iyFpZxCNl5EJeF_aLevrRdWujkCN1KN9p2203lrLpRhtCvK6sxrDnjXTUhZa8LSONqtg9hGC_OmH9TM0Aan0buzn-1HLKQ7FoFetbpGMafxBv7nElcqzoYniTXIo9dmpNOMELjLCsjRjfNGyDWoutzj17-8nTtNlnKAKIX3VPLuwll6DOppvXmAT9QBUOua_JfEADIyIT-fOem9o_v963m8nU4g84tIMexOjZEmNw8yMholVxhnz9_Y9RC0GMme8-T0CpQF4TUmFBIbu7NjOjd99BPtMyl34_D57YQN0kvtS-7m-gvPG8eGpnj800AAJxSol5xuvOh4w5rdaxggegHrWUNeirq-DSue4kbVCr4qNSpgVQv4IFgIsCDldILnCV0SbHbbaypNpxDzoWFWN57ve5EwT8PzWPLhYKdKTUUlJsB77MDzAkyix5cjm8eFavI9OXT_urdqhtJWpr-8HckZmkdwgpMDG1mPq-Pv-DP6nARFrSCfves8ig6nhwhbC0Sa1yzlp0Bn-qjIpH-aaLsr2uPeiHJM7URFnYlBk9uFFJDDizR-VJvjfHxNcwJo6cSnP5NhLIF4bu4qo8TQ9cBdny06GwNR4BYMsV4JgA3Rd7XSVBnWyrAT3Cp4ek4FnKkkGHj_KnG2r_OcIqma1liv3pznFZwIsI_9wARwXdVlSTO_fb42lM_6hyJhmIjBCPkExOuR4f7aLIrwi-bt6nMXN8IXk-KyfQefxvXnIMYSL01aFSH1hWEU8CuUBB2yTMhvADtGccXszmWnzS7YIxPWdZueu4wPYXjkYyU8bb4MgAWAv1qn4mtgG9FntaExttgd7MTBvAA0O5J87s2mQHj3jD-xeyGVQ1frlteDBRprMBKYUXwGLWSq1N2iSLNyKZwrlFUItH0m_FM2oGGi4-1ldzj708pcUPZrv283vxR0-icqhuUl56CW-MsVj3r3GXqWBXDqtj530jpPsq8VX4-QUb8Ozu6jtV6G5yc4wiLvPrQ-t6UAlFNSJkm2JBUjh-ZX9uYDpryI5MBsIZUjYOPHlXx1H4oodkXZBzP2Rjp2o2j2DjsfqQJTG2cmX8MxWOmXuQQV3eqJF5PUn91XJNce5WKHBW94PwbzKdqNkCada9LFOzh2nbzigXdLlNNWsKJBfn725ebqofaFW_rbfBE6T9Lft_fpMvl7wLiUAKgNj-ettLh2FgRM_HO3Peh2B0bpraK1fvfO1KozFgYCSQV5CosDaMmqhLR1HlWhKv0lNfYr-XEmR08SQN4S-xjFJKzO6eXpd_y8t14MPhYxtxBROiOMMOhLI8LHFVhlwJ6YwzyYqA9Zsqj1cU6UM_h23ALzNMKIpDTIHkSUZxp_KkY2lSvE1yHdFCaZidQGXF5H2-uWUV7JNZdebHJrMSs3Cs0ulKhQ4sWJ6UBknrXMTenR3cdAxO9XOTecWo5G4X5Vt7BH6n8cMXtlFyeCoEgX1OCGBjj2GvuWljFrwcJOTyYhuDefxWydoi4AqVv6BuBL4mF0qLct6Mg_7Km0bRU0NheLBrxjJ889VpcJUDwVADiPjAGL-8iJEoexNXYKb7UqNMrvZFq_REQvHX3NmdqYW1UFkxL-a3qmW2gQl4sbK-24kUjqLN98svSeNwl6zGTxa8jaH170xOcMyR-Gcd0ipDlRZYj-GVwgJJLouw6NOnMfLVqXHwQ-EcYxxvxjc6buFTMqvlWI55jY4-fiCi7rB3BM1Ps8y3Omgah4z5HIr5kuddy-LCvOD6jOXqF7erFUIIv2azmpVyjNXD-tt2QmFqXNcSQBir096YIRV9NgoX14TwO_YVk0m1fLTxbwxhr6mewXSAQW1FxOA20eX_hsADat1sSNBvgCHunyRnHB4_37_l1Nm69NFK9NHp5vxgXbAqs2G2DJWgEp7wv3sy2tQoCOSW1kq03qJhuIYKuU5hByNZGWxLhSo5GX-ZMtqaiUoZAU4WHrwNX6jKuWmuTqRWzv7SNhHFvoxD8lD8Ms6EuNBL03jhR2StV4BJZHO_dihWaZbRTdK4g_q5X0UfChLSKLYY-5oTWGk7uTjj0GoUhqGmjGgI3L31yCd0gwglxq5RMyK-B7Vn4OzQdk13JRk1mcZRh7OwohLiN5UW1FAIrcomoYNLEbrc2CUb_e5-Fkms8LlC_3XuJEpWMH6Ezgi6Ww0aiIWSEbO_sbXIgSE5mGcr-chlvgAywajpGBzxUgo965hnbipBQPC86l2veGl1dPSujlf2_00RXRMqYpyVj9MnJ_CtNaN224cVqqkposivOBMfF0q3LwPzPpvlkTnlYZd3rENp3loCkcM4_DvpelwvnFlWhz5t7hp4pesve5d_gG3131E3JvcP96-5UeEMnyiHVGqwKZ0GCQEzFwLmtOpFhsPwvFykOEUnyaQ6z-UsI9_9LQ91eJ91kfu0B0fqbk5BMe8oSAZQqIjo_jOCscuhMb7O36COrKwgCwel6-ykCbgsB6IzvJeEy_czdo6bjz9ys7aKfbzy8ASVM_2ack_WpGUa7bzgVLoqcoyB7x4cUCQsuoohx7KvbbTrG7YGclf8Hi3hqMdeDDBiij0_xm1hMxiyIaTaYDZPGv1Utkzzm2QW8RI_g6yWM-YFhtCooyZPIOUpTA9L-MokcWC5NfgpnSqCMJl0VEbRIWBNrgw0a7j-I8ZdgV6eQH4XtrW0esXaZi4PMSer6nbbkmEzQr1ipNZ8GOG3AL7KE7NA_DkeP8ezSCXAk&cid=CAASJeRo_dfFCA02A8j7f2Hd5xsAL0zIk-yUSwC4NYkGV_YkzmnVhbY&rfl=6%2Chttps%253A%252F%252Freurl.cc%242%2C%2C%2C%2C%2Chttps%253A%252F%252Freurl.cc%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:14:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 625
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:14:44 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/ Frame B937 27 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 748
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10545
x-xss-protection: 0
server: cafe
etag: 4672069523611413616
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jul 2022 06:12:41 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5DE7 0
26 B 45ms
45ms Ping
image/gif 142.250.185.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss1uJJVAIvPNvIq86LQi2OIkrTW0VMN8Gm_-_1wp2e_tmzaue_jNEfcJb05mq-mkMuyxQimpG_v0kZifd4exspMLHpIX7KZ7M_7EqQx3tnw3TBRmD1-v5LU9L12huWDlt3bK2jBUOXiUpmhppW6YhWGgvH1T6dV6sxzy4rTNAmwuL12Cgrju-o6-cgjw9VPrC6g0fR2pvvknZzGvBfkhwJq7L1jpCkT5OwDRJ5plbcfX9Ic1_d4kpX1bGnOXZs0gNM5rr7lc8gG28m5sQDBmJlmJ4-Sj5jE7SE9LppRaTzP5ZJku3ivZgyuZATWz_rmPRFjpuzgEKvrryFZRY_Gn_tfGmszhV6oHYQeV7xrP15flgfir_9EgiuBV-edoETXPDLAAGNQN883F6pXvvqvadZ_XSToPIMOJFHU4qCfpcEMefyGCeS3qqMSuCfyRatW649zrHKOcFkee7Q6ArzZK2gJNF4aym2-DGn9-h0Br6PfbUNRGISiTgqa4D79rBVcKOGuyghvEK_Xo7-2y75CiH7p6gk-aMv4RW5wmJazqrW64FB081-G4vBrUjZzBLQZdB8xJ067erTvnA0Go582kd7xgX6rowD9sgLO2JaX9uxxd3MaHmgHTXTdhT-NP5dx_KoP0PnnoIazaUsKbPqzBKQN2jviEPfOJPA8PYqmPKsQcYm5LA4UIO6RnTTWkSJH1nbCGrLOpJo6RkSsfJR8IDVGuE1yxpQxIK-7tF2oz1LN9cGLJ8ckaPjOE0nezpZ2OraSgptluQ74_vj-qvxFdLmV9QMXrmKbgMQoFAvRnWqjn36wrFctNt-OcxC59tWbQhEagJiEnKT9fFCM3H9tUa0s_2QOtUp0qA72h-xagcbMAYk0erv1gYiBPREbHdIX0KgxoDF9noAKy7rQvEki8SmCQrVsHw_UxJnogWMdy5sG97U444vD4yODumvoVJAmF1AYNHk2AI3_GWOSUjFFlU35TnkjiNXxv8oX1sgmSFkAOaMtvPCT2f8gNe2ruVrirnYF9E5Y7ZVKW7a4XSleitQyR34KsiUuI6BQUBAMU_qAvzdtOGK38dZFEyETRE3Uevdi9A4BzJUbBVOb8VRZXShqBd2D3zw4ZAiasvY1GxBj06BG02lBN0Z9OxMGUhcbFGDS1EljdzBBeuw3tFxCuqVBwNDml6EGvIB4oCpLbIU1vAA8k84ghr45XTOYbIkQqIhDjKyf&sai=AMfl-YREudy5P7bPZ8lo1bA7KKdTgrUvcItpTmiAAuS4JbDSrZOB525x-ORlMHCew5VNtz1M_MVNUBVh-C3gsuE4_mLyIPBi10bbIng0CyPmG8XWEb3UoPACMSixv1ftZpszcIKLVT3sKeLDPsQ2P5_Coe4gA_ahimHZrA3HgkYAtd8V8CZM2jlwjmNR48OXOWHDMBmLNUOG5jz0YgImoAmbyM8d&sig=Cg0ArKJSzCnZIpiIrBzJEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=262&vt=11&dtpt=184&dett=3&cstd=77&cisv=r20220622.76285&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 9CC3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELy_tsSObEUs8JTJBGpLL6Q&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELy_tsSObEUs8JTJBGpLL6Q&google_cver=1&__user_check__=1&sync_id=65bf16ab-f386-11ec-b3e0-155da6fd0406

43 B
548 B

27ms
19ms

Image
image/gif

185.94.180.126

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELy_tsSObEUs8JTJBGpLL6Q&google_cver=1&__user_check__=1&sync_id=65bf16ab-f386-11ec-b3e0-155da6fd0406
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNWK8XD0Oi3lzRzaZOa59wNeroMt3Pqg7K3Jo0PR5OjVTDDzZnOgrm7UJaCat4DzNNMkQlLht2PVoy-xWDK1aLgNro80S3Lld61N_2AK3OrMA8dzt7It6qDf06BDk5zj20HbqH4KEimdaHwL8kN1kJOdJnT1A46wHs-wsbXvnaCO1xE6-Eo
Protocol: HTTP/1.1
Server: 185.94.180.126 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 24 Jun 2022 06:25:10 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 40
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Fri, 24 Jun 2022 06:25:09 GMT
Server: nginx
Location: /partner?adv_id=7025&uid=CAESELy_tsSObEUs8JTJBGpLL6Q&google_cver=1&__user_check__=1&sync_id=65bf16ab-f386-11ec-b3e0-155da6fd0406
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 91
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9CC3
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NjViZjE2NmYtZjM4Ni0xMWVjLWIzZTAtMTU1ZGE2ZmQwNDA2

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NjViZjE2NmYtZjM4Ni0xMWVjLWIzZTAtMTU1ZGE2ZmQwNDA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfwggIQh8Wh4QEYubfwwgEwAQ&v=APEucNWK8XD0Oi3lzRzaZOa59wNeroMt3Pqg7K3Jo0PR5OjVTDDzZnOgrm7UJaCat4DzNNMkQlLht2PVoy-xWDK1aLgNro80S3Lld61N_2AK3OrMA8dzt7It6qDf06BDk5zj20HbqH4KEimdaHwL8kN1kJOdJnT1A46wHs-wsbXvnaCO1xE6-Eo

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Jun 2022 06:25:10 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NjViZjE2NmYtZjM4Ni0xMWVjLWIzZTAtMTU1ZGE2ZmQwNDA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 80
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9CC3
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS02SWFzMzhGRTJ1SDg5YlViLlc3dlFQRjVEOVc2RnJaeH5B

170 B
188 B

30ms
16ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS02SWFzMzhGRTJ1SDg5YlViLlc3dlFQRjVEOVc2RnJaeH5B

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS02SWFzMzhGRTJ1SDg5YlViLlc3dlFQRjVEOVc2RnJaeH5B
date: Fri, 24 Jun 2022 06:25:09 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js Show response
pagead2.googlesyndication.com/bg/ Frame D99D 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 21:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 21:56:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B937 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 325841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 11:54:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E451 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61137
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 13:26:12 GMT
etag: 48472445140208031
expires: Fri, 24 Jun 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 DE_Consideration_Contradictions_Black_DIS_HTML5_300x250.html Show response
s0.2mdn.net/sadbundle/10281115190008352125/ Frame 1B27 9 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10281115190008352125/DE_Consideration_Contradictions_Black_DIS_HTML5_300x250.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f295d0c7923cbf2d41fc7202823928c3b24103f7e2c19f75e124a648b62f8b6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 143075
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3089
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Jun 2022 14:40:34 GMT
expires: Thu, 22 Jun 2023 14:40:34 GMT
last-modified: Sun, 20 Feb 2022 14:02:47 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B937 0
27 B 49ms
48ms Ping
image/gif 142.250.185.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssgx2zDezzKO6MgSQrVRf-GAIddcamlAa5Q3eGDXHeeQreN-kPXdJ43yJDgA91AtF7XJ13n8jXmfCw6oGXJNJ1KRzK96W2Be-9FaG5g0xjLtxL2wNMFaOZR3M74mkrXp9_YQmvp__8TFiDlFRfglN65wGHjO4nSRLiCiu2Z8BxWTbF1_9mljXGNvylsVXLXQFrNdOmJhIDt71615ySGPmJul9O-wRNIVb8yBwC_ZN3Z5xZhHIfCfA3IOD5dJ5mo8qpkILTZi2Ys2IiLFRQ6390VTgeYBC160wgxkAZeZYupbLZu93gk2JohyaVO1HGVST4Cp64fjoS4WwPoDvk9M_s43BK947Erv7L9YgAI0mhycvkk8w_GP7WOaOrkTQnzlQAWUL4rQs0HojH9KlRE2jPYd-hGx_n8BS3GyQwnAp-eS_KHhlDA8HETcjh0oOBzp82fjVPRB0YYPFULvXRRGTERQBGRh_VXZmk0z5EEyF9JrA5rS-av5_x8cOpvZaDHcErGPOGqtA8tqeCiCloGZ5Ia_o1LUed7ePLWGoEQrGzzM0lzbKdqBbfWMTi61Z5gQDE9NxnMRxr5WxfahP19SfnzZeIpucRZ-IgyjRQ1PAc_BzZjc3uxVCP51PZXh_qrYY3sr0tok7sIE3YXBh2Tny-S7AoeHr56JZQIXTzFsm_JzrLrWxtQNj1iY5yeNe0_Wc2-IIWn-WvXR8JdSma389XYdY3kNGi8ac3iPCZzlv3itkqS7GlYzCYWmXJAcjNqrfzijdpa2evZxYbAsBVyey0RhiGmBaV_kzvBr1GoJnCBEpnunFvQfX2SBQjYQs0CDV3ErFK1S1j1CBLWHSjkGM7hBaAggqw0nZ-ATDE8znQ2iIILautVWYk_gD2OvuAZUKiiBYdCfutwl1u9mGJ4cBdeaKYwVX-d09vkNIWO0tWG9KVSgGHwfZDBUHVi4alV_u_V_uz6Lcimr9U30Ua5if-vgjWNyhNkT7s99hSpoo0O4fTuiMyzmr-9CIEl_BS9pDzT1kFo9pVS90hS_WuxwN_d6yMTE1ZxHKb29S_IMbKhJ-EPZa43-RJ-8y2NFM72grjwkoaF-ly5HuxvQgGJg0nO31nEgdd9hp7FG3jCGQatzir42Qy6fUDtB0mBNonKmT97zUfztGvlLgyITO7JbOWK4eqNvIs2jSf0PT4rc_JCQt1x6Qt81ELRzz4YyKpnwEl3DpI&sai=AMfl-YROMnQYHqH-D02Q0zETi41OVk2zKuLK9ZCOtCZsWDkFD4xbzy5znbM9j82PVJo1lV70W8hDsdIGRCf9XXI05jpUDcPCGuFUbVLyL2zkygdzvKYcBusYEiDvsYMqOHvKJmWPkR8wpjVHA0Ny0ergU7emICPzokpb-2ri9ZE5Lucqf3D-dWvH0uEDAjYoNQo5OioSWk5So6aEgunRwffwA0tU&sig=Cg0ArKJSzCpo5vXavMBIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=115&cbvp=1&cstd=113&cisv=r20220622.45202&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Fri, 24 Jun 2022 06:25:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame B937 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efacd0600035f059df3b98bce6d6c9dd250a86fd0c15ff57e7ee6665380dc580

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4236 22 KB
8 KB 16ms
10ms Document
text/html 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 316040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 14:37:50 GMT
expires: Tue, 20 Jun 2023 14:37:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/10281115190008352125/ Frame 1B27 3 KB
592 B 22ms
8ms Stylesheet
text/css 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10281115190008352125/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10281115190008352125/DE_Consideration_Contradictions_Black_DIS_HTML5_300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

dbb1b5e8aa9320c80bca6dc229254a504996781219fcfdfea7265424310df352

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10281115190008352125/DE_Consideration_Contradictions_Black_DIS_HTML5_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:40:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143076
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 563
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:02:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:40:34 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1B27 60 KB
24 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10281115190008352125/DE_Consideration_Contradictions_Black_DIS_HTML5_300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10281115190008352125/DE_Consideration_Contradictions_Black_DIS_HTML5_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Jun 2022 06:25:10 GMT

GET
H3 200 animation.js Show response
s0.2mdn.net/sadbundle/10281115190008352125/ Frame 1B27 2 KB
621 B 22ms
9ms Script
application/x-javascript 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10281115190008352125/animation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10281115190008352125/DE_Consideration_Contradictions_Black_DIS_HTML5_300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a7232fcb8bdad8b055aef4fc67a7a4503bad76f43790f76f5530c97d690bd951

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10281115190008352125/DE_Consideration_Contradictions_Black_DIS_HTML5_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:40:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143076
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 591
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:02:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:40:34 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame E451
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1&google_push=ARnp8GAB3GmnqBXOTFuJiUfQenGNxhWi9PtWF2DJ55V1weNz9kZVja6sFz7aRb3NItr4bsM_XxIIGWQPidWOOMXNKz29s05SAFv-
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDM3NzU4MTkwMDI5MTkxNjQyOQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1

43 B
398 B

14ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193
Protocol: H2
Server: 2001:678:cb4:bbbb::11 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:09 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEI7FpGlDsAK55bUltJvjdeA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E451
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEO0sr3Y-ZOlmOf8wxrPv-gI&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEO0sr3Y-ZOlmOf8wxrPv-gI&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WnRIUGlwSDMxTzRDS0c1&google_gid=CAESEO0sr3Y-ZOlmOf8wxrPv-gI&google_cver=1&google_push=ARnp8GCNFnDFkdUmPcbugXK8deUj22K7D_iqcEdgEPih9W7...

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WnRIUGlwSDMxTzRDS0c1&google_gid=CAESEO0sr3Y-ZOlmOf8wxrPv-gI&google_cver=1&google_push=ARnp8GCNFnDFkdUmPcbugXK8deUj22K7D_iqcEdgEPih9W7t03_fp2VM3mKYCP6FCbTMgwRIH8yWgXJw498VsuYs_0uGHGkMOgSF

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 24 Jun 2022 06:25:09 GMT
Server: PingMatch/658332f#658332fc5aaa95d8a9be88d89d84d3c319923363 i-0aa046f85b99a54d2@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WnRIUGlwSDMxTzRDS0c1&google_gid=CAESEO0sr3Y-ZOlmOf8wxrPv-gI&google_cver=1&google_push=ARnp8GCNFnDFkdUmPcbugXK8deUj22K7D_iqcEdgEPih9W7t03_fp2VM3mKYCP6FCbTMgwRIH8yWgXJw498VsuYs_0uGHGkMOgSF
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E451
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEOKfLaDSXyAMnHTzLPvDqbI&google_cver=1&google_push=ARnp8GBMpur7gE3OLPq8dGgPzlOEJEKo2cLKq0bzl2gJkTDnUkYvSX0gVbaAEq1usHEUfpo3qRGJgAHMIBpgJ9r6...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ARnp8GBMpur7gE3OLPq8dGgPzlOEJEKo2cLKq0bzl2gJkTDnUkYvSX0gVbaAEq1usHEUfpo3qRGJgAHMIBpgJ9r6dA3tiSfbiai5

170 B
188 B

16ms
16ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ARnp8GBMpur7gE3OLPq8dGgPzlOEJEKo2cLKq0bzl2gJkTDnUkYvSX0gVbaAEq1usHEUfpo3qRGJgAHMIBpgJ9r6dA3tiSfbiai5

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Jun 2022 06:25:10 GMT
Server: MT3 4475 c1dc35a master zrh-pixel-x27 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ARnp8GBMpur7gE3OLPq8dGgPzlOEJEKo2cLKq0bzl2gJkTDnUkYvSX0gVbaAEq1usHEUfpo3qRGJgAHMIBpgJ9r6dA3tiSfbiai5
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 24 Jun 2022 06:25:09 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame E451 70 B
264 B 40ms
35ms Image
image/gif 3.33.220.150

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESED9dpxxo9fe8Krx0lq-MecQ&google_cver=1&google_push=ARnp8GC-_wxOWb_LcZLnuA5Ht3KA0fle5aUdepYp36qs5mcrgRu3BqiA02jEgZBEPDK0QqtdECWAm-0YWIDLnbDQ9MmgJtrGnyA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E451
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMQViUHQRyUb-1zPejJ4Ozk&google_cver=1&google_push=ARnp8GDIAQrBR0IcGiJjGp-14-Zq_olAc0cVFTR24WyMFf9YcL7hwrZxL6VTtKEIk8FRDy5XZYIVbmgX-0NMMEripsv_...
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle
https://x.bidswitch.net/sync?dsp_id=59&user_id=38b9fd37-c4af-4593-af63-a5cfa5113710&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GDIAQrBR0IcGiJjGp-14-Zq_olAc0cVFTR24WyMFf9YcL7hwrZxL6VTtKEIk8FRDy5XZYIVbmgX-0NMMEripsv_ZHl8yVjR&google_hm=87gpYmUqTQWDWPMrq4hsHQ==

170 B
188 B

44ms
43ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GDIAQrBR0IcGiJjGp-14-Zq_olAc0cVFTR24WyMFf9YcL7hwrZxL6VTtKEIk8FRDy5XZYIVbmgX-0NMMEripsv_ZHl8yVjR&google_hm=87gpYmUqTQWDWPMrq4hsHQ==

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GDIAQrBR0IcGiJjGp-14-Zq_olAc0cVFTR24WyMFf9YcL7hwrZxL6VTtKEIk8FRDy5XZYIVbmgX-0NMMEripsv_ZHl8yVjR&google_hm=87gpYmUqTQWDWPMrq4hsHQ==
Date: Fri, 24 Jun 2022 06:25:10 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E451
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=82rAfP1qQbCbBAPh9mxcIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=82rAfP1qQbCbBAPh9mxcIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDs25DcnO1zBMJ0YaB48djhYNFSbLKtWNTR4RxxfzZiYItaIxG_qgTlqQZYzDAhyYx3GuP6wEUrexoMpXR8RCj4xcpUAL2R

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=82rAfP1qQbCbBAPh9mxcIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDs25DcnO1zBMJ0YaB48djhYNFSbLKtWNTR4RxxfzZiYItaIxG_qgTlqQZYzDAhyYx3GuP6wEUrexoMpXR8RCj4xcpUAL2R
date: Fri, 24 Jun 2022 06:25:09 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E451
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKbHBOq0kVjOumxvgDHoYMU&google_cver=1&google_push=ARnp8GAy21h2OuOz5RD0-9PO-43eTw6cU9-E0XmBR3XZr1Ayx4WOvgSM7MBCVhbbrD26RxoBCML...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRTMkpSVUQtMUYtNkE2Sg==&google_push=ARnp8GAy21h2OuOz5RD0-9PO-43eTw6cU9-E0XmBR3XZr1Ayx4WOvgSM7MBCVhbbrD26RxoBCMLZ3gxyEsZfTM6cq477VL7GxZ1j

170 B
188 B

22ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRTMkpSVUQtMUYtNkE2Sg==&google_push=ARnp8GAy21h2OuOz5RD0-9PO-43eTw6cU9-E0XmBR3XZr1Ayx4WOvgSM7MBCVhbbrD26RxoBCMLZ3gxyEsZfTM6cq477VL7GxZ1j

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRTMkpSVUQtMUYtNkE2Sg==&google_push=ARnp8GAy21h2OuOz5RD0-9PO-43eTw6cU9-E0XmBR3XZr1Ayx4WOvgSM7MBCVhbbrD26RxoBCMLZ3gxyEsZfTM6cq477VL7GxZ1j
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E451 0
12 B 20ms
17ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KafwaJzagG_joOMp9C2qRmxkomNQMxEex2feuMALAV7IZ-KQbX3HiaBZEVKf5IbOIwx2-t

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13803&adk=3215738614&adf=2645242783&pi=t.ma~as.2784%2F13803&w=300&url=https%3A%2F%2Freurl.cc%2Fmain%2Ftw&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656051909268&bpp=14&bdt=1284&idt=172&shv=r20220622&mjsv=m202206160101&ptt=5&saldr=sa&cookie=ID%3Df2a0567f0c9e7cbc-222c0278b9cd0020%3AT%3D1656051904%3ART%3D1656051904%3AS%3DALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ&correlator=826074966906&frm=23&ife=1&pv=1&ga_vid=930484195.1656051904&ga_sid=1656051909&ga_hid=1945072695&ga_fc=1&nhd=5&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=935&ady=320&biw=1600&bih=1200&isw=300&ish=250&ifk=1943945536&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31068030%2C31068166%2C31065825&oid=2&pvsid=620282234195420&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t0n473b82whd&fsb=1&dtd=193

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:10 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3A35 14 KB
11 KB 27ms
27ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220622&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1881f2c894343bf7d1fa4b6e0bab56b4853b57ee4756212087f869d36c8fd3d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10823
x-xss-protection: 0

GET
H3 200 copy1.svg
s0.2mdn.net/sadbundle/10281115190008352125/img/ Frame 1B27 3 KB
1 KB 9ms
9ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10281115190008352125/img/copy1.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10281115190008352125/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

26264b568ab4d0f2ff06e992efae6d5b552fa3bb73e7aff2c51a23b1248b08b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10281115190008352125/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:40:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143076
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1419
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:02:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:40:34 GMT

GET
H3 200 copy2.svg
s0.2mdn.net/sadbundle/10281115190008352125/img/ Frame 1B27 2 KB
923 B 12ms
11ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10281115190008352125/img/copy2.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10281115190008352125/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e98f575bfb9e8dff113ccf44e7cacddc5430bcee1893b55494a76c6ce886bf68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10281115190008352125/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:40:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143076
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 888
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:02:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:40:34 GMT

GET
H3 200 copy3.svg
s0.2mdn.net/sadbundle/10281115190008352125/img/ Frame 1B27 5 KB
2 KB 10ms
10ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10281115190008352125/img/copy3.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10281115190008352125/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4690143c65caa910be20d73442a56a50f7790df89fede0778f9379624b1427fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10281115190008352125/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:40:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143076
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1855
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:02:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:40:34 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/10281115190008352125/img/ Frame 1B27 7 KB
3 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:82a::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10281115190008352125/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10281115190008352125/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4d7160a9e766f96fda70ba20aee88984959f3884070adb286ee3cc6742f3a2fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10281115190008352125/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:40:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143076
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2983
x-xss-protection: 0
last-modified: Sun, 20 Feb 2022 14:02:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 14:40:34 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3A35 17 KB
6 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 06:25:10 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5B95 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?OzQc0w
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B937 0
26 B 44ms
43ms Ping
image/gif 142.250.185.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssgx2zDezzKO6MgSQrVRf-GAIddcamlAa5Q3eGDXHeeQreN-kPXdJ43yJDgA91AtF7XJ13n8jXmfCw6oGXJNJ1KRzK96W2Be-9FaG5g0xjLtxL2wNMFaOZR3M74mkrXp9_YQmvp__8TFiDlFRfglN65wGHjO4nSRLiCiu2Z8BxWTbF1_9mljXGNvylsVXLXQFrNdOmJhIDt71615ySGPmJul9O-wRNIVb8yBwC_ZN3Z5xZhHIfCfA3IOD5dJ5mo8qpkILTZi2Ys2IiLFRQ6390VTgeYBC160wgxkAZeZYupbLZu93gk2JohyaVO1HGVST4Cp64fjoS4WwPoDvk9M_s43BK947Erv7L9YgAI0mhycvkk8w_GP7WOaOrkTQnzlQAWUL4rQs0HojH9KlRE2jPYd-hGx_n8BS3GyQwnAp-eS_KHhlDA8HETcjh0oOBzp82fjVPRB0YYPFULvXRRGTERQBGRh_VXZmk0z5EEyF9JrA5rS-av5_x8cOpvZaDHcErGPOGqtA8tqeCiCloGZ5Ia_o1LUed7ePLWGoEQrGzzM0lzbKdqBbfWMTi61Z5gQDE9NxnMRxr5WxfahP19SfnzZeIpucRZ-IgyjRQ1PAc_BzZjc3uxVCP51PZXh_qrYY3sr0tok7sIE3YXBh2Tny-S7AoeHr56JZQIXTzFsm_JzrLrWxtQNj1iY5yeNe0_Wc2-IIWn-WvXR8JdSma389XYdY3kNGi8ac3iPCZzlv3itkqS7GlYzCYWmXJAcjNqrfzijdpa2evZxYbAsBVyey0RhiGmBaV_kzvBr1GoJnCBEpnunFvQfX2SBQjYQs0CDV3ErFK1S1j1CBLWHSjkGM7hBaAggqw0nZ-ATDE8znQ2iIILautVWYk_gD2OvuAZUKiiBYdCfutwl1u9mGJ4cBdeaKYwVX-d09vkNIWO0tWG9KVSgGHwfZDBUHVi4alV_u_V_uz6Lcimr9U30Ua5if-vgjWNyhNkT7s99hSpoo0O4fTuiMyzmr-9CIEl_BS9pDzT1kFo9pVS90hS_WuxwN_d6yMTE1ZxHKb29S_IMbKhJ-EPZa43-RJ-8y2NFM72grjwkoaF-ly5HuxvQgGJg0nO31nEgdd9hp7FG3jCGQatzir42Qy6fUDtB0mBNonKmT97zUfztGvlLgyITO7JbOWK4eqNvIs2jSf0PT4rc_JCQt1x6Qt81ELRzz4YyKpnwEl3DpI&sai=AMfl-YROMnQYHqH-D02Q0zETi41OVk2zKuLK9ZCOtCZsWDkFD4xbzy5znbM9j82PVJo1lV70W8hDsdIGRCf9XXI05jpUDcPCGuFUbVLyL2zkygdzvKYcBusYEiDvsYMqOHvKJmWPkR8wpjVHA0Ny0ergU7emICPzokpb-2ri9ZE5Lucqf3D-dWvH0uEDAjYoNQo5OioSWk5So6aEgunRwffwA0tU&sig=Cg0ArKJSzCpo5vXavMBIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=308&vt=11&dtpt=193&dett=3&cstd=113&cisv=r20220622.45202&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0120 14 KB
10 KB 21ms
21ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220622&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05d5543ac8a9a947453868162c7a1e04507a690f0694c65db9318c50832b83c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 24 Jun 2022 06:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10645
x-xss-protection: 0

GET
H3 200 lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js Show response
pagead2.googlesyndication.com/bg/ Frame 4236 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 21:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 21:56:32 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0120 17 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 06:25:10 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 85DC 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5882
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 04:47:08 GMT
expires: Sat, 24 Jun 2023 04:47:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5889 783 B
536 B 17ms
17ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

61d1ab40f2210d2d2a3f0e1d46fe47dbf5a92121eca40cdb2bbd42db22b77ca8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fkYD3V3POfJRTcPgbK0XZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-fkYD3V3POfJRTcPgbK0XZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:10 GMT
expires: Fri, 24 Jun 2022 06:25:10 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1687 0
0 52ms
51ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022062101&jk=4122407779203402&bg=!hoWlhcHNAAZlcKWdRXA7ACkAdvg8Wrxcus5pplLGANxBjrOLDFVT0Gzt5sp6kanqyVWPoGJdHmgyoQIAAAF8UgAAAAFoAQeZAwfi614joV-nAcKoHLBDbM8FlWH8A4SPsl3wfU0hq0NeA5u69F2yCkmN8beD9hoFDjMHO2lq6awSvhaFmoPUcpylD5ygbVm3XXKq173hPorjZjTwCvD8TfKH4yRo8kNtpLEZEdTsRoJjDu-s8vVkyXC7KN1zuEb54k4sDkXeKWnjBYlpzKe1fMEJ5Gz0kgutX4uN76kXp-uicr_gpgYXKzzkiaueDGp3JRXhIaAJMmsjIfsIliYayqLXH1FEwE6P-Wn_8CiWU9Nv_7935Bw03I0cpcfcDDcYczOA-DXv0O83MqVbfv66DY4PYN5I7r7Q0IANs5-6Ub24nHwqDiCSYhS_X6y-5LoWtjTf93wfqAMKqqhzxno29TmS5pp0qLRe0EmpQghlU4e2BEvMgOWPibcJhhZiRlvshlYH-G0jMdKTPLfF-vvjl5-ubL5EEADXtzxgnXuwEFEUmolJdX8wIN60kYw2qSs8k5dXpUWI-aAk_t1T_xH2l-EDDVb6Vzz4OVHrlkGum88PeZR5XFz0tGN_G-ZHI7qVl-N0OBCIiO5rsmIgScDnVjsR66FFWf8bsv1vdnXvdN0NGBPMKoebJq48UOmnH8aWTPecNaocjzHk7u5M6WmMvj-aekvkiHdqDkfPsVFTTnmZJ3yxrDVhQDIW-1NezH6OqlFGY_jbchkPvrPcykxH6ILH4rRSHzs8xDv75i03k2h_J24-EdvxHbAFJ_I1Y5NzYBhDNyGBPk1eJIKCYVzNvx1i4be1jfU7m0XfQNX9wSG5MQlPLJAklg9JJa5gZDlnMS8T7U6O3CAy3uUkxGzwylo5Mns2Zn0mJPbYNEY133vkOT_cH7UdOXuE9i3n5la_cT0-Auug6WWplrf3E-DCAT8365hPtjh7MLA19eSAVPvnx-hrGEdVOkaBmy25NXfH1sdpYqjIqej7c9y4ChSWscPbco95KpQinX1o3AdoPbRWlpAX96JHilQVsXtEE2yLJptEy8ZyXH29fEJdIk4vIa7NHpvMqc-9qm49FAmexA-d
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 88FA 0
0 46ms
46ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022061601&jk=4071998024587669&bg=!6eql6q7NAAZlcKWdRXA7ACkAdvg8WnQKTmLUYioS8cwE7uFknFVNDHVzdIikJwb4dHHSPRvFjsIDsgIAAAGSUgAAAAFoAQeZAwCnQ6S5IDMIkxV1-gz_pxfHf8--Bqccv2VgedMdN3BzJi0K4QxJFp57Lg0lgngr4vIBhwxuO53hMlR9ZS4yIA979fYhPM5XubKiqsi2yFHqny77UpqNax05JCEsb26ugZJNoMWj2mXWru-OOXFkoD23pI1MSfrNMcrZxQ9GDdQUV5GNvy5T4WF8Hd1HKuYDt6YSD_mF9XO12dBycp-Nb_GvO12sqcN_hpFLOQjDf0gacet_d5fWQAOGHqpHKdLXmeG1AMaS3-bP3nvirOPBPeaZdt3NaIHxRECrKbkwlinf1PxRRnlXiF4bP_Q3hKgf1Av-66dyHxLsowWagBQaEeRcN153GCJ20rQE5HUkHChJI6r5LluP1v9ejwFu66fPVoxhXMcX1eV2Zi9vOU1GtQctqri1qxOTux27HZhjkLyfWMINiwbhqw44zsy9Ps_YhZKPK1R-FRy3Eqr77kKJOtT869OskbQm6vOnlr3HXiJ4hp55mDLOdXrskzJZzoKHIdZ4ZrkrRtGEMiQHE0Nk3uPAsW8KxdeEZ62KvmStbliDni4Pyee242On9AEU2ILFFDgddgPQhwS9VtoAGgSlsKhgOVfGOJID1KRyJi4yn2C_Hkhlj37hMLyff4vpzM5hJRBG8mNq_fyp8zKEwTh9Fu-GlonqtxfU0jkjEjRLQtQ9KCx4xwUkPLaqeffEbQQCj1-hF8u5bDvEgpCIBK_QGkjAH03AMVNzX7LSJzOQqoRmbSXHyIQH7OKOFoA8IsYaSzkD921yNGNdWBxX12qD1n8lZdh1KThS2bes06XbLcatNo8W2OPn3cFmBMKHG7CdED0k7d4KymH5YxcbsvPkSSMIWC_Q8qlqFcfL46OWbyeK9-G6RNTPD2unTXfXSRFV8T2Dsu9PqcqpGB17iS4DYOdtAiza-wn2ElDN8f97ipvEJT7woNq0rS6gJOyGXQHf0cmHpFggfBJTj14qwXTD-Bx7nmkzW0Hu4Z44bVFP9rK0nE_x3oKJh7H1OkMdf-cBoX8
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D99D 0
22 B 43ms
43ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BCEa0xVi1YtijGcTV3wO-pKXQDgAAAAA4AeAEAg&bg=!cHOlczfNAAZlcKWdRXA7ACkAdvg8Wmqnjjdu-wXkDCFTaDEksK-X3qoqCnAH-dWcQ1xJzJSvAXVyYwIAAAD7UgAAAAFoAQeZAx1w4b2BkfLdU_jJp5FNzgThv5t-QIkFDbtZ7uYXM5bo0JOW4jpQIDllo8Fsh80bJMHTQ20hgmdcyZbd740j5zu-u0YfqitzhQ8fGya7wPyVTlWYhOYipejGo1hlZeIAqkjmbqYEOeqJpS3Zlz-mzL9BbLHDWOOkkBsJu5fQu186gxc6A5ck5zvKMUFKBZID8WJf4GYosVTAzapdzocGiwpHkb_YHD0MkP9mn23N5PHnvDBGlZ0cmmaeXHAQvsDdhHgvBmawT1AHmUg8mloJUrgrBQqcyZPUtbb-rrlP50ZxUOGDEt-9R6xaqtth9LE4-KLkcu0ri6RP7Zt23Ma5r2-M8tL70ZS6aTBfJZM2HKrYUynePZxidRimZ8XNqWjZXpzN4GiM7Tm_5ZmCkfipaeGNjiQBbyggD0Vs0N82GDaRj_7Zb610YrY21qsig4XG_nXKpTHKwC1x4_I9vvkZAqmaZN2MYpaN2KiTyb0m7YLF97sx90ByGqDGsL3M6t53-3Kas9P8u_uswu-rhvVpLx1ADrG0EZjUT9vZVOMtXglA_601IsXGIOnoceiICBeMsHHoumFH5zq9ctCTyVaTJQJ2L6PeAgx-8nwXMcp69Wmy5_PY15OwjI-WSBQvab1OCR4YO1uz4GpnMjmzl9f4OKt6LHiJ9uTrnvBSMjnoF1dzaWPuXYHuZEiAK4ctB74_Yh478coITgNCqOwrvlc6Wo6RqmXPAh2s_Ry_vRyVRWIo4gkMtnkWrvkVEboGkyvmtwfLLtny2gJ1cNadK4oVrCNkvuFQddtV9868d7xfQHKBtKdpEz6oa4YT5d24LtYeOOac7B3LNxo7luxRJO66EVjXKm7lQisUPcmxf871r-mKSONs1QKhNjeaeps-T4SzE_SwweksIFL4TJ1T7Sh23174OQEaqmu43nGquhHgTYe0cQH4egpK0CuH8yzz5qOvm7Csr2yJVgazzNS3NXCfnluy02X_h1yrHf3j6N6h6sljeauzXUClQ3nMGL_v0rnAffYO4ZfoWOG309QZSSVQUY4IYODgUDmUgqdUvGj6-A

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1D4F 42 B
64 B 48ms
47ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstG_udLMty5APVnJcXf5NpYTbQhckLVoE6Q5_tK-oJUDoT0inj_1Yx_Uj0vrMTw7LTgWzHUmYBdn3MGiBSVn7irb6PHPrTQndEsHcVNei6RWrD7DrfGUOsh7hwoLZ7esLknF1SwQg&sai=AMfl-YSP71717zFLzxsHRDJbALka8t8OfGWqL1z62leIn5Tg64edxqqjcPDawdJq_JgWHbzq9jJ6kcBUi4_Asw896MpvOLZfb8uF2rGAQpONAFNh_rZV4SBlJQEEZJfS&sig=Cg0ArKJSzCGhxnj9hh7NEAE&cid=CAASJeRoqfLrHxPsIA4h6x8fgs6MFxJXPlriukbRs4_yz_M0rs-51qE&id=lidar2&mcvt=1017&p=0,0,250,970&mtos=1017,1017,1017,1017,1017&tos=1017,0,0,0,0&v=20220622&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2922729533&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1656051908462&rpt=719&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7519 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5882
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 04:47:08 GMT
expires: Sat, 24 Jun 2023 04:47:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1B46 783 B
533 B 17ms
16ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f8612be9d6d333fae7f6730a085630e6170f2d0efea301fb86f117b5504d0c8c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zRipGw8Myh0kDEmEaIiIdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-zRipGw8Myh0kDEmEaIiIdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 06:25:10 GMT
expires: Fri, 24 Jun 2022 06:25:10 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5889 0
0 47ms
46ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220622&jk=2994487905228750&rc=
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js Show response
pagead2.googlesyndication.com/bg/ Frame 85DC 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 21:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 21:56:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3B2C 0
0 51ms
51ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022062201&jk=2430586817231220&bg=!GxilGFzNAAZlcKWdRXA7ACkAdvg8Wpybou57mBUqnUjUVE-M4Ayb27mfGrZTUzhzS0AgTgWFkooH-gIAAAGrUgAAAAFoAQeZAvCmh4JunMRuK0GyuvQb6tnoF604JNcXW5FUvxVHhR890KsdTWBJEgqEyiu33Uj44Rx7Qm_6_a2jughzkQ_Pskzz1kSxCNm1gwJvak94biUJhZ31qMP4Em2fdLTFSozhHib1y4O8ex39J3PzIZ1xpapKU64LOBvJgLudRGse9iIBjbylP_iiz5L4bi4NwxvAhTUsOxyEiTviWBcva-Fngeo6aZ_4WH2STPy_41NPhcijc4Mee-ZJ2SDSAuhwptl2kxlafcxEBtT2hydDBCQxFWJ1l8aonby9iUgnelgOfw0UbLqzBpO9aGdiSwyhQfNzmMJsVeAdiHDpDl1jZ3KWDqo_oOnHcP4bw2qlDCirZhEdcr3jA3DoK2AGAhv1K_mn_mXfJOyd4r61rLyab57QbgtMquzqpmyZ-9LCJYTbS5575bVg1XVhuMKeGIumVespjPIBZudfC-PQR_Y5rkMfEWe-3lRgilmK3OUpO3-PDFyAvKX37PJqKJJ1DgQUaCV28RC93y2DcXwy17ofx0x65idwBQURvfEPu5myL-rHl_aV3MayTMr0cMzMRdrXpHCYZMlPWrNfkaZ4z15U40qEfurpYXxk-f47Lfv3XiL8Tw46Ds03Yt08xqCJhrRHqnZ-7Ppd-x0wLDM1pfyT81mS-eC_4PJd3TLrwZ13ipnXbN9xP0IMywqZek8tEYJo5WpDBh0LBHac0-n1KoyezgQbjaNhdHPjij_84o7dO3_CZybMKNsk8SnQBjb63EekVP4YlvUC0UCSmpwrzvkuHXJUTAqzDvBMm16D42BdCWtRjJMHdPeeSncvtFRqY1CQ8aDGhUJjC8uFIQzIwmBIcOf0esoj9_eIPa4EXpf7IuidoN3Xyrd0Yw03mVT-4NnljsggdiBNZkH2TQC2fyslvTk7YXXr4loN3f2C5pEtLjWiDc28SDjSzlbX6EsQyTxDQykn-QWv2Gan1O13bi1Xpn6E0Xp1nFpZE6BdsqGFCAnDRIB9ng
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js Show response
pagead2.googlesyndication.com/bg/ Frame 7519 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lyGYsCueE8yR8XoODOo68FbDrX_I63nUiBydxCfKiqk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 21:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 21:56:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1B46 0
0 71ms
71ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220622&jk=620282234195420&rc=
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4236 0
22 B 43ms
43ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BhmnLxVi1YsmbLombx_APt8CCwA8AAAAAOAHgBAI&bg=!V1SlVBDNAAZlcKWdRXA7ACkAdvg8WnDWRGA2TguDVagW6s8zAuAEu759CuVQl8SvUmjyjvDreLHKRQIAAADSUgAAAAFoAQeZAxR58dYn4jTnamL70VdwkhsjIH40TjJA3iMy4bMt5DuLzKDeOX3V47_XW2RYLZyZrArHsmDkJBEH5127Cr528-8lnxI29gBh6kdDscQx2LHoe1Z5vn1FOvyHHEGUjhhpIbtIkumvitUdOB4Ijfwy8-sruOuVVcMpN9h56Fw2ohKSVArcVFHUJfLZHQRDBBEF0zVtU1uNZCVrMV3vn9M-JDQ6MsA-7vWfDOFmQPiSyC7RCj6KKXNLAvLFR6OqQvx1hyZr2I4c5FR1AQTEVGz6jSO3-0s_Pp4bBGEPXkmaiH3E2Q2ZhOP_Eja0gQN8pq1RexmCz8GVyjVcU5vcXExxJjf0JQZKd1hVySqjWMvP6xkqQYZnLvfEzjJFCorAscV8qXV122xqWt066oz1zoAlNOt5LmvycWnAqfc7A3sIFP6amdyvrode9ompCygPUbIGk9zj-xTnWfxC7BHIu82pNJ_zv2UACg_7BgjM0zG-OLaCGCjFGmKqU33M_bvGGpd0MAQ3xg5dJBYhgOvmd-NmkSL836qmpMJWpyyBGYNJjWdqxvmA_fu-74iUzlEQ5Qm8zhBBDa-vhsQL_RhwG9Zmc63aXEGZnuIpY3o3-tW6aj4dMuFFroKYbhSwOYLQugBeQKDpQ8rup2VNT4jIgybYQv5V8MAWrEvPCHjcZjAyP8wornXmHfAnj7xaFtjasg-6ZG0tj6VLrXRjkpu5e37eY9ENEx3cya2FA4qf4Mbxwl9OtoPwWJrQN6yPs7TfoF8HRV5Qku4WQpRFNasUmXPcDgky5sCSJTcYrFnGZTrGzKp-DHTqKO2HwWu-ysN_qUQ8NbVVR4_JRAqhXPB9zrqY7k7u9xk6KnYKebWv2EjXYkSTDYLXPMGrss7WJGTkhCXUfV9_gBzmZGyqVq6aukRc5zPkMRoCKc_5EghfkAAxHHbJKXRBGF8JlLyLh81x6EP0iR4WGtmmv-T83a7YJCkGvBKmQ1qQmMapM7M3pZDCktOMbZC__w072zYJ-vBDI2j2QNWcOQSQzGqRS6xHwA8u_cOf7r--lQ

Requested by

Host: reurl.cc
URL: https://reurl.cc/main/tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Jun 2022 06:25:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 85DC 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?4PORMQ
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7519 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:812::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?NyAdWg
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 06:25:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BA09 0
0 52ms
50ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220622&jk=825385243156423&bg=!W1ilWBzNAAZlcKWdRXA7ACkAdvg8Wk_FUAfvxp_SFuLGkWOGHlYaz3uvWyxiCxAWrApjVifLotYR3wIAAAEzUgAAAAhoAQeZAuyLKT98icSCAiJEgOMa017EqbOo3BgzRsVn9bA1jvcg7InWp7TYSqOYL83_sboYIAXaIhGshosniaNprK7zDfXmxbxd8Fdh5Bey5TsnfpBzkC_0XhLqAI_TRHVvft3Em3O_1Uouk4ayEQ2c3Qhdb8ZQ5eght6GomO2aOGXM2Y8YPXscpTPuwp4GS54hg1QxsAONHEZy_bIi4j3birW4V7awAqPXL5MakqbC4Tg8SS3G4RgORJ2gl1kAGKRAlc3sX7x8brEIpE_7tUY4WbEpxKthzbv_xmUiQ1VXaT2Te8NIKxxzJqLpo9gpF1R4LhA1FDUUvDmWuvP4o1Gzo2RFGgc-fN7vmNB6xunAtsRv-tDUPJwX6Yc55ZZI51KLvwBX6BIkHUeg35smMi7_jWlnIsmHxtW4ujorfdBHgOPywhtEUjHtWMYDFDi4_BiUHEE973cXEofCTa4Ej6c-6jvBf-demCxzIto476HfHIoeyi372mcFvHk0qeD0318IapJc27d3BbDxYekSH46J47lWDJZX3OSNRb7lOS1CBdafA3CCLPeJGQ8NyNXiJplMjtMV9r8Lh5Sd_FdxJE3J92QnE2iBGFt1aNpNYqqEnEcbYskubFBdAJQ0HHBTSgO8NJvmCPOtzMhYCWke2EJzgMS4rd4KrnmWLFuz9MXU89f0QHiWl5npVUYiqlIc_UZ2sQo0Qhbl7HwQvj9811TazXXdEd05bQbS2z7sS6NgZpH-LH6YCcenByHSLhjKCKBb2oSID8djzAVH0mkMjMBpuIcwnFmavK8tIAu14IhZqg4PQZ7T1_zW_QAKyXbw30V1NDqVheSUOWn1gK8RunTmFmQqRG-H4jMWxoHGBcFxS2JrrW66Yns0_wngrERHTKiLl6EtCxtT64i_nwQ1mfKnStllhd3hE-xMEww8-8tTrhRfRKStVNzO_G9YukZ9LW6MNPmVByNZng9FgdX2fKAL16mJScPZrKze8n_5ufmOLjyj
Requested by: Host: reurl.cc
URL: https://reurl.cc/main/tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fcm.holmesmind.com
URL: https://fcm.holmesmind.com/cm.php

Domain: fcm.holmesmind.com
URL: https://fcm.holmesmind.com/cm.php

Domain: fcm.holmesmind.com
URL: https://fcm.holmesmind.com/cm.php

Domain: fcm.holmesmind.com
URL: https://fcm.holmesmind.com/cm.php

Domain: fcm.holmesmind.com
URL: https://fcm.holmesmind.com/cm.php

Verdicts & Comments Add Verdict or Comment

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
reurl.cc/	1970-01-20 12:46:27	Name: clientIdV2 Value: cffba54ebbd5e8cf93ab7eac0b209e61ff3bae9c6af822259d57212d533b0e8dc24c723e822916e0408d7960237a05b7cb53ffef00d0dd2f64fb826ac1c15c26d74dc1cf3f6278578a704871
reurl.cc/	1970-01-20 12:46:27	Name: clientId Value: cffba54ebbd5e8cf93ab7eac0b209e61ff3bae9c6af822259d57212d533b0e8dc24c723e822916e0408d7960237a05b7cb53ffef00d0dd2f64fb826ac1c15c26d74dc1cf3f6278578a704871
reurl.cc/	1970-01-20 12:46:27	Name: lang Value: tw
.reurl.cc/	1970-01-20 21:32:03	Name: _ga Value: GA1.2.930484195.1656051904
.reurl.cc/	1970-01-20 04:02:18	Name: _gid Value: GA1.2.782214523.1656051904
.reurl.cc/	1970-01-20 04:00:51	Name: _gat Value: 1
.reurl.cc/	1970-01-20 13:22:27	Name: __gads Value: ID=f2a0567f0c9e7cbc-222c0278b9cd0020:T=1656051904:RT=1656051904:S=ALNI_MaVPWOpfeOb1dwG7iJilOvDB6ceYQ
.holmesmind.com/	1970-01-20 04:21:59	Name: Vision Value: 20220624-23:59,20220624-17,20220624-17,20220624-23:59
.holmesmind.com/	1970-01-20 04:21:59	Name: C Value: null
.holmesmind.com/	1970-01-20 06:25:49	Name: RK Value: null
.holmesmind.com/	1970-01-23 19:37:49	Name: P Value: 431921-qZviULCqu8VWkJ2IDZTFeObbxbeIFnM6
.mookie1.com/	1970-01-20 13:29:39	Name: id Value: 10530893673489863187
.mookie1.com/	1970-01-20 13:29:39	Name: mdata Value: 1\|10530893673489863187\|1656051904501
.mookie1.com/	1970-01-20 13:29:39	Name: ov Value: 584319293db5644e6816337d5af16f66
.reurl.cc/	1970-01-20 06:10:27	Name: _fbp Value: fb.1.1656051904634.182449745
.facebook.com/	1970-01-20 06:10:27	Name: fr Value: 0gbYJnlZ3dm2LDLYP..BitVjA...1.0.BitVjA.
reurl.cc/	1970-01-20 04:44:03	Name: CFFPCKUUID Value: 6735-perDSThwwXSmfQxfHCqTWwShZJXmjPb9
.reurl.cc/	1970-01-20 04:44:03	Name: CFFPCKUUIDMAIN Value: 3352-TRrJqSohemY4oTyROkhAELbrCNhk7VpX
.hinet.net/	1970-01-20 21:32:03	Name: uuid Value: 1fec7629-e5d0-4770-bc96-84aa1807b2e3
.reurl.cc/	1970-01-20 04:02:18	Name: _ht_50ef57 Value: 1
.reurl.cc/	1970-01-20 04:00:55	Name: _ht_em Value: 1
.c.appier.net/	1970-01-20 12:46:27	Name: _auid Value: N6PniqW5Az6UUrExwVi1Yg
.doubleclick.net/	1970-01-20 13:22:27	Name: IDE Value: AHWqTUm3FRrBMMP1Lo12gSvofAKU8oyNeSkhtWtyuYYV6y7PyITeeFxOFkc4aIVreyo
.holmesmind.com/	1970-01-20 04:21:59	Name: R Value: null
.holmesmind.com/	1970-01-20 06:25:49	Name: G Value: we3u7ZGJymKY5J47cKd8kQ==
.holmesmind.com/	1970-01-23 19:37:49	Name: d Value: /jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
.reurl.cc/	1970-01-20 04:02:18	Name: _ht_hi Value: 1
.reurl.cc/	1970-01-20 12:46:27	Name: __htid Value: 1fec7629-e5d0-4770-bc96-84aa1807b2e3
.lndata.com/	1970-01-20 12:46:56	Name: admckid Value: 2206241425071795163
.aralego.com/	1970-01-20 12:46:27	Name: sspid Value: 257c8017-8769-3330-98ad-ff7bb658567a

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

16453c646dc8bcc444ddd022bc7b3391.safeframe.googlesyndication.com
19e72da6586dc9f78496c79497de15c0.safeframe.googlesyndication.com
1fec7629-e5d0-4770-bc96-84aa1807b2e3.t.ssp.hinet.net
62654d01-df33-49b1-a060-210113bab332.t.ssp.hinet.net
7ab8616f7bce8d803f3fbcd11a78b642.safeframe.googlesyndication.com
ad.holmesmind.com
ad.turn.com
ad2.apx.appier.net
adcdn.holmesmind.com
ads.aralego.com
ads.avct.cloud
adservice.google.com
adservice.google.de
bidder.criteo.com
blog.alphaloan.co
c.holmesmind.com
ccm.holmesmind.com
cdn.aralego.net
cdn.holmesmind.com
cdn.jsdelivr.net
cdn.rawgit.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cm.lndata.com
connect.facebook.net
creditcards.com.tw
dclk-match.dotomi.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
fcm.holmesmind.com
fp.holmesmind.com
gocm.c.appier.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i0.wp.com
ib.adnxs.com
image6.pubmatic.com
img.gbyhn.com.tw
img.racingcharger.tw
m.holmesmind.com
match.360yield.com
match.adsrvr.org
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-asia.creativecdn.com
prebid.scupio.com
r.turn.com
reurl.cc
s.ad.smaato.net
s0.2mdn.net
securepubads.g.doubleclick.net
static-tagr.gd1.mookie1.com
static.criteo.net
static.wixstatic.com
static.xx.fbcdn.net
stats.g.doubleclick.net
storage.re-news.tw
storage.reurl.cc
sync.aralego.com
sync.mathtag.com
sync.search.spotxchange.com
sync.teads.tv
t.ssp.hinet.net
tpc.googlesyndication.com
tw-gmtdmp.mookie1.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
x.bidswitch.net
fcm.holmesmind.com
103.132.192.30
104.18.19.126
104.36.113.23
104.90.161.232
116.50.36.71
142.250.185.66
142.250.186.162
159.122.14.34
162.210.196.208
172.104.105.5
172.217.16.130
178.250.2.131
18.156.0.31
18.193.237.214
185.29.132.241
185.33.220.244
185.94.180.126
192.0.77.2
192.0.78.187
192.0.78.244
2001:4860:4802:32::178
2001:678:cb4:bbbb::11
203.75.214.136
210.59.219.181
23.75.245.170
2600:9000:2156:4200:1b:5138:8a40:93a1
2600:9000:2156:8a00:3:1794:2540:93a1
2600:9000:2156:d000:0:e06c:e940:93a1
2606:4700:20::ac43:47fe
2606:4700::6810:5714
2606:4700::6811:180e
2a00:1450:4001:801::2004
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2001
2a00:1450:4001:811::2003
2a00:1450:4001:812::2001
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2006
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a00:1450:400c:c0c::9d
2a02:2638::3
2a02:fa8:8806:12::1370
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:d018:d29:3602:cba9:630b:f07c:688c
2a06:98c1:3120::3
3.33.220.150
34.102.176.152
34.117.219.39
34.149.98.30
34.96.119.68
35.185.130.121
35.201.76.93
35.227.202.26
35.227.249.156
35.244.159.8
35.244.196.223
51.89.9.251
52.17.116.244
52.197.44.129
52.198.234.122
52.58.8.248
54.229.65.185
69.173.144.138
84.17.46.53
85.114.159.93
003c6c7476d2158d18f48473e7071c87f48e8e1cf957343020a148c97ba30482
008480ff77aa23e1598bdedbfe3cd828079c7ac5f405856eddd32ce1cef4615b
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00fc5eede87ce2644e673193b3ffce854cad06f548d8a6057acce9c0dbef3b2d
0240f389d70ce252e33c27493ec6c0c7f13222d2a97324effb020c4bb4f4e5d2
02fcf704d3a53d4f40e5eac7b60e273e1434fe0524b4f708556dc3549fa929e5
0314caa2089f146723222b566c32e3653daf6cfa046a1ae38e45dee639408615
040ba40bf7b0caa6844e534bec643802ad7f655f57f09ba15f326ad45335ad9e
051141599f128f399f2cd53514ee1c28ba9d269ce1b065ba81dcc4b11a5d3b02
05d5543ac8a9a947453868162c7a1e04507a690f0694c65db9318c50832b83c2
077da27c1a4741f912e7d2467e0e01d86bdc2fd620f78f2b1eec13f380bbc55b
07b6ef4b8ac233279c3dee075dba88467584f27907d47f325508509799f857e9
07b8f9434d671190e1afc776004b7b7cb604e018c18aa3afd7fcb33a15c09bc9
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba07ffb26836c09a3fc13162d2acfb67d49bd66b74e948f18a4cbc813d2d468
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
10407b8212733e00354b330f4e4790764e6bc187a9d2b6b62b27aeb387bc268b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11d82e2a37443898cee73b856766a4a4b7043eaa260631d81304ed8fcbbdfaf0
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1291c3d774415b830ea3f2c5ce78d160485606386d08a878c87f41ccdbe4a73f
12e46b645dde5408be7fc6f4ce9647addac5d09c5f27dc8e3ffe9e07e6c9a935
136849942f455b10202728809aaa4700b83b8bce17adc0a2e7ed3a0900549f8d
1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e
14c881341b3f1f369d16a5d213b5883f80fa6557013e95de5e95f4ea7e1877bc
1635767d7568e97bda363053c5037ccb19014367d44d7bb4815aa112f9101e1a
172a0bb0d8a0670909e1036587abf27b626f249f64ab6b1909afeb2da1edb4d9
1881f2c894343bf7d1fa4b6e0bab56b4853b57ee4756212087f869d36c8fd3d9
18c3c8696d111a522175c9805103f786ee0dc390fa029ee4b012882f03268131
1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced
21f132eacc2adf061517872fad22e205bf15966adb0376edae16617736d6f64c
26264b568ab4d0f2ff06e992efae6d5b552fa3bb73e7aff2c51a23b1248b08b0
27464fe31a17fa6accd1d4b1fa30785145c9950665b2eb47d4cb447bc0ed381e
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2950bc3fd628cb8a8c6b1367f664e31353a6ff9edd99c3f2831ce548610a05b0
2cbee1ceb3c7c5e71d28e7aec13053f53de07995ad478d2ea7b25c97ad01c6f7
3117ea4f1639013455170390ca14410f16de5228aa82a2a3826a029b3ae060c7
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33fc12f83bedfa1aade8ecf2eb069635b391475b6d93e4d3613f6a7649d04a14
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6
36e1203653419a6244b62207c267e088a9d0f755c15aaa5b59e4c78593cc8ac3
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97
42176dd8bba6d2b3043429bc0f0401f069e2c8e3e2642fa3f2cfef58cad0071b
43e54afd88ff31836c28e4b238a2d9e42bd42101884a7cf8b84e4913475dcc1c
43eb7db8b51fc562c77586523f2b6ec4bc38b3b8ef81b46732d567ab21d79b59
4690143c65caa910be20d73442a56a50f7790df89fede0778f9379624b1427fb
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c55a3eec777695404fa1a0e707a3ed28e0a9f71e1025f9355993d4301ea0c1
4b52781951c70cc8a2ae2afdaac5d673c656c3be0f1c769fa6c1e9e4f5ed8d3b
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d7160a9e766f96fda70ba20aee88984959f3884070adb286ee3cc6742f3a2fb
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e711c99d82fdd56f43e884e572646b64f1d43c33c89e01050553b25e834d8ea
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5169bf65d818e4f65180d86cf98ffb9a3fc873ed74450b6dbf6b6b2ccb009619
52dcd184984657840c109f8707e4d742f1c3861663fe7481801d671163adc5fd
554b9ec8fe3675e6c6dd12fbba20fb9f774c5ee584434796aa1e0875b001d294
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5633db8a7b67fd33a591df74e0c3f091aebf7f4e115e1219d172c16e4475210d
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
5c9b0652899d3687ea14076efe8f4144d1317fe1073dd7f1e87af7413408339a
5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549
5eab24d57b85d2c2ff0c272c49a23cfe36aac55ddf01cf1b5094a8c06d1c3daf
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61d1ab40f2210d2d2a3f0e1d46fe47dbf5a92121eca40cdb2bbd42db22b77ca8
62a62225a4e6e5ea098b9ed6aa19c2149880cbd6d3e0314f2b875a32b1f8ce25
640bc5966402f9283ba2ddfab231b7c98d71257fbd23a0e09623f0879ddf9b4f
66da7d095d3ca20f29a973167ba48a9e398db880060bcbe5f7731db1171befca
67cb636a8d2b09c9d1b59b8013b9c490fdd8b5064335bf3a1a375c85ba3668b9
68ada4a2165a996d3926bd7be842770bf1c0ee5ac9d52d97de09f960ce07663f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b24d467c5486a0485ec8d5f5c946b91aa605f3cc5c354bb74c61746dc80285d
6cf4be50613224f3f8864519dd2dafa49a61d41d86181c913364676591938eb2
6d06372c0d5778d8c41d2742dfedbeec065d8f7be6a4b0c61876f47872fca37b
6e9ab8ab1d57a0695a66577e348ae4343e1a92f70cb4835a52c4863f11114037
740cb16b2bfb96a666595df4d64f37646447e56ebf2be11c2c4d2496244d8dc9
75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2
75e1ac6947461280b4b1b64c568c458dffec1fe86d9905f406d6267ae5b56fda
7ea014dbd2141838e64f839656dd6eec7e513ebac16b0b811430b3a81b777a58
801d950152c16000c54c7303164bd5857300d473e853a89546c22eda7b3b045f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
84daed9ce4ba56222c15baea3bb440bc7c00b1908b617dc71e5a937c965f7618
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
850a150239aa319a9c772f1e6e71c15680d670c980c3daf41734c6ce8e0e8255
874847e8c027267545c21fe342e0f5803919669ad5ee18fd0b6940df0852bfb6
88595841f654879ddbb3e8774856bab15a53ec583d093150522db39ef390dd7b
886df2c17ea75d0654cd8053a98dcc745b5800ab1e3ef934f162a3fd047f6f4a
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b322fd88e26f23d89c275efe56b4153928060a4206f03683e1c20c20de6959c
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
918107640362e7d0964540d5e97d3b27bfa6d4c3669114fabb3ea1497c66d3ba
93ce6a6c55d11da55a1682c0f34ece7daefd175ef724c3b80c38a2cfe42a9df2
972198b02b9e13cc91f17a0e0cea3af056c3ad7fc8eb79d4881c9dc427ca8aa9
99e285ab2d2bf5223d57b5f3eda1c9c33439ffb6fe35f2ff2c7ebf750c368ba7
9a4701dc0687fb81d0feede739e6bdc70f1b43176808b14614905b0bcef04123
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b78e53c08e957d3c108aca00801eb75b820eb311cc7882c8a7905fba96aeda7
9c8c0ac19964706e18280f35973180a896d74c52c760c2d7047d6a94c1329a6f
9ed46f0e5d470a72e788ff9649708fb83b211c667e019e7cec1348cc8e802382
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ad79f8595bd0e292ee596db63d06f80e8a3ec4a6cf84621a4d2af673562a87
a2e3a7131ebe4f34610b7d51a222cd293e2420fdee1f5e8e9e564b14cb8dd2ae
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a51eaeadf23008c9964ce532503c26970de1edcc77b499e5f6dda90c70f18f37
a5284b1fa09f5ea2cd57aa7a7e14f69de4c4937f681320c197f587d752ebf1d9
a7232fcb8bdad8b055aef4fc67a7a4503bad76f43790f76f5530c97d690bd951
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a93f716cf27b006ca9b1cf4379be09a005335f365b3295659a07733c6c2127e1
abe23de190e605c87e6fd65509a6e585ebcaf26ba2944877e922123169d310f8
ae259b9ba9c1746b10122d79cc51bf0fd4db2790ac0cf5cd1c10845a99d2dbf3
aeb63af102f5c2c830253e989845a55307bf225c46e0e47bca4f8422b7750a99
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afc3261eac9e8f5606c513fa7c62f5add4200b8d171d1972f11abe2ec1a0ac41
b0e891bacbda12a233f60767408d14e08c11e6cb8d7827789c3b8c87992ff2ba
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1dd3020beeb52ce820248834024fb863a8cb424fa5e4d08ca5fc60524e24831
b2324bcdbffcd85c43fddf6cbfc11c64a89336411875b990158fbd53381cb36d
b4d8f353c6fff8c0ddbab6d7320f5a19dc698033d30c98a8f9655e1a3a0c28cf
b75b3b21ae775a45091f0e3bf542ad86aa9b243dc2d6548d85090c79a1ccf68b
b9b1760aefea0e51c23b7c1be73e6a8389a17d7a6c48dd97d86a62e73a4cbc3e
baa8cd9079f3a6c2cf07cf5aa88d98d8f9f6e3010129ecbf8170877877942bd0
bacdba5098bbf3fccb394a4bdd9d9bf796ee2cefb861761e3bdc2894fde7a409
bd17c1a2d94bfa73b260ea43aaaa9d7cee669eb4ca9ed0a742775c8c2edb12f7
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
c4e7a085e9dc7b7855f8f8712ca49743e950bc576587102feb107945f99d5f1f
c50a4d6505f1216962db6a855d60ebf08222fa6c286e7f21699c002d81b3cd9d
c735ff87872fe6dc846929f596c39f30c803b5a056c88cd037b995c94c48b75d
c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd
c9cf4b5748de4e4493c46a708346b4cdbb9c64ea0b10326abb22a0b42aa8caaa
cd12dd695fefd532396b9788fc6caf3ba4230accd5d0a25db9593b6043c533f6
cd42c2aaf9bb3ea7ad6ea15458266d65693e6b7d01e280f12bcdd1a7e0ce6133
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d500d2f127bd65fa6b689563c2c6f930a8b3094a119a1ffbd605a5716f195933
d541f77dd45df41c827a1c2b2899696c336c7bb3a1a06422d66ca4f37454258e
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
d5bdbd2b5059b1b2f8c1f9ed994af05e0c97c9d55d30fcbde876229ab1492d11
da73894b515e6dbcdc760ceb8d0c4fd4e74dbc42a48ef526e53495eb493f37e3
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
db6352d4320162bbde815b84c05ef48eacd003b00c9581aae07e9ebddceb6783
dbb1b5e8aa9320c80bca6dc229254a504996781219fcfdfea7265424310df352
dd062706559b7342963a57eff44c720e493fb1a69b8b27a3815728c0cde8ee02
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32
e32272da242ceb6ecfad754975bc09782c6229a7a46c58e46cec347aab22be64
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e4e303bee9152bd487e324a9abeebc77b8e9323396d1fb4c4895577da5fede4b
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5eea9d861ec6f5cbdf98d058098b02920b77cfc44bd788df4fe83654e5c5e13
e830fb2cd84ed7cc6eb54b4f7b682ddc8bf7dfe2bc02c3662631f0ee9abda2b7
e98f575bfb9e8dff113ccf44e7cacddc5430bcee1893b55494a76c6ce886bf68
ea086ff182cf2762b9d0c19f7cc9c150619c05704dc3a6fc1f606be79e629a17
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efacd0600035f059df3b98bce6d6c9dd250a86fd0c15ff57e7ee6665380dc580
f1427296f508f7a81af11a9056693af862366b346ac53ca80ec0e708e90bba0c
f295d0c7923cbf2d41fc7202823928c3b24103f7e2c19f75e124a648b62f8b6e
f3481bf12191837d5e19d9526f18fd20fc88395a403c1a0b098eeef10a7f56ab
f3dc6384535eaf8d59617589a4a74f52cbd67ee439cb828f951ec528295699bf
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
f8612be9d6d333fae7f6730a085630e6170f2d0efea301fb86f117b5504d0c8c
fb1004dcdd9e9acefb4aa29ef674505cff55f7a0854ef08b0d5911e2f1b3ca76
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
fd3fffc6d6dba71bf9c9c368f4ad5d95bcb419fabda1430cfb23e98aa3803a31

reurl.cc Open in urlscan Pro 35.185.130.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

429 Requests

89 %HTTPS

38 %IPv6

53 Domains

78 Subdomains

56 IPs

8 Countries

4843 kBTransfer

9226 kBSize

30 Cookies

19 Outgoing links

Page URL History

Redirected requests

429 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reurl.cc Open in urlscan Pro
35.185.130.121 Public Scan

Screenshot
Live screenshot

Full Image

429
Requests

89 %
HTTPS

38 %
IPv6

53
Domains

78
Subdomains

56
IPs

8
Countries

4843 kB
Transfer

9226 kB
Size

30
Cookies

429 HTTP transactions
3 data transactions